Hi,
On 17/06/13 13:05, inteloid wrote:
Hello.
We have multiple redundant instances of Apache CXF REST Services hidden
behind a ballancer, and we need to integrate OAuth2.
Everything works as needed with a single machine, the problem is, where to
persist server access tokens for retrieval from another CXF machine? What
are the best practices here in terms of serialization and storage types?
Have a look at
https://github.com/Talend/tesb-rt-se/blob/master/examples/cxf/jaxrs-oauth2/sso-saml/social-app-war/src/main/webapp/WEB-INF/thirdPartyToSocialApp.xml
here we have a custom application protected by OAuth2RequestFilter which
uses a custom AccessTokenValidator, in this case a client to
org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService,
the latter (in the demo) is collocated with the remote
AccessTokenService so it has all the access to the token storage, etc.
This is one option and may not be exactly the best option, depends on
the requirements. You can have a custom AccessTokenValidator which will
fetch the tokens from the remote storage using some super-fast low-level
protocol, etc...Another option to try is to get access tokens encrypted
and have a custom AccessTokenValidator decrypting it and thus avoiding
any remote roundtrips...Perhaps we should offer some utility support for
the latter option
HTH, Sergey
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth2-for-redundant-CXF-REST-Services-tp5729365.html
Sent from the cxf-user mailing list archive at Nabble.com.
