Back | Next | Contents Cams Administrator's Guide

Access Control Responses

Cams replies to each access request with a status of pending, granted, or denied. If the response is denied, then a reason is also sent. The response and reason values are logged in the security domain's access control log. These values are useful in debugging and analyzing secure resource requests. This document explains the values you'll find in the access control log.

Access Control Log Format

Example 1 shows a typical access control log entry. The access control log format is:

  1. date/time
  2. requesting host address
  3. sessionId of the user (if authenticated)
  4. authenticated user name (if authenticated)
  5. login config entry from the security domain's login-config.xml file
  6. fully-qualified resource identifier of the requested resource
  7. the requested action(s) on the resource
  8. response code
  9. reason code
[10/Dec/2002:13:14:59 -0800] 127.0.0.1 
MyCamsServer-examples-145e13a8561341691d65c3580d81f3ab37f870ca 
guest http http://localhost:8080/examples/styles/cswebapp.css "GET" 1 -
Example 1 - A single access control log entry

Response Codes

Response code reflect the definitive Cams server answer to the access control request. Table 1 shows the response codes Cams returns.

Value Description
0 Access control decision for the resource is in progress
1 Access to the resource is granted
2 Access to the resource is denied
Table 1 - Cams access control response codes

Reason Codes/Quantifiers

A reason code is returned with each access control response to provide additional context. Table 2 shows the possible reason codes.

Value Description
0 Not applicable
1 General error, probably due to a misconfiguration
2 The remote host IP address is not valid
3 The remote hostname is not valid
4 The agent making the request is not authorized
5 An unknown security domain was referenced
6 An unknown resource type was referenced
7 An invalid resource identifier was specified
8 An unrecognized action was requested on a resource
9 Access was denied unconditionally
10 Authentication is required
11 Authentication is required but the session expired
12 An error occurred while evaluating an access control rule
13 Confidentiality (SSL/TLS connection) is required
14 The session id submitted was invalid
15 Authentication is required, but the login configuration for the specified login config entry could not be found
16 Use the default bias (either granted or denied) because no permission was protecting the requested resource
17 A general transport error occurred. Something within the response was corruptted.
18 Access was granted conditionally
19 Access was granted unconditionally
20 Access was denied conditionally
Table 2 - Cams access control reason codes

Back | Next | Contents

© Copyright 1996-2003 Cafésoft LLC. All rights reserved.