Back to Security Pattern Catalog




Intercepting Web Agent


Classification Key : Perimeter Security, Information Disclosure

Problem

Security is often postponed until after the functional pieces of the application have been designed. After an application is deployed, it is very difficult to implement the authentication, authorization and auditing mechanism. How can you retrofit authentication and authorization into an existing web application?

Solution

Provide authentication and authorization outside the application. Use an intercepting agent installed on web server and provide authentication and authorization of incoming requests by intercepting them and enforcing access control policy at the web server. Isolate application logic from security logic.

Known Uses

Implementation of policy using an external policy server.

Related Patterns

Secure Service Proxy

Source

Sun Book

Tags

Access Control, Policy, Authentication


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz