Abstract: In order to make the access to Web services more effective and safe, an access control model for Web services is presented. The model is built on the basis of the SOAP message handler chain. It can provide access control at the message level, and has better extensibility and flexibility. By means of extending handler chain, the model can meet various practical needs. A practical application in XFire framework is provided.

Key words: SOAP message, handler chain, access control model

摘要： 为了能更加安全有效地访问Web服务，设计一种基于SOAP消息处理链的Web服务访问控制模型。该模型实现对Web服务的消息级访问控制，并且具有良好的扩展性，能够通过对消息处理链的扩展使模型满足不同的访问控制要求。结合一个实际应用场景，描述XFire框架下的模型实现。

关键词: SOAP消息, 处理链, 访问控制模型

CLC Number: 

• TP393