Intercepting Web Agent
Classification Key
: Perimeter Security, Information Disclosure
Problem
Security is often postponed until after the functional pieces of the application have been designed. After an application is deployed, it is very difficult to implement the authentication, authorization and auditing mechanism.
How can you retrofit authentication and authorization into an existing web application?
Solution
Provide authentication and authorization outside the application. Use an intercepting agent installed on web server and provide authentication and authorization of incoming requests by intercepting them and enforcing access control policy at the web server. Isolate application logic from security logic.
Known Uses
Implementation of policy using an external policy server.
Related Patterns
Secure Service Proxy
Source
Sun Book
Tags
Access Control, Policy, Authentication
|