The HTTP Header filter can be used in cases where
the Enterprise Gateway receives an end-user's authentication credentials in an HTTP
header. A typical scenario would see the end-user (or message originator)
authenticating to an intermediary. The intermediary authenticates the
end-user and in order to propagate the end-user's credentials to the
destination Web Service, the intermediary inserts the credentials into a
HTTP header and forwards them onwards.
When the Enterprise Gateway receives the message it performs two tasks:
-
Authenticate the sender of the message (i.e. the intermediary)
-
Extract the end user's identity from the
token in the HTTP header for use in subsequent Authorization
Filters
It is important to note that in the case outlined above, the Enterprise Gateway
will not attempt to
re-authenticate the end-user. It trusts the fact that the intermediary
has already authenticated the end-user and so the Enterprise Gateway does not
authenticate the user again. It is a good idea, however, to authenticate
the message sender, i.e., the intermediary. Any subsequent Authorization
filters will use the end-user's credentials that were passed in the HTTP
header.
|