I am trying to create a safe and possibly dosed web service in Java.
In my research, I got a lot of information about OpenSSO and thought it was my decision until I discovered what OpenAM took over and that OpenSSO is no longer being developed!
I have the latest version of Tomcat7 + OpenAM installed and started to configure it .
My goal:
I would like to have authentication on a session / token where users can request a token from the endpoint of a secure web service ( OpenAM seems to offer this ) than to include this token in subsequent HTTP requests to the endpoints of the web service protected by OpenAM.
I see guides on how to create an "agent policy" for Apache ... but not Tomcat yet? Maybe I'm just naive about how this works - maybe I would use the Java EE policy for Tomcat?
Finally, itโs nice to have: When a user clicks on a particular service, I can take my authenticated token and use it to โcountโ the service in any meaningful way (write down information about requests) - is there an API in OpenAM or should I plan it internal implementation in a web service?
My question is: are there any guides on them or examples of projects demonstrating this type of configuration. The OpenAM documentation is good, but I think I need a little more hands.
source share