This sample is a Java Back-End application that utilizes the Java Security client library to authenticate JWT tokens issued by the xsuaa service.
It inspects incoming requests to determine if the user has the appropriate authorization by using the XsuaaTokenAuthenticator.
Follow the deployment steps for Kyma/Kubernetes or Cloud Foundry.
Expand this to follow the deployment steps
- Compile the Java application
- Build docker image and push to repository
- Configure the deployment.yml
- Deploy the application
- Assign Role Collection to your user
- Access the application
Run maven to package the application
mvn clean packagedocker build -t <repositoryName>/<imageName> -f ./Dockerfile .
docker push <repositoryName>/<imageName>In deployment.yml replace the image repository placeholder <YOUR IMAGE REPOSITORY> with the one created in the previous step.
Deploy the application using kubectl cli
kubectl apply -f ./k8s/deployment.yml -n <YOUR NAMESPACE>Finally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection JAVA_SECURITY_SAMPLE_Viewer to your user as depicted in the screenshot below and as documented here.
Further up-to-date information you can get on sap.help.com:
-
Follow HowToFetchToken guide to fetch Xsuaa access token.
You can get the information to fill the placeholders from the service binding secret:
kubectl get secret "xsuaa-service-binding" -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}' -n <YOUR NAMESPACE>
Copy the
access_tokento your clipboard. -
Access the app via
curl. Don't forget to fill the placeholders.curl -X GET \ https://java-security-api.<<K8S DOMAIN>>/java-security-usage/hello-java-security \ -H 'Authorization: Bearer <<your access_token>>' -
You should see something like this:
You ('<your user>') can access the application with the following scopes: '<your scopes>'.
Finally, delete your application and your service instances using the following commands:
kubectl delete -f ./k8s/deployment.yml -n <YOUR NAMESPACE>To deploy the application, the following steps are required:
- Compile the Java application
- Create a xsuaa service instance
- Configure the manifest
- Deploy the application
- Assign Role Collection to your user
- Access the application
Run maven to package the application
mvn clean packageUse the xs-security.json to define the authentication settings and create a service instance
cf create-service xsuaa application xsuaa-java-security -c xs-security.jsonThe vars contains hosts and paths that need to be adopted.
Deploy the application using cf push. It will expect 1 GB of free memory quota.
cf push --vars-file ../vars.ymlFinally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection JAVA_SECURITY_SAMPLE_Viewer to your user as depicted in the screenshot below and as documented here.
Further up-to-date information you can get on sap.help.com:
-
Follow HowToFetchToken guide to fetch Xsuaa access token.
You can get the information to fill the placeholders from your system environment
cf env java-security-usage:Copy the
access_tokento your clipboard. -
Access the app via
curl. Don't forget to fill the placeholders.curl -X GET \ https://java-security-usage-<<ID>>.<<LANDSCAPE_APPS_DOMAIN>>/hello-java-security \ -H 'Authorization: Bearer <<your access_token>>' -
You should see something like this:
You ('<your user>') can access the application with the following scopes: '<your scopes>'.
Finally, delete your application and your service instances using the following commands:
cf delete -f java-security-usage
cf delete-service -f xsuaa-java-security