Back to Security Pattern Catalog
Intercepting Web Agent
: Perimeter Security, Information Disclosure
Security is often postponed until after the functional pieces of the application have been designed. After an application is deployed, it is very difficult to implement the authentication, authorization and auditing mechanism.
How can you retrofit authentication and authorization into an existing web application?
Provide authentication and authorization outside the application. Use an intercepting agent installed on web server and provide authentication and authorization of incoming requests by intercepting them and enforcing access control policy at the web server. Isolate application logic from security logic.
Implementation of policy using an external policy server.
Secure Service Proxy
Access Control, Policy, Authentication
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz