Closed hohwille closed 9 years ago
hohwille
commented
9 years ago In case of Apache2 you can use virtual hosts for the separation of portal and service-gateway to configure the different authentication mechanisms. For "mounting" the backend applications create a conf file for each app in conf/app/
JuHarm89
commented
9 years ago Hello Jörg, i have a question. Will the Policy Agent(s) reside in the Apache Portal Server or on each underlying App Server? I read that both might be possible. I just installed and configured a Test Policy Agent on a Apache2 and connected it with my OpenAM instance to protect a simple Webpage. So now i want to go one step further and try to "protect" the sample application with a policy Agent, but i am not sure whether we will have policy agents for each app, application Server or only on the portal Server. Best regards
JuHarm89
commented
9 years ago Okay just found out that in general the web policy Agents are installed on the app-server. So in our case we should start with a tomcat agent
hohwille
commented
9 years ago Nope. The policy agent shall only be used in the access systems (portal and service-gateway). These access systems forward the requests to the backend apps using OAuth2.0 (Bearer Token Header) for transmitting the JWT token. The backend apps only take the JWT token from the header and validate it. They shall be stateless what is IMHO not possible with policy agent.
JuHarm89
commented
9 years ago Okay, thank you for the Infos!
Beside using Apache2 with mod_proxy what is a very leightweight and fast solution, we also discussed about using JEE and having more flexibility for custom logic.
Therefore you should have a look at spring cloud with zuul: http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html#_router_and_filter_zuul