next up previous
Next: Internal structure Up: Developer Guide for EDG Previous: Example of a complete

Authorization Filter

The Authorization Filter is a javax.servlet.Filter that operates as a coarse-grained authorization module for the protection of any Java servlet. It is inserted in the servlet chain of a web application, in front of any resource that requires authorization protection.

The filter examines every incoming servlet request. It extracts the client certificate and the optional policy and role parameters. It passes the subject DN of the certificate and any optional parameter to the Authorization Manager, and receives back the result of the authorization operation:

The filter also creates a SecurityContext, accessible through the SecurityInfo interface, where it stores the following information:

Figure: Authorization Filter in the servlet chain
3#3



Subsections
next up previous
Next: Internal structure Up: Developer Guide for EDG Previous: Example of a complete
2004-07-02