|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.apache.axis.handlers.BasicHandler | +--org.edg.security.authorization.SOAPOverHTTPAuthorizationHandler
The SOAPOverHTTPAuthorizationHandler is and AXIS handler that can be put in a request flow in front of an actual SOAP endpoint that needs authorization protection.
The AuthorizationManager
is used for the authorization
operation. The authorization result (a string) is stored in the
MessageContext
which is passed on to the service. The
SecurityContext
is updated as well, so it contains the
complete list of all authorized attributes.
Currently, only the case of SOAP over HTTPS with client authentication is supported.
Configuration (Tomcat)
The handler is invoked by first defining a handler
in the .wsdd
file:
<handler name="authzHandler" type="java:org.edg.security.SOAPOverHTTPAuthorizationHandler"/> </handler>For the servlet in question, a request flow is defined:
<service name="TestService" ...> <requestFlow> <handler type="authzHandler"/> </requestFlow> ... </service>Supported handler parameters:
Parameter "name" | Parameter "value" |
---|---|
contextPathID |
Name of the context path of the web application |
Log4jConfigFile |
Pathname of the configuration file for logging. |
authzManagerConfig |
File containing the AuthorizationManager configuration. |
authzManagerConfigElement |
The XML element in the file that contains the Authorization Manager configuration. If not defined, the root element is assumed. |
authzManagerDefaultPolicy |
The Policy of Authorization Manager to be used by default by the handler. If null, the default Policy of Authorization Manager is used. This parameter is overridden by the SOAP header element containing the Policy requested by the client. |
shortcutOnError |
"true" or "false" . If the client is not
properly authorized (for any reason), the handler shortcuts the request
flow and returns an error to the SOAP requestor. |
authzAttributeName |
The name of the SOAP header element containing the requested
authorization attribute. Default is role . |
authzAttributeNameSpace |
The name space of the SOAP header element containing the requested
authorization attribute. Default is http://soap.edg.org/security/authorization . |
authzPolicyName |
The name of the SOAP header element containing the requested
authorization policy to use. Default is policy . |
authzPolicyNameSpace |
The name space of the SOAP header element containing the requested
authorization policy. Default is http://soap.edg.org/security/authorization . |
authzVomsName |
The name of the VOMS header element. Default is voms . |
authzVomsNameSpace |
The name space of the VOMS header element. Default is http://soap.edg.org/security/authorization . |
authzContextName |
The name of the value in which to store the authorization result.
Default is org.edg.data.securty.authorization.value |
silent |
true or false . Controls the logging behavior of the handler.
Default is false .(Log message level configuration is controlled by the standard Log4J procedure.) |
AuthorizationManager
,
BasicHandler
,
Serialized FormField Summary | |
protected java.lang.String |
myAttributeHeader
|
protected java.lang.String |
myAttributeHeaderNameSpace
|
protected java.lang.String |
myAuthorizedValue
|
protected java.lang.String |
myDefaultPolicy
|
protected boolean |
myIsInitialized
|
protected boolean |
myIsSilent
|
protected java.lang.String |
myPolicyHeader
|
protected java.lang.String |
myPolicyHeaderNameSpace
|
protected java.lang.String |
myVomsHeader
|
protected java.lang.String |
myVomsHeaderNameSpace
|
protected boolean |
myWillShortcut
|
static java.lang.String |
theAttributeHeaderName
|
static java.lang.String |
theAttributeHeaderNameSpace
|
static java.lang.String |
theAuthorizedValue
|
static java.lang.String |
theAuthzManagerConfigElementParameter
|
static java.lang.String |
theAuthzManagerConfigParameter
|
static java.lang.String |
theAuthzManagerDefaultPolicyParameter
|
protected static org.apache.log4j.Logger |
theLogger
|
static java.lang.String |
thePolicyHeaderName
|
static java.lang.String |
thePolicyHeaderNameSpace
|
static java.lang.String |
theSilentFlag
|
static java.lang.String |
theVomsHeaderName
|
static java.lang.String |
theVomsHeaderNameSpace
|
static java.lang.String |
theWillShortCutConfigParameter
|
Fields inherited from class org.apache.axis.handlers.BasicHandler |
log, makeLockable, name, options |
Constructor Summary | |
SOAPOverHTTPAuthorizationHandler()
Constructor for SOAPOverHTTPAuthorizationHandler. |
Method Summary | |
protected java.lang.String |
getHeaderValue(org.apache.axis.MessageContext mc,
java.lang.String ns,
java.lang.String name,
java.lang.String defaultValue)
Convenience method to extract a value from an optional SOAP header or return default value if empty or non-existent. |
void |
init()
|
void |
invoke(org.apache.axis.MessageContext mc)
Authorizes the authenticated user by using the user's credential(s) along with any information specified in the 'policy' and 'role' SOAP headers. |
Methods inherited from class org.apache.axis.handlers.BasicHandler |
canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String theAuthzManagerConfigParameter
public static final java.lang.String theAuthzManagerConfigElementParameter
public static final java.lang.String theAuthzManagerDefaultPolicyParameter
public static final java.lang.String theWillShortCutConfigParameter
public static final java.lang.String theAttributeHeaderNameSpace
public static final java.lang.String theAttributeHeaderName
public static final java.lang.String thePolicyHeaderNameSpace
public static final java.lang.String thePolicyHeaderName
public static final java.lang.String theVomsHeaderNameSpace
public static final java.lang.String theVomsHeaderName
public static final java.lang.String theAuthorizedValue
public static final java.lang.String theSilentFlag
protected static org.apache.log4j.Logger theLogger
protected boolean myIsInitialized
protected boolean myWillShortcut
protected boolean myIsSilent
protected java.lang.String myAttributeHeaderNameSpace
protected java.lang.String myAttributeHeader
protected java.lang.String myPolicyHeaderNameSpace
protected java.lang.String myPolicyHeader
protected java.lang.String myVomsHeaderNameSpace
protected java.lang.String myVomsHeader
protected java.lang.String myDefaultPolicy
protected java.lang.String myAuthorizedValue
Constructor Detail |
public SOAPOverHTTPAuthorizationHandler()
init()
Method Detail |
public void init()
init
in interface org.apache.axis.Handler
init
in class org.apache.axis.handlers.BasicHandler
Handler.init()
protected java.lang.String getHeaderValue(org.apache.axis.MessageContext mc, java.lang.String ns, java.lang.String name, java.lang.String defaultValue) throws org.apache.axis.AxisFault
org.apache.axis.AxisFault
public void invoke(org.apache.axis.MessageContext mc) throws org.apache.axis.AxisFault
If successful, sets the resulting authorization value (a string) in the
MessageContext
. Otherwise throws an error provided shortcutOnError
is set to true,
invoke
in interface org.apache.axis.Handler
invoke
in class org.apache.axis.handlers.BasicHandler
org.apache.axis.AxisFault
Handler.invoke(MessageContext)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |