Skip to content

Latest commit

 

History

History
 
 

spring-webflux-security-hybrid-usage

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
approuter
approuter
 
 
src
src
 
 
README.md
README.md
 
 
manifest.yml
manifest.yml
 
 
pom.xml
pom.xml
 
 
xs-security.json
xs-security.json
 
 

README.md

Description

This sample is a Spring Boot application that uses spring-webflux as the web framework and is protected by the spring-security-oauth2-resource-server, which utilizes the spring-security client library.

Deployment To Cloud Foundry

To deploy the application, the following steps are required:

  • Configure the Application Router
  • Compile the Java application
  • Create an XSUAA service instance
  • Create an IAS service instance
  • Configure the manifest.yml
  • Deploy the application
  • Assign Role to your user
  • Access the application

Configure the Application Router

The Application Router is used to provide a single entry point to a business application that consists of several apps (microservices). It dispatches requests to backend microservices and acts as a reverse proxy. The rules that determine which request should be forwarded to which destinations are called routes. The application router can be configured to authenticate the users and propagate the user information. Finally, the application router can serve static content.

Compile the Java Application

Run maven to package the application

mvn clean package

Create the XSUAA Service Instance

Use the xs-security.json to define the authentication settings and create a service instance

cf create-service xsuaa application xsuaa-webflux -c xs-security.json

Create the IAS Service Instance

cf create-service identity application ias-webflux

Configure the manifest

The vars contains hosts and paths that you might need to adopt.

Deploy the application

Deploy the application using cf push. It will expect 1 GB of free memory quota.

cf push --vars-file ../vars.yml

Cockpit administration tasks: Assign Role to your User

Finally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection(s) such as Webflux_API_Viewer to your user as depicted in the screenshot below and as documented here.

Further up-to-date information you can get on sap.help.com:

Access the application

After deployment, the AppRouter will trigger authentication automatically when you access one of the following URLs:

  • https://spring-webflux-security-hybrid-usage-web-<ID>.<LANDSCAPE_APPS_DOMAIN>/v1/sayHello - produces Http response with content-type application/json; UTF-8 and the body containing the claims of the JWT or an error message

Direct access to the microservice (without the AppRouter) will return an error:

  • https://spring-webflux-security-hybrid-usage-<ID>.<LANDSCAPE_APPS_DOMAIN>/v1/sayHello - produces an error with 401 (unauthenticated) status code, as it calls the service without Authorization header.

Clean-Up

Finally, delete your application and your service instances using the following commands:

cf delete -f spring-webflux-security-hybrid-usage
cf delete -f approuter-spring-webflux-security-hybrid-usage
cf delete-service -f xsuaa-webflux
cf delete-service -f ias-webflux