We're planning to move to Skeleton Key for SSO support for a bunch of web
apps hosted on JBoss EAP 6. We'd like to come up with an approach that
allows protected web apps to include a username and password field on an
unprotected page from the protected web app (this page would be
unprotected) and transparently handle the SSO handshake from
the OAuthManagedResourceValve to the AuthServer and back. We were looking
at a JavaScript function to facilitate this but haven't come up with a
solid way to handle Cross Site Scripting that would be a part of this
approach.
I see in the docs that we can programmatically get an access token that
will work with the BearerTokenAuthenticatorValve for accessing REST
resources.
ResteasyClient client = new ResteasyClientBuilder()
.truststore(truststore)
.build();
Form form = new Form().param("grant_type", "client_credentials");
ResteasyWebTarget target =
client.target("https://localhost:8443/auth-server/j_oauth_token_grant";);
target.configuration().register(new
BasicAuthentication("bbu...@redhat.com", "password"));
AccessTokenResponse res = target.request()
.post(Entity.form(form), AccessTokenResponse.class);
Does the Skeleton Key framework support a similar programatic approach for
getting a token that we can use to login a user to a SSO protected
application without the user having to see the auth server login page? If
so can you give us a few pointers to get started?
Thanks, Doug
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users
