| 113 | Because the Users and Groups DBMS tables are moved to GAAP, their information is part of the !SecurityToken; where currently GeoNetwork has numerous places where it consults the DBMS to look up the current user's groups, these lookups are modified to use the !SecurityToken instead. !SecurityTokens are kept in an application-scope map, with session-id as the key to look them up. If the user does not log in, the !SecurityToken is an anonymous !SecurityToken. |
| 114 | |
| 115 | The delegation is handled by a Servlet Filter, GeoNetwork Security Filter. This filter intercepts all requests to GeoNetwork, checks if the current session id is known in the !SecurityToken Map and if not, it forwards the request to GAAP. GAAP returns a !SecurityToken that is added to the Map, so subsequent requests from the same client (as long as the session is valid) do not need to consult GAAP again. After this, GeoNetwork Security Filter lets the request continue normally to its destination (one of the GeoNetwork services). |
| 116 | |
| 117 | A more detailed UML Sequence diagram showing GeoNetwork delegating to GAAP is this: |
| 118 | |
| 119 | [[Image(GeoNetworkSecurityFilterSequence.png)]] |