Skip to content

Latest commit

 

History

History
 
 

java-security-usage

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
README.md
README.md
 
 
manifest.yml
manifest.yml
 
 
pom.xml
pom.xml
 
 
xs-security.json
xs-security.json
 
 

README.md

Description

This sample is a Java back-end application running on the Cloud Foundry. On incoming requests it checks whether the user is authorized using the XsuaaTokenAuthenticator which is defined in the Java Security library.

Deployment on Cloud Foundry

To deploy the application, the following steps are required:

  • Compile the Java application
  • Create a xsuaa service instance
  • Configure the manifest
  • Deploy the application
  • Assign Role Collection to your user
  • Access the application

Compile the Java application

Run maven to package the application

mvn clean package

Create the xsuaa service instance

Use the xs-security.json to define the authentication settings and create a service instance

cf create-service xsuaa application xsuaa-java-security -c xs-security.json

Configure the manifest

The vars contains hosts and paths that need to be adopted.

Deploy the application

Deploy the application using cf push. It will expect 1 GB of free memory quota.

cf push --vars-file ../vars.yml

Cockpit administration tasks: Assign Role to your User

Finally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection JAVA_SECURITY_SAMPLE_Viewer to your user as depicted in the screenshot below and as documented here.

Further up-to-date information you can get on sap.help.com:

Access the application

  • Get an access token via curl. You can get the information to fill the placeholders from your system environment cf env java-security-usage:
curl -X POST \
  <<VCAP_SERVICES.xsuaa.credentials.url>>/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=<<VCAP_SERVICES.xsuaa.credentials.clientid>>&client_secret=<<VCAP_SERVICES.xsuaa.credentials.clientsecret>>&grant_type=password&username=<<your username>>&password=<<your password>>'

Copy the access_token to your clipboard.

  • Access the app via curl. Don't forget to fill the placeholders.
curl -X GET \
  https://java-security-usage-<<ID>>.<<LANDSCAPE_APPS_DOMAIN>>/hello-java-security \
  -H 'Authorization: Bearer <<your access_token>>'

You should see something like this:

You ('<your user>') can access the application with the following scopes: '<your scopes>'.

Clean-Up

Finally delete your application and your service instances using the following commands:

cf delete -f java-security-usage
cf delete-service -f xsuaa-java-security