-
1. Re: Multiple authentication policies depending on client
jorgemoralespou_2 Jan 20, 2015 6:41 AM (in response to richardhands)1 of 1 people found this helpfulHi,
My suggestion would be to use application composition leveraging SCA bindings.
I would create different front applications (depending on the security considerations) and then delegate to a common application where all the logic further from authentication/authorization would be handled.
In this example, I would have User A consuming a secure endpoint/binding and User B consuming an unsecure binding. Both apps would call for common logic a third app. The good thing about SCA binding is that the cost of the call is very small (it is a local java call unless clustered is selected in pre SY 2.0).
I hope it helps,
-
2. Re: Multiple authentication policies depending on client
richardhands Jan 20, 2015 6:45 AM (in response to jorgemoralespou_2)A good suggestion, thank you :-)
-
3. Re: Multiple authentication policies depending on client
ozkin Jan 20, 2015 4:05 PM (in response to jorgemoralespou_2)Does it have to be three separate applications? Would it work if all these components are implemented within the same composite?
-
4. Re: Multiple authentication policies depending on client
jorgemoralespou_2 Jan 21, 2015 2:04 AM (in response to ozkin)Yes, definitely if will work the same. As long as the lemme is the same, they can be implemented in the same application.
-
5. Re: Multiple authentication policies depending on client
ozkin Jan 21, 2015 2:49 AM (in response to jorgemoralespou_2)lemme?
-
6. Re: Multiple authentication policies depending on client
jorgemoralespou_2 Jan 21, 2015 4:24 AM (in response to jorgemoralespou_2)Yes, definitely it will work the same. As long as the lifecycle is the same, they can be implemented in the same application. And even the lifecycle constraint depends also on the packaging, whether is as multiple .jar deployment units or everything in an .ear deployment unit.