Programming Guides › Programming Guide for Java › Task Execution Web Service › Authorization

Authorization

Whether the submitted task can be executed depends upon the rights of the administrator who is making the request. The administrator’s ID is specified in one of the following ways:

• As part of the session information that SiteMinder or SOA Security Manager inserts into the POST request header during the authentication response. This is the default.
• Through the < admin_id> element that is passed to CA IdentityMinder in the body of the POST request.

Using the admin ID provided in the session header guarantees that the administrator who is issuing the remote request has been authorized to do so by SiteMinder or SOA Security Manager. However, no authorization checks are performed on an admin ID supplied through the < admin_id> element of the request.

If no session information is available in the header and no admin ID is supplied in the <admin_id> element, CA IdentityMinder returns a Not Authorized exception in the HTTP POST response body.

Authorization is not required for a task configured as a Public Task.