¶
14.2.3.Using ACL's Within Application Logic
The http_acl_get()
function can be used to test an address against an ACL. The
http_client_ip()
function can be used to determine the IP address or DNS name of a
client machine.
Example14.4.Using ACL's with Application Logic
To restrict a 'foo.bar' (network 333.333.333.0) from accessing a SOAP service one could use the following:
-- deny access from '333.333.333.*'
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('MY_SOAP', 1, 1, '333.333.333.*');
-- allow
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('MY_SOAP', 2, 0, '*');
-- a procedure exposed as SOAP service
create procedure SumService (in a int, in b int) returns int
{
if (0 <> http_acl_get ('MY_SOAP', http_client_ip ()))
signal ('42000', 'Access denied');
return (a + b);
}