Skip to content
This repository has been archived by the owner on Jul 2, 2020. It is now read-only.

Latest commit

 

History

History
111 lines (95 loc) · 5.53 KB

README.md

File metadata and controls

111 lines (95 loc) · 5.53 KB

Circle CI Codacy Badge

Authorization server based on spring security.

Persistence layer

  • Supports Etcd and H2 embedded
  • Selected using environment variable: SPRING_PROFILES_ACTIVE=default (optional, works with Etcd if nothing provided) or SPRING_PROFILES_ACTIVE=db (mandatory for working with H2)
  • When H2 database selected, DB file named sts_db sits locally under user home folder. The schema is created upon creation of the 1st client
  • H2 DB accessible via the web console: http://localhost:9093/ (select H2 embedded, URL: jdbc:h2:~/sts_db)
  • etcdUrl environment variable used to set the Etcd location. Complete URL should be passed (http://11.22.33.44:1234); if not set, default used (http://127.0.0.1:4001)

Notes:

  • Token never expires (can be revoked)

Manually run with docker

Flow:

  • Create tenant
  • Create client
  • Create token
  • Use token ("Authorization: Bearer " header) in other services Refer curl.txt and SystemTestCurl.sh files to see the usage examples of ReST APIs

Example of java-based client service configuration

  • Use token in your client - on example of Java webapp. NOT FINAL VERSION - works but should be cleaned up. web.xml: contextConfigLocation /WEB-INF/spring-security.xml

      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
    
      <servlet>
          <servlet-name>spring</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <load-on-startup>1</load-on-startup>
          <async-supported>true</async-supported>
      </servlet>
      <servlet-mapping>
          <servlet-name>spring</servlet-name>
          <!--<url-pattern>/</url-pattern>-->
          <url-pattern>/</url-pattern>
      </servlet-mapping>
    
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          <async-supported>true</async-supported>
      </filter>
      <filter-mapping>
          <filter-name>InputFilter</filter-name>
          <url-pattern>/rest/v1/gateway/publish</url-pattern>
      </filter-mapping>
      <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
      </filter-mapping>
    

    spring-security.xml (${authServer} is in default.properties, can be reset via -D parameter):

    <context:property-placeholder system-properties-mode="OVERRIDE" location="classpath*:default.properties"/>
    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="systemPropertiesMode" value="2" />
    </bean>

    <sec:authentication-manager alias="authenticationManager"/>

    <http auto-config="true" use-expressions="false" create-session="stateless" xmlns="http://www.springframework.org/schema/security">
        <csrf disabled="true"/>
        <anonymous enabled="false"/>
        <intercept-url pattern="/rest/v1/gateway/**" access="ROLE_APP"/>
        <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
    </http>

    <bean id="remoteTokenServices" class="org.springframework.security.oauth2.provider.token.RemoteTokenServices">
        <property name="checkTokenEndpointUrl" value="http://${authServer}/sts/oauth/check_token"/>
        <property name="restTemplate" ref="restTemplate"/>
    </bean>

    <bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
        <constructor-arg name="messageConverters">
            <list>
                <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"/>
                <bean class="org.springframework.http.converter.FormHttpMessageConverter"/>
            </list>
        </constructor-arg>
    </bean>

    <oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="remoteTokenServices"/>

More details

See more details about Oauth2 in Oauth2-authorization.docx