I am having an Rest Web Services application and Admin web application,
Rest web services will be interacted with mobile , where are Admin web application will be used for maintaining purpose.
for both webservice application and amin web application the credentails are same.
so i need josso to provide single sign on for this.
Can you please help how to star configure. I have gone through Josso site where there was a basic info. can any one please help me out if u have any doc to configure .Thank you
I have a similar application setup where one web application provides Rest Services as well as user-facing web application. As far as I know, JOSSO will provide you with user-facing SSO authentication and is not intended to work with rest services.
Instead what I have done is define the URLs of my rest services in the deployment descriptor (web.xml) under a web-resource-collection that will be ignored under JOSSO configuration. Then I defined a separate filter to handle the rest authentication separately. More specifically:
<security-constraint> <web-resource-collection> <web-resource-name>public-resources</web-resource-name> <url-pattern>/restservices/</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> </security-constraint>
<configuration> <agent:agent-configuration> <agent:partner-apps> <agent:partner-app id="myapplication-sp" vhost="10.1.8.11" context="/myappcontext" ignore-web-resource-collections="public-resources"/> </agent:partner-apps> </agent:agent-configuration> </configuration>
With this I was able to use JOSSO to secure most of my web application and ignore the rest services I have. I used a custom authentication filter for my rest services (Spring).
Hope this helps!