GSS is a general server application for providing several types of services with several types of interfaces.
Service:
Interface:
You can authorize the interface with a service. You can authorize a service with another service.
GSS Server requires an XML file for configuration. The default configuration file is: <GSS_SERVER_HOME>/conf/gss-server.xml.
You can get the complete XML schema at: http://ilerian.com/documentation/gss_configuration/gss.html
Define Services
Executable Service:
For example, we have a perl script for creating an email address under a domain for our hosting company. Our script works as below: |
Let's introduce a service for this facility.
<executableService name="createEmailAddress" executable="hosting_operations.pl" parameterSeparator=" "> <parameter name="domainName" prefix="create_email -domain=" required="yes"/> <parameter name="email" prefix="-email=" required="yes"/> <parameter name="quota" prefix="-quota=" required="false"/> <parameter name="password" prefix="-password=" required="yes"/> </executableService> |
Define Interface
Let's define an HTTP interface for our GSS Server.
<communication> <httpInterface authorizationName="authHttpUserPass" hostname="localhost" port="1655" /> </communication> |
It binds on host localhost and 1655 port. The authorization of this interface is performed through authHttpUserPass authorization policy. This will be explained on the next section.
You can setup more than one interface type.
All authorization policies are defined in <security> element of the configuration file.
.. <security> <executableAuthorization name="checkHttpUserPass" serviceName="concatUserPass" > <parameterMapping > <mapRow authParam="username" serviceParam="username"/> <mapRow authParam="password" serviceParam="password"/> </parameterMapping> <expectedResult><text>kurtulus123456</text></expectedResult> </executableAuthorization> <executableAuthorization name="repeatAuthorization" serviceName="repeatMe" > <parameterMapping > <mapRow authParam="username" serviceParam="whatToRepeat"/> </parameterMapping> <expectedResult><text>kurtulus</text></expectedResult> </executableAuthorization> </security> .. |
An authorization policy is a connector that gets the parameters from the request and maps to a specified service for authorization. In other words, it executes an already defined service for authorization and use some of the request parameters for input.
An interface or a service can use a defined authorization policy for usage restriction. It is optional to use authorization policies for interfaces and services.
Interface authorization is used for preventing unwanted access on GSS server. GSS provides authorization for your each interface separately.
<communication><httpInterface authorizationName="authHttpUserPass" hostname="localhost" port="1655" /></communication> |
You can control authorization of an interface by referencing the name of an already defined authorization policy on interface definition.
The username and password attributes of the client request are used for Interface authorization.
GSS provides authorization for your each service separately.
<executableService name="createEmailAddress" authorizationName="authDomainOwnerCheck"
executable="hosting_operations.pl" parameterSeparator=" ">
You can control authorization of a service by referencing the name of an already defined authorization policy on service definition.
The request parameters received for the service are also used for authorization process.
The complete xml schema for request XML is at : http://ilerian.com/documentation/request/request.html
<request username="kurtulus" password="123456"> <job serviceName="createEmailAddress"> <parameter name="domainName" value="mydomain.com" /> <parameter name="email" value="[email protected]" /> <parameter name="quota" value="990" /> <parameter name="password" value="hyt939" /> </job> </request> |
This request runs hosting_operations.pl on the server machine with the following parameters:
hosting_operations.pl create_email -domain=mydomain.com [email protected] -quota=990 -password=hyt939 |
The response will include the output of the executable:
<response> <serviceResponse name="createEmailAddress">OK</serviceResponse>e </response> |
The username and password attributes on the request are for interface authorization only.
For the configuration above,
Java Client:
PHP Client