Policy Enforcement for Proxy Ports

Back to WAMulator Architecture

When requests are received on the proxy port (http) or proxy-tls port (https) the WAMulator delegates to an instance of the RequestHandler class. That instance lives for the duration of a single http request and response cycle and is then discarded. To enforce configured Policies, Request Handler must first associate the request with a specific configured policy and then identify if the request meets the conditions of access for that policy. To do so it must take several steps.

Finding a <by-site> Matcher

Internally, the WAMulator represents access configuration in a an instance of TrafficManager. RequestHandler delegates to TrafficManager to see if the request matches the scheme, host, and port of a configured <by-site> element. Each <by-site> element is represented by an instance of SiteMatcher. For each <by-site> element a SiteMatcher is created and placed in TrafficManager and knows the scheme, host, and port allowed for that <by-site> element. Finding a SiteMatcher for the request is the first step toward finding a policy for a given request.

Determining Unenforced versus Restricted

In addition to the scheme, host, and port, SiteMatcher is a container for several classes of objects used for the next step. These objects are associated with declarations in the policy configuration file for a given <cctx-mapping> element. The cctx-mapping element represents an application and defines where requests for that application will be proxied. For requests to be considered part of that application they must match the URL path requirements of the cctx-mapping's policy configuration file. To be proxied to the backing application server, such requests must then meet corresponding access requirements in the same policy configuration file. The thost and tport ... to be continued...

Determining Conformance to Controlled Access

... to be continued...

delegates to several architectural components to identify if the request matches any poKey steps taken by RequestHandler are:

For the SSO traffic, RequestHandler further performs these steps to enforce access restrictions for URLs based upon configured policy.

... tbc

Back to WAMulator Architecture

This page was last modified on 24 March 2014, at 10:27.

Note: Content found in this wiki may not always reflect official Church information.