Defining basic setup pattern
The servlet and filter concept of nevisProxy allows configuring functional behaviors in a flexible way. To not introduce unnecessary components and complexity, a basic setup matrix for nevisProxy is recommended.
The following matrix shows a setup matrix with the following features:
- Use only one IdentityCreationFilter per SSO domain
- Use a role- (not application-) based model to authorize access to content providers
- Use well-defined propagation profiles to be able to easily document modifications of the protocol headers by nevisProxy
Global resource | Authentication (IdentityCreationFilter, 1st filter mapping) | Authorization (SecurityRoleFilter, 2nd filter mapping) | HTTP header propagation (DelegationFilter, 3rd filter mapping) | Connector (ConnectorServlet, servlet mapping) |
---|---|---|---|---|
/url1 | SsoAuthentication | - | DefaultProfile | Appl1Connector |
/url2/some | SsoAuthentication | AdminAuthorization | - | Appl2Connector |
/url2/other | - | - | - | Appl2Connector |
/url3 | SsoAuthentication | - | - | Appl2Connector |
The rows from left to right follow the exact processing of requests by nevisProxy. Resource and Connector define the servlet mapping, the columns in between the required filter mappings and their order.