Hi wenxzhen, User management is one of the strong suites of the WSO2 platform. For web applications, a Tomcat realm called CarbonTomcatRealm [1] is provided that can authenticate web applications. This transparently works with web.xml security-constraints for "container managed security" of Tomcat.
But if you do require a more flexible way to handle authentication and authorization, then you can use the *AuthenticationAdmin* endpoint. This is not a REST API though, it is based on SOAP. Checkout the doc [2] for more info on this. If you are interested in this route, we can discuss how to workaround the SOAP requirements though! [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.tomcat.ext/src/main/java/org/wso2/carbon/tomcat/ext/realms/CarbonTomcatRealm.java [2] https://docs.wso2.com/display/AM170/WSO2+Admin+Services Regards, KasunG On Tue, Sep 13, 2016 at 5:09 PM, wenxzhen <zhen...@csdn.net> wrote: > Yes, in some extent, we need to use the SSO but we need more: > > 1. We have App1 for CustomerA > > 2. We have another App2 for CustomerB > > 3. Both App1 and App2 are Web applications running on WSO2 AS, > and both Apps needs to do the authorization and authentication > > 4. What would be the best practice to re-use the codes? I am > thinking to wrap the User Management into a REST/JSON API, so that both > App1 and App2 can access and JSON would be much more light weight > > > > Please kindly advice > > Thanks, Wenxing > > > > *From:* Thusitha Thilina Dayaratne [mailto:thusit...@wso2.com] > *Sent:* Tuesday, September 13, 2016 7:28 PM > *To:* wenxzhen > > *Cc:* WSO2 Developers' List > *Subject:* Re: [Dev] About the runtime architecture of WSO2 Application > Server > > > > Hi Wenxing, > > > > Can you use the SingleSignOn for your requirment[1]? > > [1] - https://docs.wso2.com/display/AS530/Using+SSO+with+Web+Applications > <https://docs.wso2.com/display/AS530/Using+SSO+with+Web+Applications> > > > > Thanks > > > > On Tue, Sep 13, 2016 at 4:25 PM, wenxzhen <zhen...@csdn.net> wrote: > > Thanks to Rasika. We are using AS530. From the description of docs[2], it > seems the Services in Jar file are being executed on the AXIS2 engine, > therefore it should be in SOAP message. > > > > As we may have different/multiple SaaS applications, every application > needs to do the authorization and authentication against the user > management tables. Does the Carbon or AS by default provides a REST API to > do the work? Or can we provide a REST/JSON API for the user management to > simplify the work or reuse the codes? Any potential issue we may meet on > the way to go? > > > > Thanks again, > > Best, Wenxing > > > > *From:* Rasika Perera [mailto:rasi...@wso2.com] > *Sent:* Tuesday, September 13, 2016 6:29 PM > *To:* 郑文兴 > *Cc:* WSO2 Developers' List > *Subject:* Re: [Dev] About the runtime architecture of WSO2 Application > Server > > > > Hi Wenxing, > > > > Please refer docs [1] and [2] for Services/Applications deployment. WSO2 > Applications Server deploys the web applications on an internal embedded > Tomcat server. Hence, apps are served through tomcats threads pool. > > > > You can find more higher level architecture of WSO2 AS on doc link[3]. > > > > Let us know which version you are using If you need further details. > > > > Thanks, > > Rasika > > > > [1] https://docs.wso2.com/display/AS530/Application+Development+ > and+Deployment > > [2] https://docs.wso2.com/display/AS530/Services+ > Development+and+Deployment > > [3] https://docs.wso2.com/display/AS530/Architecture > > > > On Tue, Sep 13, 2016 at 10:57 AM, 郑文兴 <zhen...@csdn.net> wrote: > > Dear all, > > > > During the running of the WSO2 AS, how will the Services/Applications be > run or scheduled on the Application Server? Are they running on different > processes or threads? > > > > Please shed some light and share more details on the architecture. > Appreciated for your kindly help. > > > > Best, Wenxing > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > > With Regards, > > > *Rasika Perera* > Software Engineer > > LinkedIn: http://lk.linkedin.com/in/rasika90 > > [image: wso2-signature-general.png] <https://wso2.com/signature> > > > > WSO2 Inc. www.wso2.com > > lean.enterprise.middleware > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > > Thusitha Dayaratne > > Software Engineer > > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > > > Mobile +94712756809 > > Blog alokayasoya.blogspot.com > > About http://about.me/thusithathilina > > <http://wso2.com/signature> > > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev