Back to Security Pattern Catalog

Secure Service Proxy

Classification Key : Core Security


Adaptation of existing systems to newer security protocols is a standard practice in software maintenance. In case of SOA, you want to expose your existing system as services that interact with other services, but their security protocols do not match. How can you efficiently integrate with existing security protocol without going back to rewriting the entire system?


Provide security service as a wrapper. Intercept all the requests from clients, identify the requested service, enforce the security policy as required by the service, optionally transform the request for the inbound protocol to that expected by the service, and finally forward the request to the appropriate destination service. On the return path, transform the results according to outbound requirements. Externalize the addition of security logic to existing applications.

Known Uses

Pluggable PGP module.

Related Patterns

Intercepting Web Agent, Secure Message Router


Sun Book


Maintenance, Proxy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz