The WPS Interceptor

WPSFilterCapabilitiesInterceptor

• Interceptor for WPS GetCapabilities request
• Filters unauthorized processes from the capabilities
• Resourc:
  • /process
• Action: /operations/GetCapabilities

WPSDescribeProcessInterceptor

• Interceptor for WPS DescribeProcess request
• Requests the rights for every requested process.
• Resourc:
  • /process
• Action: /operations/DescribeProcess
• If one process is denied, an EnforcementServiceExpetion is thrown

WPSExecuteInterceptor

• Interceptor for WPS Execute request
• Decides whether the execution of the process is allowed for a user or not
• Resourc:
  • /process
• Action: /operations/Execute
• If the requested process is denied, an EnforcementServiceExpetion is thrown

<SimplePermissions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.52north.org/security/simple-permission/1.0">
   <PermissionSet name="WPS Permission">
         <ResourceDomain value="http://localhost:8080/wss/*/WPS"/>
      <ActionDomain value="http://localhost:8080/wss/*/WPS"/>
      <SubjectDomain value="urn:n52:security:subject:role"/>
      <Permission name="alice_all">
         <Resource value="/process/*"/>
         <!-- Any operations allowed -->
         <Action value="/operations/*"/>
         <!-- Any operations -->
         <Subject value="alice"/>
      </Permission>
      <Permission name="bob_protectionindex_Capabilities">
         <Resource value="/process/protectionindex"/>
         <Action value="/operations/GetCapabilities"/>
         <Subject value="bob"/>
      </Permission>
      <Permission name="bob_protectionindex_DecribeProcess">
         <Action value="/operations/DescribeProcess"/>
         <Resource value="/process/protectionindex"/>
         <Subject value="bob"/>
      </Permission>
</SimplePermissions>

Demonstration Video