1

I have a Service Provider hosting web applications.
These applications are protected by a J2EE filter, deployed in the Service Provider, that intercepts requests and communicate with SAML 2.0 identity providers.
Now the same service provider have to host even Oauth 2.0 resources (so became an Oauth 2.0 resource server).

How can I evolve my J2EE filter to detect which requests have to be protected via SAML 2.0 and which requests via Oauth 2.0 access_token ?

Thanks in advance.

pringi
  • 3,987
  • 5
  • 35
  • 45
user2703633
  • 29
  • 2

1 Answers1

0

As I understand, you need to protect the web urls/services using this filter.So in that case you can filter the requested resource depending on context e.g. requests for url or service with context /X/department/finance/* with SAML and may be /X/department/hr/* using OAuth.

If the resources are also the same you can do an identification based on request parameter sent by client.

Yusuf Khan
  • 433
  • 2
  • 13
  • Thanks Yusuf. Probably I'll evaluate a combination of both your solutions as i have to provide both Rest API Oauth than web applications. – user2703633 Sep 10 '13 at 14:13