Wednesday, June 9, 2010

How to protect applications deployed in Tomcat using Oracle Access Manager

Hi all,

Oracle Access Manager has webgates for many of the web servers provided out of the box. What if the application deployed on Tomcat has to be protected using Oracle Access Manager for authentication and authorization purposes ? The problem lies either to do customization or to have reverse proxy server infront of Tomcat.
I have detailed this here.
The stuff I did not talk in that post are the pros and cons of using the approach of Reverse Proxy fronting the Tomcat.

The prons of using Reverse proxy approach is that there is no need of customization or coding efforts required. All you need is just a webgate on RP server. All the future enhancements to the target application (which is deployed in Tomcat) does not effect / require changes in OAM side (may be minimal if not).

The cons of this approach is that there will be redirection for every request from RP to Tomcat server. So, the redirections will cause the time delay in real time.