Security Subsystem Development Information
Here is the documentation that is needed to understand how the security subsystem is working.
Contents
1. Architecture
To handle all the different needs of the services the design desicion put to the specific service controller layer. The general service configuration specifies which authentication method should be used. Based on this specification the OGCFrontController decides the implementation and delegates to the concrete requested subcontroller. Every subcontroller has a security package to encapsulate the management of the security itself. Regarding to the need how the security of the controller should be handled there are different implementations possible. The only additional modification in every subcontroller is to specifiy the implementation of the security manager and how it should process on the concrete operation.
For example in WMS there are some critical informations included in the GetCapabilities response. Or it should be possible for an exclusive community to do GetMap requests on specific bounding boxes or on specific layers. Whereas in CSW it is not critical to do a GetCapabilities request for anonymous users.
In case of a request to a secured WMS via HTTPBasicAuthentication, the OGCFrontController delegates the request to the WMSController. The WMSController do the operations via the concrete WMSSecurityManager implementation. If the credentials match for the operation and there is access, the operation can be queried otherwise there is a HTTP specific fault message respond (but this depends on the implementation).