问题描述:

I am having an Rest Web Services application and Admin web application,

Rest web services will be interacted with mobile , where are Admin web application will be used for maintaining purpose.

for both webservice application and amin web application the credentails are same.

so i need josso to provide single sign on for this.

Can you please help how to star configure. I have gone through Josso site where there was a basic info. can any one please help me out if u have any doc to configure .Thank you

网友答案:

I have a similar application setup where one web application provides Rest Services as well as user-facing web application. As far as I know, JOSSO will provide you with user-facing SSO authentication and is not intended to work with rest services.

Instead what I have done is define the URLs of my rest services in the deployment descriptor (web.xml) under a web-resource-collection that will be ignored under JOSSO configuration. Then I defined a separate filter to handle the rest authentication separately. More specifically:

web.xml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>public-resources</web-resource-name>
        <url-pattern>/restservices/</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
</security-constraint>

josso-agent-config.xml

   <configuration>
        <agent:agent-configuration>
            <agent:partner-apps>
                    <agent:partner-app id="myapplication-sp" vhost="10.1.8.11" context="/myappcontext" ignore-web-resource-collections="public-resources"/>
    </agent:partner-apps>
        </agent:agent-configuration>
    </configuration>

With this I was able to use JOSSO to secure most of my web application and ignore the rest services I have. I used a custom authentication filter for my rest services (Spring).

Hope this helps!

相关阅读:
Top