Protecting applications deployed in Tomcat webserver using Oracle Access Manager
Hi all,
This post will bring out some of the solution proposal aspects and how to protect applications deployed in Tomcat webserver using Oracle Access Manager. This can be application to applications deployed in any webserver which Oracle does not provide Webgate out of the box.
The scenario is that there are web applications deployed in Tomcat server and how would you protect those with OAM.
There are 2 ways of doing it. First solution is to use a Reverse Proxy server infront of Tomcat (say Apache or OHS etc.,) and define the Resources to be protected in OAM Policy domain. Second solution is to implement custom access gate for Tomcat server. Here, you would need to write JAAS Authentication Module and Authorization Module which internally calls Access Gate and inturn the Access Server for authentication and Authorization purposes.
This post will talk about the first solution. Lets say we have Reverse proxy as OHS web server.
You can follow the steps as shown below:
- Add/Modify host identifier to include OHS port.
- Create Policy domain with resources, authorization rules. Specify the authentication scheme and add authorization rules accordingly as per your requirements.
- Now, uncomment the proxy module configuration in the httpd.conf of OHS webserver. If you can’t point out proxy related configuration in the httpd.conf file, search for mod_proxy and uncomment if it is commented out.
- Add the lines ProxyPass and ProxyReversePass to your application resources as shown below.
ProxyPass /sample/public.html http://tomcat_host:port/sample/public.html
ProxyPassReverse /sample/public.html http://tomcat_host:port/sample/public/public.html
- Access your application using OHS Port and the application resource will be prompted for authentication accordingly.
In later posts, I will come up with implementing Second Solution.
Please drop your comments in case of any issues.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com