Logo of 52°North

52n WSS: Restrict access to your OGC Web Service

The 52n Web Security Service (WSS) is the gatekeeper of your protected services. The WSS will analyze all service requests targeted to the protected service:

  • Is the requesting user authenticated, e.g. by possessing a SAML ticket of an accepted WAS?
  • Has the user the permission to perform the request, e.g. to access a certain WMS layer?
  • Is there some information that has to be hidden from this user, like certain WMS layers?

The WSS specification defines a standard way to transmit the

  • original service request, e.g. WMS GetMap request, and
  • identity information, e.g. a SAML ticket.

(Informal version of the WSS specification)

The core functionality of a WSS is to analyze incoming requests to the protected service as well as outgoing responses from the service. The 52n WSS implementation incorporates the Interceptor framework, that handles these issues. Every interceptor handles a service type-related autorization task like analyzing WMS GetMap requests and so on.

The current implementation contains the following interceptors: