Back to Security Pattern Catalog

Intercepting Web Agent

Classification Key : Perimeter Security, Information Disclosure


Security is often postponed until after the functional pieces of the application have been designed. After an application is deployed, it is very difficult to implement the authentication, authorization and auditing mechanism. How can you retrofit authentication and authorization into an existing web application?


Provide authentication and authorization outside the application. Use an intercepting agent installed on web server and provide authentication and authorization of incoming requests by intercepting them and enforcing access control policy at the web server. Isolate application logic from security logic.

Known Uses

Implementation of policy using an external policy server.

Related Patterns

Secure Service Proxy


Sun Book


Access Control, Policy, Authentication


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz