Skip to content

These sample applications show how to build applications on SAP BTP with the SCI Authorization Management Service in Java. The repository contains sample applications using [CAP](https://cap.cloud.sap/docs/) and without using CAP

Notifications You must be signed in to change notification settings

SAP-samples/ams-samples-java

Repository files navigation

Overview: Authorization Management Service (AMS) Java Samples

This repository brings together several sample applications that demonstrate how to integrate the SAP Authorization Management Service (AMS) into various Java frameworks. Each sample showcases different architectures and scenarios for authentication and authorization using AMS and the SAP Identity Authentication Service (IAS).

Repository Structure and Sample Overview

Sample Name Description Typical Use Case Directory
Spring Boot Sample A Spring Boot application using AMS and IAS for authentication & authorization with JWT. Includes deployment examples for Kubernetes (Kyma) and Cloud Foundry. Microservices, Cloud-native apps spring-security-ams
Jakarta EE Sample Example Jakarta EE application that integrates AMS for resource access authorization and uses IAS for authentication. Java EE/enterprise projects jakarta-ams-sample
CAP Java Sample Demonstrates the integration of AMS into a SAP CAP Java application, including policy generation for CAP roles. SAP CAP projects ams_cap_sample
Jakarta EE Zero Trust Sample Jakarta EE sample showing how to secure resource access with AMS and Zero Trust Identity Services (ZTIS). Demonstrates mTLS with automatically rotated SPIFFE certificates and programmatic download of bundles using ZTIS certificates. Enterprise Zero Trust/mTLS apps jakarta-ams-sample

Sample Details

1. Spring Boot Sample (spring-security-ams)

  • Framework: Spring Boot
  • Highlights:
    • AMS and IAS integration for securing REST APIs via JWT tokens.
    • Example of using the SAP Application Router as a reverse proxy.
    • Provides DCL files to define authorization models.
    • Deployment instructions for both Kyma/Kubernetes and Cloud Foundry.
  • Typical Use: Microservice-based Java applications needing SAP IAM integration.
  • More info: Spring Security AMS

2. Jakarta EE Sample (jakarta-ams-sample)

  • Framework: Jakarta EE
  • Highlights:
    • Shows how to secure Java EE applications using AMS and IAS.
    • Uses the SAP Application Router as an OAuth 2.0 client.
    • Contains deployment guides for Kubernetes (Helm chart) and Cloud Foundry.
  • Typical Use: Java EE or enterprise applications on SAP BTP.
  • More info: Jakarta AMS Sample

3. CAP Java Sample (ams_cap_sample)

  • Framework: SAP Cloud Application Programming Model (CAP) for Java
  • Highlights:
    • Demonstrates AMS integration in a CAP Java project (example: bookshop).
    • Shows policy generation for CAP security roles.
    • Contains instructions for both local development and Cloud Foundry deployment.
  • Typical Use: Extending CAP Java projects with AMS-based authorization.
  • More info: AMS CAP Sample

4. Jakarta EE Zero Trust Sample (jakarta-ams-sample)

  • Framework: Jakarta EE (Zero Trust, SPIFFE/SPIRE, ZTIS)
  • Highlights:
    • Demonstrates how to use Zero Trust Identity Services (ZTIS) for fully automated, short-lived mTLS certificates via SPIFFE/SPIRE.
    • The backend is protected by AMS (Authorization Management Service) and IAS authentication.
    • Shows how to download SPIFFE bundles (i.e., retrieve trust bundles/certificate chains) using ZTIS-issued certificates.
    • Exposes endpoints for inspecting the current SPIFFE SVID and X.509 certificate (helpful for verifying live certificate rotation).
    • Contains sample endpoints that use mTLS for backend requests, leveraging automatic certificate renewal (rotation).
    • Includes deployment and configuration guides for Cloud Foundry.
  • Typical Use: Java EE or cloud enterprise applications requiring modern mTLS (zero trust) and AMS authorization. Useful for scenarios where backend services must regularly prove identity using frequently rotated certs, e.g., inter-service communication in regulated/critical environments.
  • More info: Jakarta AMS Sample with Zero Trust

What Can You Learn From These Samples?

  • Central policy and access management using AMS and DCL files.
  • Integrating SAP IAM in different Java frameworks (Spring Boot, Jakarta EE, CAP).
  • Cloud-native deployment patterns for SAP BTP (Kyma/Kubernetes & Cloud Foundry).
  • Mapping CAP roles to AMS policies for unified authorization logic.
  • Zero Trust/mTLS: How to secure backend apps with rotating SPIFFE/SPIRE certificates and ZTIS, including programmatic bundle download.

Further References


Licenses

This repository is licensed under the Apache License, Version 2.0. See the LICENSE file for details.

REUSE status

Note:
Each sample includes its own README with detailed setup, configuration, and deployment instructions.

About

These sample applications show how to build applications on SAP BTP with the SCI Authorization Management Service in Java. The repository contains sample applications using [CAP](https://cap.cloud.sap/docs/) and without using CAP

Topics

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 8