How secure a web application with OpenAM
https://stackoverflow.com/questions/8274199
-
09-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have installed OpenAM (OpenSSO) to work with my liferay portal. So authentication for liferay is going now through the openam server. This works fine. But now I want to secure my own application (EAR) deployed on my glassfish application server.
I can not find any example how to configure my web module to work with openam/opensso. Can anybody help me how to configure my web application?
Solution
The usual approach is to install an OpenAM Policy Agent onto your Glassfish server. The policy agent will intercept all requests to glassfish before allowing them to be processed by the application server, forcing the user to authenticate first if they need to.
Once your policy agent is installed, you will be able to configure it to do many things. Restricting access to some or all URLs in your applications is the most obvious use. Protected applications can also access user details (such as UID or givenName) provided by the policy agent through HTTP headers.
The Glassfish agent is a J2EE policy agent. See here for configuring a J2EE policy agent in OpenAM: http://openam.forgerock.org/doc/admin-guide/OpenAM-Admin-Guide/chap-agents.html#configure-j2ee-policy-agent
See here for installing the policy agent into Glassfish: http://openam.forgerock.org/doc/agent-install-guide/OpenAM-Agent-Install-Guide/chap-glassfish.html
