Hi Mike, WSO2 API Manager uses WSO2 Identity Server for user management. You can point WSO2 API Manager at your WSO2 Identity Server instance as a credential repository, and associate API Manager roles with the user base.
WSO2 API Manager can integrate with user repositories that communicate via standard protocols. Best practice with APIs is to rely on access token authentication instead of user credential authentication. The WSO2 API Manager provides an self-access subscription mechanism for users to obtain access tokens and associate the access tokens with API consuming applications. /Chris On Jun 4, 2013, at 2:59 AM, Sanjeewa Malalgoda wrote: > > > On Sat, Jun 1, 2013 at 11:55 PM, Mike Stoddart <[email protected]> wrote: > I hope it's OK to ask this kind of question in this mailing list. > > I have some web services (JAX-RS and JAX-WS) that I'm writing and I want to > make them available to users (browsers) and client applications. I'm also > providing access to them using web sockets but that's a different access > mechanism until the ESB and API Manager support websockets. > > I love the idea behind the API Manager and I want to use this in front of the > web services for client applications. Clients' developers can easily > subscribe to APIs and pull my data into their systems. > > I want to provide secure access to the same web services for browsers running > our Javascript, either authenticating user accounts against Liferay or the > Identity Server. > Why cant you use user access token concept available in API manager for this? > In that case each token associated with user. > > Thanks, > Sanjeewa. > > The API Manage can proxy to the back end services but I'm struggling to > understand how to secure these same services for users using browsers. Is > this feasible/possible? Thanks > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > > > -- > > Sanjeewa Malalgoda > WSO2 Inc. > Mobile : +94713068779 > > blog :http://sanjeewamalalgoda.blogspot.com/ > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
