OpenSSO Enterprise Policy Agent 3.0: Processing Requests
By Identity Writer: J Domenichini on Oct 31, 2008
I have included two images of flow charts in this blog entry that show how a request for a resource is processed: one image is web-agent specific and one is J2EE-agent specific.
These charts show the possible scenarios that can take place when an end user makes a request for a resource. Therefore, the end user points a browser to a URL. That URL is a resource, such as a JPEG image, HTML page, JSP page, etc. When an agent is configured to protect that resource ("protect" is not always the correct word, but the agent has a role to watch the resource anyway), it intervenes to varying degrees and checks the request. The situation might be that all requests are granted for that particular resource. Maybe then the request is logged and maybe it isn't logged. Hopefully, the flow charts reflect the key details.
Coming up with a flow chart that provides just the right level of detail is a tricky proposition: too much detail and the image is too complex; not enough detail and the image doesn't provide much useful info. Anyway, after getting much input from developers, this is what I came up with.
The flow chart that follows illustrates how a request for a resource
is handled by a web agent. Therefore, the web agent is protecting resources on a web server or web proxy server. The flow chart shows the processes the web agent goes through to protect such resources.
How a Resource Request is Processed by a Web Agent
The flow chart that follows illustrates how a request for a resource is handled by a J2EE agent. You can see that the J2EE security that is available in application servers (though J2EE agents often protect resources on portal severs, too) adds a layer of complexity to the chart. The J2EE agent flow chart also shows how the filter mode setting affects the processing of a request.
How a Resource Request is Processed by a J2EE Agent
11/01/08: The flow chart in the link that follows was updated today. The "Yes" lines coming out of the top right side were not aligned properly. The problem has now been fixed. However, the print was too small and difficult to read. Therefore the image has been split into two (see below). It should be easier to read.
To see the two images combined as one, see the following: Single Image.
following two flow charts were just updated today. The original chart has been split into two to allow the text to be larger. Hopefully, it's easier to read this way.