Skip to content
Newer
Older
100644 377 lines (265 sloc) 12.9 KB
39b9174 @tekul Minor edit to README.md (review test)
tekul authored Dec 6, 2011
1 <link href="https://raw.github.com/clownfart/Markdown-CSS/master/markdown.css" rel="stylesheet"></link>
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
2 # CloudFoundry User Account and Authentication (UAA) Server
ace5777 @daleolds start of UAA
daleolds authored Oct 11, 2011
3
d117c68 @dsyer Add useful listings to README
dsyer authored Jan 5, 2012
4 ## Co-ordinates
5
67f369f @tekul CFID-101: Use Apache http client in LegacyAuthenticationManager.
tekul authored Jan 20, 2012
6 * Team:
d117c68 @dsyer Add useful listings to README
dsyer authored Jan 5, 2012
7 * Dale Olds (`olds@vmware.com`)
8 * Dave Syer (`dsyer@vmware.com`)
9 * Luke Taylor (`ltaylor@vmware.com`)
10 * Joel D'Sa (`jdsa@vmware.com`)
e932900 @daleolds remove incorrect URLs.
daleolds authored Feb 7, 2012
11 * Team mailing list: `cf-id@vmware.com`
12 * Docs: docs/
d117c68 @dsyer Add useful listings to README
dsyer authored Jan 5, 2012
13
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
14 ## Quick Start
ace5777 @daleolds start of UAA
daleolds authored Oct 12, 2011
15
ab32020 @dsyer Update README
dsyer authored Oct 27, 2011
16 If this works you are in business:
ace5777 @daleolds start of UAA
daleolds authored Oct 12, 2011
17
600eda2 Update README.md
Monica Wilkinson authored Nov 29, 2011
18 $ git clone git@github.com:vmware-ac/uaa.git
ab32020 @dsyer Update README
dsyer authored Oct 27, 2011
19 $ cd uaa
20 $ mvn install
39b9174 @tekul Minor edit to README.md (review test)
tekul authored Dec 6, 2011
21
00cf04c @dsyer Simplify integration test incantation
dsyer authored Nov 22, 2011
22 Each module has a `mvn tomcat:run` target to run individually, or you
23 could import them as projects into STS (use 2.8.0 or better if you
24 can). The apps all work together the apps running on the same port
917374e @dsyer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored Mar 30, 2012
25 (8080) as `/uaa`, `/app` and `/api`. You can probably use Maven 2.2.1
26 to build the code, but you need to use Maven 3 if you want to run it
27 from the command line (or run integration tests).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
28
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
29 ### Demo of command line usage
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
30
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
31 First run the UAA server as described above:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
32
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
33 $ cd uaa
00cf04c @dsyer Simplify integration test incantation
dsyer authored Nov 22, 2011
34 $ mvn tomcat:run
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
35
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
36 Then start another terminal and from the project base directory, ask
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
37 the login endpoint to tell you about the system:
38
39 $ curl -H "Accept: application/json" localhost:8080/uaa/login
40 {
41 "timestamp":"2012-03-28T18:25:49+0100",
42 "commit_id":"111274e",
43 "prompts":{"username":["text","Username"],
44 "password":["password","Password"]
45 }
46 }
47
48 Then you can try logging in with the UAA ruby gem. Make sure you have
49 ruby 1.9, and bundler installed, then
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
50
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
51 $ cd gem/; bundle
52 $ ./bin/uaa target localhost:8080/uaa
53 $ ./bin/uaa login marissa koala
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
54
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored Feb 5, 2012
55 (or leave out the username / password to be prompted).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
56
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
57 This authenticates and obtains an access token from the server using
58 the OAuth2 implicit grant, similar to the approach intended for a
59 client like VMC. The token is returned in stdout, so copy paste the
60 value into this next command:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
61
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
62 $ ./bin/uaa --client-id=admin --client-secret=adminclientsecret decode [token]
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored Feb 5, 2012
63
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
64 and you should see your username and the client id of the original token grant on stdout.
65
66 {
67 "id":"17a99e38-c5fd-46a3-9d37-6b12db0937c9",
68 "resource_ids":["cloud_controller","password"],
69 "expires_at":1334117495,
70 "scope":["read"],
71 "email":"marissa@test.org",
72 "client_authorities":["ROLE_UNTRUSTED"],
73 "expires_in":43171,
74 "user_authorities":["ROLE_USER"],
75 "user_id":"marissa",
76 "client_id":"vmc"
77 }
78
79 ### Demo of command line usage against e.g. cloudfoundry.com
80
81 The same command line example should work against a UAA running on cloudfoundry.com. In this case, there is no need to run a local uaa server, so simply ask the external login endpoint to tell you about the system:
82
83 $ curl -H "Accept: application/json" uaa.cloudfoundry.com/login
84 {
85 "prompts":{"username":["text","Username"],
86 "password":["password","Password"]
87 }
88 }
89
90 You can then try logging in with the UAA ruby gem. Make sure you have ruby 1.9, and bundler installed, then
91
92 $ cd gem/; bundle
93 $ ./bin/uaa target uaa.cloudfoundry.com
94 $ ./bin/uaa login [yourusername] [yourpassword]
95
96 (or leave out the username / password to be prompted).
97
98 This authenticates and obtains an access token from the server using the OAuth2 implicit
99 grant, similar to the approach intended for a client like VMC.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
100
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored Nov 14, 2011
101 ## Integration tests
102
103 With all apps deployed into a running server on port 8080 the tests
104 will include integration tests (a check is done before each test that
105 the app is running). You can deploy them in your IDE or using the
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
106 command line with `mvn tomcat:run` and then run the tests as normal.
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored Nov 14, 2011
107
00cf04c @dsyer Simplify integration test incantation
dsyer authored Nov 22, 2011
108 For individual modules, or for the whole project, you can also run
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
109 integration tests and the server from the command line in one go with
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored Nov 14, 2011
110
917374e @dsyer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored Mar 30, 2012
111 $ mvn test -P integration
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored Nov 14, 2011
112
28afa21 @dsyer Remove or tidy jsps and update README
dsyer authored Nov 15, 2011
113 (This might require an initial `mvn install` from the parent directory
114 to get the wars in your local repo first.)
115
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
116 To make the tests work in various environments you can modify the
117 configuration of the server and the tests (e.g. the admin client)
118 using a variety of mechanisms. The simplest is to provide additional
119 Maven profiles on the command line, e.g.
120
121 $ (cd uaa; mvn test -P vcap)
122
123 will run the integration tests against a uaa server running in a local
124 vcap, so for example the service URL is set to `uaa.vcap.me` (by
125 default). There are several Maven profiles to play with, and they can
126 be used to run the server, or the tests or both:
127
128 * `local`: runs the server on the ROOT context `http://localhost:8080/`
129
130 * `vcap`: also runs the server on the ROOT context and points the
131 tests at `uaa.vcap.me`.
132
133 * `devuaa`: points the tests at `http://devuaa.cloudfoundry.com` (an
134 instance of UAA deployed on cloudfoundry).
135
136 All these profiles set the `CLOUD_FOUNDRY_CONFIG_PATH` to pick up a
137 `uaa.yml` and (if appropriate) set the context root for running the
138 server (see below for more detail on that).
139
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
140 ### BVTs
141
142 There is a really simple cucumber feature spec (`--tag @uaa`) to
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
143 verify that the UAA server is there. There is also a rake task to
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
144 launch the integration tests from the `uaa` submodule in `vcap`.
145 Typical usage for a local (`uaa.vcap.me`) instance:
146
147 $ cd vcap/tests
148 $ rake bvt:run_uaa
149
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
150 You can change the most common important settings with environment
151 variables (see below), or with a custom `uaa.yml`. N.B. `MAVEN_OPTS`
152 cannot be used to set JVM system properties for the tests, but it can
153 be used to set memory limits for the process etc.
154
155 ### Custom YAML Configuration
156
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
157 To modify the runtime parameters you can provide a `uaa.yml`, e.g.
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
158
159 $ cat > /tmp/uaa.yml
160 uaa:
161 host: uaa.appcloud21.dev.mozycloud
162 test:
163 username: dev@cloudfoundry.org # defaults to vcap_tester@vmware.com
164 password: changeme
165 email: dev@cloudfoundry.org
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
166
167 then from `vcap-tests`
168
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
169 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp rake bvt:run_uaa
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
170
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
171 or from `uaa/uaa`
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
172
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
173 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp mvn test
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
174
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
175 The integration tests look for a Yaml file in the following locations
176 (later entries override earlier ones), and the webapp does the same
177 when it starts up so you can use the same config file for both:
178
179 classpath:uaa.yml
180 file:${CLOUD_FOUNDRY_CONFIG_PATH}/uaa.yml
181 file:${UAA_CONFIG_FILE}
182 ${UAA_CONFIG_URL}
183
184 ### Using Maven with Cloud Foundry or VCAP
185
186 To test against a vcap instance use the Maven profile `vcap` (it
187 switches off some of the tests that create random client and user
188 accounts):
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
189
190 $ (cd uaa; mvn test -P vcap)
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
191
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
192 To change the target server it should suffice to set
f1d1a89 @dsyer CFID-230: update UAA docs
dsyer authored Apr 2, 2012
193 `VCAP_BVT_TARGET` (the tests prefix it with `uaa.` to form the
917374e @dsyer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored Mar 30, 2012
194 server url), e.g.
195
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
196 $ VCAP_BVT_TARGET=appcloud21.dev.mozycloud mvn test -P vcap
197
198 You can also override some of the other most important default
199 settings using environment variables. The defaults as usual come from
200 `uaa.yml` but tests will search first in an environment variable:
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
201
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
202 * `UAA_ADMIN_CLIENT_ID` the client id for bootstrapping client
203 registrations needed for the rest of the tests.
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
204
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
205 * `UAA_ADMIN_CLIENT_SECRET` the client secret for boottrapping client
206 registrations
207
208 All other settings from `uaa.yml` can be overriden individually as
209 system properties. Running in an IDE this is easy just using whatever
210 features allow you to modify the JVM in test runs, but using Maven you
211 have to use the `argLine` property to get settings passed onto the
212 test JVM, e.g.
213
214 $ mvn -DargLine=-Duaa.test.username=foo test
215
216 will create an account with `userName=foo` for testing (instead using
217 the default setting from `uaa.yml`).
218
219 If you prefer environment variables to system properties you can use a
220 custom `uaa.yml` with placeholders for your environment variables,
221 e.g.
222
223 uaa:
224 test:
225 username: ${UAA_TEST_USERNAME:marissa}
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
226
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored Apr 13, 2012
227 will look for an environment variable (or system property)
228 `UAA_TEST_USERNAME` before defaulting to `marissa`. This is the trick
229 used to expose `UAA_ADMIN_CLIENT_SECRET` etc. in the standard
230 configuration.
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored Jan 27, 2012
231
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
232 ## Inventory
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
233
60e128a @dsyer Add postgres support and and check with PLATFORM=postgresql
dsyer authored Dec 1, 2011
234 There are actually several projects here, the main `uaa` server application and some samples:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
235
917374e @dsyer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored Mar 30, 2012
236 0. `common` is a module containing a JAR with all the business logic. It is used in
237 the webapps below.
238
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
239 1. `uaa` is the actual UAA server
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
240
0c65ef3 @joeldsa Changed the name of the gem to cf-uaa-client
joeldsa authored Feb 15, 2012
241 2. `gem` is a ruby gem (`cf-uaa-client`) for interacting with the UAA server
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored Feb 5, 2012
242
243 3. `api` (sample) is an OAuth2 resource service which returns a mock list of deployed apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
244
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored Feb 5, 2012
245 4. `app` (sample) is a user application that uses both of the above
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
246
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
247 In CloudFoundry terms
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
248
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
249 * `uaa` provides an authentication service plus authorized delegation for
250 back-end services and apps (by issuing OAuth2 access tokens).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
251
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
252 * `api` is `api.cloudfoundry.com` - it's a service which provides resources
253 which other applications may wish to access on behalf of the resource
254 owner (the end user).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
255
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
256 * `app` is `code.cloudfoundry.com` or `studio.cloudfoundry.com` - a
257 webapp that needs single sign on and access to the `api` service on
258 behalf of users.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
259
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
260 ## UAA Server
261
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
262 The authentication service is `uaa`. It's a plain Spring MVC webapp.
263 Deploy as normal in Tomcat or your container of choice, or execute
f274eb9 @dsyer Update README for Tomcat
dsyer authored Nov 14, 2011
264 `mvn tomcat:run` to run it directly from `uaa` directory in the source tree.
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored Apr 10, 2012
265 When running with maven it listens on port 8080.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
266
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
267 It supports the APIs defined in the UAA-APIs document. To summarise:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
268
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
269 1. The OAuth2 /authorize and /token endpoints
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
270
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
271 2. A /login_info endpoint to allow querying for required login prompts
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
272
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
273 3. A /check_token endpoint, to allow resource servers to obtain information about
274 an access token submitted by an OAuth2 client.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
275
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
276 4. SCIM user provisioning endpoint
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
277
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
278 5. OpenID connect endpoints to support authentication /userinfo and
279 /check_id (todo). Implemented roughly enough to get it working (so
280 /app authenticates here), but not to meet the spec.
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored Nov 9, 2011
281
282 Authentication can be performed by command line clients by submitting
60e128a @dsyer Add postgres support and and check with PLATFORM=postgresql
dsyer authored Dec 1, 2011
283 credentials directly to the `/authorize` endpoint (as described in
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored Nov 9, 2011
284 UAA-API doc). There is an `ImplicitAccessTokenProvider` in Spring
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
285 Security OAuth that can do the heavy lifting if your client is Java.
286
287 By default `uaa` will launch with a context root `/uaa`. There is a
288 Maven profile `vcap` to launch with context root `/`.
289
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored Jan 18, 2012
290 ### Configuration
291
292 There is a `uaa.yml` in the application which provides defaults to the
293 placeholders in the Spring XML. Wherever you see
294 `${placeholder.name}` in the XML there is an opportunity to override
295 it either by providing a System property (`-D` to JVM) with the same
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
296 name, or a custom `uaa.yml` (as desceibed above).
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored Jan 18, 2012
297
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
298 All passwords and client secrets in the config files are plain text,
299 but they will be inserted into the UAA database encrypted with BCrypt.
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored Jan 18, 2012
300
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
301 ### User Account Data
302
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
303 The default is to use an in-memory RDBMS user store that is
304 pre-populated with a single test users: `marissa` has password
305 `koala`.
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored Dec 15, 2011
306
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
307 To use Postgresql for user data, activate one of the Spring profiles
308 `hsqldb` or `postgresql`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
309
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
310 The active profiles can be configured in `uaa.yml` using
311
312 spring_profiles: postgresql
313
314 or by passing the `spring.profiles.active` parameter to the JVM. For,
315 example to run with an embedded HSQL database:
8c2d455 @tekul Added spring profile usage info to readme
tekul authored Dec 19, 2011
316
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
317 mvn -Dspring.profiles.active=hsqldb tomcat:run
8c2d455 @tekul Added spring profile usage info to readme
tekul authored Dec 19, 2011
318
319 Or to use PostgreSQL instead of HSQL:
320
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
321 mvn -Dspring.profiles.active=postgresql tomcat:run
67f369f @tekul CFID-101: Use Apache http client in LegacyAuthenticationManager.
tekul authored Jan 20, 2012
322
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
323 To bootstrap a microcloud type environment you need an admin client.
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored Jan 18, 2012
324 For this there is a database initializer component that inserts an
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
325 admin client. If the default profile is active (i.e. not
326 `postgresql`) there is also a `vmc` client so that the gem login works
327 out of the box. You can override the default settings and add
328 additional clients in `uaa.yml`:
329
330 oauth:
331 clients:
332 admin:
333 authorized-grant-types: client_credentials
334 scope: read,write,password
f1d1a89 @dsyer CFID-230: update UAA docs
dsyer authored Apr 2, 2012
335 authorities: ROLE_CLIENT,ROLE_ADIN
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored Mar 26, 2012
336 id: admin
337 secret: adminclientsecret
338 resource-ids: clients
339
340 The admin client can be used to create additional clients (but not to
341 do anything much else). A client with read/write access to the `scim`
342 resource will be needed to create user accounts. The integration
343 tests take care of this automatically, inserting client and user
344 accounts as necessary to make the tests work.
8c2d455 @tekul Added spring profile usage info to readme
tekul authored Dec 19, 2011
345
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
346 ## The API Application
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
347
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored Oct 28, 2011
348 An example resource server. It hosts a service which returns
349 a list of mock applications under `/apps`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
350
00cf04c @dsyer Simplify integration test incantation
dsyer authored Nov 22, 2011
351 Run it using `mvn tomcat:run` from the `api` directory (once all other
352 tomcat processes have been shutdown). This will deploy the app to a
353 Tomcat manager on port 8080.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
354
355 ## The App Application
356
39b9174 @tekul Minor edit to README.md (review test)
tekul authored Dec 6, 2011
357 This is a user interface app (primarily aimed at browsers) that uses
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored Nov 9, 2011
358 OpenId Connect for authentication (i.e. SSO) and OAuth2 for access
359 grants. It authenticates with the Auth service, and then accesses
00cf04c @dsyer Simplify integration test incantation
dsyer authored Nov 22, 2011
360 resources in the API service. Run it with `mvn tomcat:run` from the
361 `app` directory (once all other tomcat processes have been shutdown).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
362
363 ### Use Cases
364
ab32020 @dsyer Update README
dsyer authored Oct 27, 2011
365 1. See all apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
366
39b9174 @tekul Minor edit to README.md (review test)
tekul authored Dec 6, 2011
367 GET /app/apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
368
369 browser is redirected through a series of authentication and access
370 grant steps (which could be slimmed down to implicit steps not
371 requiring user at some point), and then the photos are shown.
372
ab32020 @dsyer Update README
dsyer authored Oct 27, 2011
373 2. See the currently logged in user details, a bag of attributes
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored Oct 26, 2011
374 grabbed from the open id provider
375
ab32020 @dsyer Update README
dsyer authored Oct 27, 2011
376 GET /app
Something went wrong with that request. Please try again.