Top

14.2.3. Using ACL's Within Application Logic

The http_acl_get() function can be used to test an address against an ACL. The http_client_ip() function can be used to determine the IP address or DNS name of a client machine.

Example 14.4. Using ACL's with Application Logic

To restrict a 'foo.bar' (network 333.333.333.0) from accessing a SOAP service one could use the following:

-- deny access from '333.333.333.*'
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('MY_SOAP', 1, 1, '333.333.333.*');
-- allow
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('MY_SOAP', 2, 0, '*');

-- a procedure exposed as SOAP service

create procedure SumService (in a int, in b int) returns int
{
  if (0 <> http_acl_get ('MY_SOAP', http_client_ip ()))
    signal ('42000', 'Access denied');
  return (a + b);
}

Prev  Up  Next
14.2.2. ACL Definition/Removal  Home  14.2.4. Predefined ACLs