org.glite.security.voms.service
Class InitSecurityContext

java.lang.Object
  extended byorg.glite.security.voms.service.InitSecurityContext

public class InitSecurityContext
extends java.lang.Object

The InitSecurityContext is and AXIS handler that can be put in a request flow in front of an actual SOAP endpoint that it initializes the SecurityContext.

Currently, only the case of SOAP over HTTPS with client authentication is supported.

Configuration (Tomcat)
The handler is invoked by first defining a handler in the .wsdd file:

 <handler name="initSC"
     type="java:org.glite.security.voms.service.InitSecurityContext">
 </handler>
 
For the servlet in question, a request flow is the defined:
 <service name="TestService" ...>
    <requestFlow>
        <handler type="initSC"/>
    </requestFlow>
    ...
 </service>
 

Author:
Karoly Lorentey

Field Summary
protected static org.apache.log4j.Logger log
           
 
Constructor Summary
InitSecurityContext()
           
 
Method Summary
static void setClearContext()
          Initialize a clear security context, which will fail on all security checks.
static void setContextFromRequest(javax.servlet.ServletRequest req)
          Sets up the client's credentials.
static void setDelegatedContext(java.lang.String delegatedDN, java.lang.String delegatedCA)
          Initialize and set delegated admin's security context.
static void setInternalContext()
          Initialize and set internal admin's security context.
static void setLocalContext(java.lang.String host)
          Initialize and set local admin's security context.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected static org.apache.log4j.Logger log
Constructor Detail

InitSecurityContext

public InitSecurityContext()
Method Detail

setContextFromRequest

public static void setContextFromRequest(javax.servlet.ServletRequest req)
Sets up the client's credentials. This method sets the current SecurityContext to a new instance and initializes it from the client's certificate. It also sets the remote IP address property.

If the certificate is invalid, or there is some other problem with the client's credentials, then the distinguished name and CA will be set to null, unless the client is from localhost and the configuration option voms.localhost.defaults.to.local.admin is true. In this latter case, the credentials will be set to that of the Local Database Administrator.

See Also:
SecurityContext

setDelegatedContext

public static void setDelegatedContext(java.lang.String delegatedDN,
                                       java.lang.String delegatedCA)
                                throws VOMSSecurityException
Initialize and set delegated admin's security context. This method should only be used in restricted cases, because it effectively overrides the credentials with user supplied values!
To make it as safe as possible one has to configure the voms.fully.trusted.client.for.delegation.dn and voms.fully.trusted.client.for.delegation.ca values to enable this functionality for one trusted service.
Enabling this feature is the equivalent of giving the database password and link to the remote service. Use with care, and only if you really know what you are doing!

Throws:
VOMSSecurityException

setLocalContext

public static void setLocalContext(java.lang.String host)
Initialize and set local admin's security context.


setInternalContext

public static void setInternalContext()
Initialize and set internal admin's security context.


setClearContext

public static void setClearContext()
Initialize a clear security context, which will fail on all security checks. It is intended for non-authenticated requests.