You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomee.apache.org by netname <al...@gmail.com> on 2012/09/05 03:48:41 UTC

Easiest SSO Security for Ajax with TomEE

I would appreciate any suggestion on how to implement web security for a set
of small applications.

Environment:
------------
We are working in 4 small applications: Web Reporting with Birt, business
process1, business process 2, data services for the rest of the
applications.  We have created several JAX-RS services implementing this.
All of this are Web Applications

The front-end is a Single Page App

Requirements:
--------------
Add Authentication and Authorization
The services call each other in chain (process 1 -> Birt Reporting -> calls
data services)
Allow single signon

We do not care (with our limited knowledge of Web Security) it the
application is secured with standard JEE Security, Apache Shiro or Spring
Security. We just want an easy to understand, security framework that we can
implement over TomEE.

I will appreciate any pointers. Thanks.









--
View this message in context: http://openejb.979440.n4.nabble.com/Easiest-SSO-Security-for-Ajax-with-TomEE-tp4657278.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Easiest SSO Security for Ajax with TomEE

Posted by netname <al...@gmail.com>.

>> If you're running tomcat on windows and want to do SSO with active
directory ...the easiest ways (by far) would be to use waffle.

Thanks, but we are not integrating with AD. If we did,though, would it solve
the need to have all the apps calling them using rest services? 
Right now, we have no security and we send the user as part of the header
info. That is what we are trying to change and it is unclear to me if we are
looking at SSO or token security. All the security stuff is complicated and
full of TLAs.





--
View this message in context: http://openejb.979440.n4.nabble.com/Easiest-SSO-Security-for-Ajax-with-TomEE-tp4657278p4657312.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Re: Easiest SSO Security for Ajax with TomEE

Posted by Anthony Fryer <ap...@hotmail.com>.

If you're running tomcat on windows and want to do SSO with active directory,
then one of the easiest ways (by far) would be to use 
http://dblock.github.com/waffle/ waffle .  I'm not sure how completely it
integrates with tomee, but it has a tomcat authenticator valve and i have
used it for simple webapps and found it to be far easier than any other way
of getting a jee container to do SSO with active directory.



--
View this message in context: http://openejb.979440.n4.nabble.com/Easiest-SSO-Security-for-Ajax-with-TomEE-tp4657278p4657279.html
Sent from the OpenEJB User mailing list archive at Nabble.com.