Previous Topic: Secure Proxy Server Architecture

Next Topic: Secure Proxy Server Product Features

SPS Components

A stand-alone SPS consists of an HTTP listener (Apache) and a Tomcat servlet container, as shown in the following illustration:

SPS--SPS Architecture

The SPS architecture includes the following components:

Apache

SPS uses the open source Apache Web server to act as the HTTP listener for incoming requests. An additional component, mod_jk (1.2.18), acts as the Tomcat connector, which enables communication between the Apache Web server and Tomcat using the Apache JServ protocol (AJP).

Tomcat

The Tomcat server provides Tomcat servlet container for the SPS. The Tomcat initialization is customized so it does not allow deployment of any external applications or servlets. The standard Tomcat xml (server.xml) is not used for initialization. The components inside the Tomcat container of the SPS include the following:

Configuration Resolver ProxyBootstrap

The configuration resolver proxybootstrap is responsible for reading the SPS configuration from the server.conf file and initializes the SPS.

Session Discovery

The session discovery component analyzes the incoming requests for extracting the SPS session information. Depending on the user agent type and the virtual host being used, this component uses the appropriate session scheme for extracting the SPS session information.

If the request uses an existing SPS session, this component uses the SPS session identifier contained in the request to extract the corresponding SiteMinder session from the in-memory session store. The SPS passes the SiteMinder session to the Java Web Agent for session validation. If the request does not contain an existing SPS session, this component passes the request on to the Java Web Agent for user authentication.

Java Web Agent

The Java Web Agent, together with the SiteMinder Policy Server, authenticates and authorizes the user.

Post Agent Session Writer

The post Agent session writer performs additional processing for cookieless session schemes. After the Java Web Agent authenticates and authorizes the user and creates a SiteMinder session, this component creates an SPS session identifier. This identifier is attached to the SiteMinder session created by the Java Web Agent.

This session identifier is then maintained in the in-memory session store of the SPS. In addition to maintaining the session in the session store, this component transforms the URI. For example, the Post Agent Session Writer manipulates the URI for the simple_url session scheme.

Proxy Rules Servlet Filter

The proxy rules servlet filter loads the proxy rules from the proxyrules.xml file. Depending upon the incoming request and the proxy rule, the request is forwarded or redirected to the backend server. If the request is forwarded, an open source component Noodle is used.

Any changes made to the proxy rules do not require a restart for the changes to take effect. The proxyrules are reloaded when there is any change in the proxyrules.xml file.

Noodle Servlet

The Noodle servlet forwards requests to the backend servers. Noodle also supports the use of proxy pre-filters which enable the request to be modified before sending the same to the backend server. Similarly support for proxy post-filters is also available which enables modification of the response received from the backend server before sending it back to the user client.

HTTP Client

The HTTP client sends requests to the backend server and receives responses from the backend server.