GCube Security Handler
Overview
GCube Security Handler is the Connector between the Authorization Module and the rest of gCube system. In particular it is a gCore module which intercepts the requests for a service and ask the Authorization module if the caller is authorized.
Key features
- Workflow structure
- The architecture of the module is generic: it is potentially possible to configure different task in order to check different security related features. Currently the module uses only a single task to contact, by XACML requests, the Policy Based Security Facilities.
- XML configuration
- The module is configurable by gCube container configuration files
Design
Philosophy
The module represents the connector between the Policy Based Facilities and the rest of gCube infrastructure. It is a flexible and extendible component which is strictly integrated in gCube platform: every request for the container is intercepted and triggers the start of the workflow.
Architecture
The component works like a workflow engine triggered by every request received by the container. Every task of the workflow ends with a response which could be true or false: if all the responses are true, the request is considered authenticated and authorized. If one of these response is false the workflow stops and a security fault is returned. Actually only a task is called: this task contacts the Policy Based Facilities, which, basing on the policies defined, takes a decision on the request and provides the response. The request contains a set of user related attributes (currently, only the VO related Role), a resource value (the name of the service or resource requested) and an action (the method requested).
The GCube Handler is the element which intercepts all the requests and passes it to the Security Handler.
Deployment
GCube Security Handler is a module deployed as library in gCore platform
