This repository brings together several sample applications that demonstrate how to integrate the SAP Authorization Management Service (AMS) into various Java frameworks. Each sample showcases different architectures and scenarios for authentication and authorization using AMS and the SAP Identity Authentication Service (IAS).
| Sample Name | Description | Typical Use Case | Directory |
|---|---|---|---|
| Spring Boot Sample | A Spring Boot application using AMS and IAS for authentication & authorization with JWT. Includes deployment examples for Kubernetes (Kyma) and Cloud Foundry. | Microservices, Cloud-native apps | spring-security-ams |
| Jakarta EE Sample | Example Jakarta EE application that integrates AMS for resource access authorization and uses IAS for authentication. | Java EE/enterprise projects | jakarta-ams-sample |
| CAP Java Sample | Demonstrates the integration of AMS into a SAP CAP Java application, including policy generation for CAP roles. | SAP CAP projects | ams_cap_sample |
| Jakarta EE Zero Trust Sample | Jakarta EE sample showing how to secure resource access with AMS and Zero Trust Identity Services (ZTIS). Demonstrates mTLS with automatically rotated SPIFFE certificates and programmatic download of bundles using ZTIS certificates. | Enterprise Zero Trust/mTLS apps | jakarta-ams-sample |
- Framework: Spring Boot
- Highlights:
- AMS and IAS integration for securing REST APIs via JWT tokens.
- Example of using the SAP Application Router as a reverse proxy.
- Provides DCL files to define authorization models.
- Deployment instructions for both Kyma/Kubernetes and Cloud Foundry.
- Typical Use: Microservice-based Java applications needing SAP IAM integration.
- More info: Spring Security AMS
- Framework: Jakarta EE
- Highlights:
- Shows how to secure Java EE applications using AMS and IAS.
- Uses the SAP Application Router as an OAuth 2.0 client.
- Contains deployment guides for Kubernetes (Helm chart) and Cloud Foundry.
- Typical Use: Java EE or enterprise applications on SAP BTP.
- More info: Jakarta AMS Sample
- Framework: SAP Cloud Application Programming Model (CAP) for Java
- Highlights:
- Demonstrates AMS integration in a CAP Java project (example: bookshop).
- Shows policy generation for CAP security roles.
- Contains instructions for both local development and Cloud Foundry deployment.
- Typical Use: Extending CAP Java projects with AMS-based authorization.
- More info: AMS CAP Sample
- Framework: Jakarta EE (Zero Trust, SPIFFE/SPIRE, ZTIS)
- Highlights:
- Demonstrates how to use Zero Trust Identity Services (ZTIS) for fully automated, short-lived mTLS certificates via SPIFFE/SPIRE.
- The backend is protected by AMS (Authorization Management Service) and IAS authentication.
- Shows how to download SPIFFE bundles (i.e., retrieve trust bundles/certificate chains) using ZTIS-issued certificates.
- Exposes endpoints for inspecting the current SPIFFE SVID and X.509 certificate (helpful for verifying live certificate rotation).
- Contains sample endpoints that use mTLS for backend requests, leveraging automatic certificate renewal (rotation).
- Includes deployment and configuration guides for Cloud Foundry.
- Typical Use: Java EE or cloud enterprise applications requiring modern mTLS (zero trust) and AMS authorization. Useful for scenarios where backend services must regularly prove identity using frequently rotated certs, e.g., inter-service communication in regulated/critical environments.
- More info: Jakarta AMS Sample with Zero Trust
- Central policy and access management using AMS and DCL files.
- Integrating SAP IAM in different Java frameworks (Spring Boot, Jakarta EE, CAP).
- Cloud-native deployment patterns for SAP BTP (Kyma/Kubernetes & Cloud Foundry).
- Mapping CAP roles to AMS policies for unified authorization logic.
- Zero Trust/mTLS: How to secure backend apps with rotating SPIFFE/SPIRE certificates and ZTIS, including programmatic bundle download.
- AMS Documentation (internal)
- SAP Cloud Security Services (public)
- SAP CAP Documentation
- ZTIS / Zero Trust Identity Services (internal)
- SPIFFE/SPIRE Java SDK (public)
This repository is licensed under the Apache License, Version 2.0. See the LICENSE file for details.
Note:
Each sample includes its own README with detailed setup, configuration, and deployment instructions.