├── secure-server
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.properties
│ │ └── maven-wrapper.jar
├── src
│ ├── main
│ │ ├── resources
│ │ │ ├── server-public.cer
│ │ │ ├── server-keystore.jks
│ │ │ ├── server-truststore.jks
│ │ │ └── application.yml
│ │ └── java
│ │ │ └── com
│ │ │ └── codependent
│ │ │ └── mutualauth
│ │ │ ├── SecureServerApplication.java
│ │ │ ├── web
│ │ │ └── HomeRestController.java
│ │ │ └── config
│ │ │ └── SecurityConfig.java
│ └── test
│ │ └── java
│ │ └── com
│ │ └── codependent
│ │ └── mutualauth
│ │ └── SecureServerApplicationTests.java
├── .gitignore
├── pom.xml
├── mvnw.cmd
└── mvnw
├── secure-client
├── src
│ ├── main
│ │ ├── resources
│ │ │ ├── client-keystore.jks
│ │ │ ├── client-truststore.jks
│ │ │ ├── application.yml
│ │ │ ├── unsigned-client.csr
│ │ │ └── signed-client.cer
│ │ └── java
│ │ │ └── com
│ │ │ └── codependent
│ │ │ └── mutualauth
│ │ │ ├── web
│ │ │ └── HomeRestController.java
│ │ │ └── SecureClientApplication.java
│ └── test
│ │ └── java
│ │ └── com
│ │ └── codependent
│ │ └── mutualauth
│ │ └── SecureClientApplicationTests.java
├── .gitignore
└── pom.xml
├── secure-client2
├── src
│ ├── main
│ │ ├── resources
│ │ │ ├── client-keystore.jks
│ │ │ ├── client-truststore.jks
│ │ │ ├── application.yml
│ │ │ ├── unsigned-client.csr
│ │ │ └── signed-client.cer
│ │ └── java
│ │ │ └── com
│ │ │ └── codependent
│ │ │ └── mutualauth
│ │ │ ├── web
│ │ │ └── HomeRestController.java
│ │ │ └── SecureClient2Application.java
│ └── test
│ │ └── java
│ │ └── com
│ │ └── codependent
│ │ └── mutualauth
│ │ └── SecureClient2ApplicationTests.java
├── .gitignore
└── pom.xml
└── README.md
/secure-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.9/apache-maven-3.3.9-bin.zip
2 |
--------------------------------------------------------------------------------
/secure-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/secure-server/src/main/resources/server-public.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-server/src/main/resources/server-public.cer
--------------------------------------------------------------------------------
/secure-client/src/main/resources/client-keystore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-client/src/main/resources/client-keystore.jks
--------------------------------------------------------------------------------
/secure-client/src/main/resources/client-truststore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-client/src/main/resources/client-truststore.jks
--------------------------------------------------------------------------------
/secure-client2/src/main/resources/client-keystore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-client2/src/main/resources/client-keystore.jks
--------------------------------------------------------------------------------
/secure-server/src/main/resources/server-keystore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-server/src/main/resources/server-keystore.jks
--------------------------------------------------------------------------------
/secure-server/src/main/resources/server-truststore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-server/src/main/resources/server-truststore.jks
--------------------------------------------------------------------------------
/secure-client2/src/main/resources/client-truststore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codependent/spring-boot-ssl-mutual-authentication/HEAD/secure-client2/src/main/resources/client-truststore.jks
--------------------------------------------------------------------------------
/secure-client/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | spring:
2 | application:
3 | name: secure-client
4 |
5 | server:
6 | port: 8080
7 |
8 | logging:
9 | level:
10 | org.springframework.security: DEBUG
--------------------------------------------------------------------------------
/secure-client2/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | spring:
2 | application:
3 | name: secure-client2
4 |
5 | server:
6 | port: 8282
7 |
8 | logging:
9 | level:
10 | org.springframework.security: DEBUG
--------------------------------------------------------------------------------
/secure-client/.gitignore:
--------------------------------------------------------------------------------
1 | target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 |
12 | ### IntelliJ IDEA ###
13 | .idea
14 | *.iws
15 | *.iml
16 | *.ipr
17 |
18 | ### NetBeans ###
19 | nbproject/private/
20 | build/
21 | nbbuild/
22 | dist/
23 | nbdist/
24 | .nb-gradle/
--------------------------------------------------------------------------------
/secure-client2/.gitignore:
--------------------------------------------------------------------------------
1 | target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 |
12 | ### IntelliJ IDEA ###
13 | .idea
14 | *.iws
15 | *.iml
16 | *.ipr
17 |
18 | ### NetBeans ###
19 | nbproject/private/
20 | build/
21 | nbbuild/
22 | dist/
23 | nbdist/
24 | .nb-gradle/
--------------------------------------------------------------------------------
/secure-server/.gitignore:
--------------------------------------------------------------------------------
1 | target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 |
12 | ### IntelliJ IDEA ###
13 | .idea
14 | *.iws
15 | *.iml
16 | *.ipr
17 |
18 | ### NetBeans ###
19 | nbproject/private/
20 | build/
21 | nbbuild/
22 | dist/
23 | nbdist/
24 | .nb-gradle/
--------------------------------------------------------------------------------
/secure-server/src/main/java/com/codependent/mutualauth/SecureServerApplication.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class SecureServerApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(SecureServerApplication.class, args);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/secure-server/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 | spring:
2 | application:
3 | name: secure-server
4 |
5 | server:
6 | port: 8443
7 | ssl:
8 | key-store: classpath:server-keystore.jks
9 | key-store-password: secret
10 | key-alias: secure-server
11 | trust-store: classpath:server-truststore.jks
12 | trust-store-password: secret
13 | enabled: true
14 | client-auth: need
15 |
16 | logging:
17 | level:
18 | org.springframework.security: DEBUG
--------------------------------------------------------------------------------
/secure-client/src/test/java/com/codependent/mutualauth/SecureClientApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class SecureClientApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/secure-server/src/test/java/com/codependent/mutualauth/SecureServerApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class SecureServerApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/secure-client2/src/test/java/com/codependent/mutualauth/SecureClient2ApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class SecureClient2ApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/secure-server/src/main/java/com/codependent/mutualauth/web/HomeRestController.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth.web;
2 |
3 | import java.security.Principal;
4 |
5 | import org.springframework.web.bind.annotation.GetMapping;
6 | import org.springframework.web.bind.annotation.RestController;
7 |
8 | @RestController
9 | public class HomeRestController {
10 |
11 | @GetMapping("/")
12 | public String home(Principal principal){
13 | return String.format("Hello %s!", principal.getName());
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/secure-client/src/main/java/com/codependent/mutualauth/web/HomeRestController.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth.web;
2 |
3 | import java.net.URI;
4 | import java.net.URISyntaxException;
5 |
6 | import org.springframework.beans.factory.annotation.Autowired;
7 | import org.springframework.web.bind.annotation.GetMapping;
8 | import org.springframework.web.bind.annotation.RestController;
9 | import org.springframework.web.client.RestClientException;
10 | import org.springframework.web.client.RestTemplate;
11 |
12 | @RestController
13 | public class HomeRestController {
14 |
15 | @Autowired
16 | private RestTemplate restTemplate;
17 |
18 | @GetMapping("/")
19 | public String home() throws RestClientException, URISyntaxException{
20 | return restTemplate.getForObject(new URI("https://localhost:8443"), String.class);
21 | }
22 |
23 | }
24 |
--------------------------------------------------------------------------------
/secure-client2/src/main/java/com/codependent/mutualauth/web/HomeRestController.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth.web;
2 |
3 | import java.net.URI;
4 | import java.net.URISyntaxException;
5 |
6 | import org.springframework.beans.factory.annotation.Autowired;
7 | import org.springframework.web.bind.annotation.GetMapping;
8 | import org.springframework.web.bind.annotation.RestController;
9 | import org.springframework.web.client.RestClientException;
10 | import org.springframework.web.client.RestTemplate;
11 |
12 | @RestController
13 | public class HomeRestController {
14 |
15 | @Autowired
16 | private RestTemplate restTemplate;
17 |
18 | @GetMapping("/")
19 | public String home() throws RestClientException, URISyntaxException{
20 | return restTemplate.getForObject(new URI("https://localhost:8443"), String.class);
21 | }
22 |
23 | }
24 |
--------------------------------------------------------------------------------
/secure-client/src/main/resources/unsigned-client.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN NEW CERTIFICATE REQUEST-----
2 | MIIC4zCCAcsCAQAwbjELMAkGA1UEBhMCZXMxEDAOBgNVBAgTB215c3RhdGUxDzANBgNVBAcTBm15
3 | Y2l0eTEOMAwGA1UEChMFbXlvcmcxDjAMBgNVBAsTBW15b3JnMRwwGgYDVQQDExNjb2RlcGVuZGVu
4 | dC1jbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmygE0XRyBXuk1Pudhtr9
5 | iebOUOqQYqD2+rSn1qmNywjZgm7yqyz3R4A7YzTYMl6rbAsEA2N3fbiPwIhpfEw154j/2bw+vQ1I
6 | dwjudE6QGoQJdh8yaMVNbYBxoUUaR4rK/Xq8PObcCLOYP8ZtGuKZQq54QGWl9Jv3gX9wmtrMsUT3
7 | 5EEm8ZrAcJDCy+H7k+y0OnxLZXy6Ijm48ja/hcFUT62MUdjsnf/ysifObOyba7R14COB8oKrU0ty
8 | 2sk+HmdqBkbtqGHOHxPoU7C6wAZFGha3O4RfYt+DO3N+d3wga5zvvVq9bazL5oqiDYfBqfi6R7Ql
9 | RwTKTCD6sD5VB56vvwIDAQABoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUEd85dn84w1Y4
10 | jW878YBE/CAJB7YwDQYJKoZIhvcNAQELBQADggEBACgMD+c5SWyF25382gh25cdHhhkF4tv/4twu
11 | F9dDNwzwBQ0qPFWeBcnRHrfKjEUzju+B96TbB1pYL0LKYOOVA8P7qg3gZxjYxZjURl/zUJNvfgxr
12 | uG+wVja0zQj2hZJxCYsTblCRKi8YB/rYpIpYGtsiOoZwMoUnP0dYPatsimh7YokWBnpb+j82qB64
13 | xakCXVfdrmq1Eepmyp6NIZgMwecOenpmcnrp6uSnXb16z4eZ45sbNIyveTSCNDxunAfg5MOMyDxy
14 | 2eIR92isI8t6j0ZEr5jrcag7XBrEx3QwrsNhIF/+K9KanfAWVC9GiSg3i4ckps+RBMM6AKZQ603h
15 | suM=
16 | -----END NEW CERTIFICATE REQUEST-----
--------------------------------------------------------------------------------
/secure-client2/src/main/resources/unsigned-client.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN NEW CERTIFICATE REQUEST-----
2 | MIIC4zCCAcsCAQAwbjELMAkGA1UEBhMCZXMxEDAOBgNVBAgTB215c3RhdGUxDzANBgNVBAcTBm15
3 | Y2l0eTEOMAwGA1UEChMFbXlvcmcxDjAMBgNVBAsTBW15b3JnMRwwGgYDVQQDExNjb2RlcGVuZGVu
4 | dC1jbGllbnQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYTkvoDYpkc0F7rGSKcH
5 | YW5beniyOz6L8OAGLG3k24cmBf+1ZbyJgB6Z18eAhEMUvzUZzd+NDIU9bFVXb2iHCcykn++J/WGg
6 | Ac4ZQ4gJbG0HjZGRVI6lAH17iKzmU9amVzuyjUL9DpWdkOI8yM0J5a6sEpXhEVJ5yaMWFvl0FwNV
7 | bXF9PxQv8nSRe4ylwZNBL02ypoxmB3erV9UGHXwn1+SKKu085lHZ2lIuOEA50ZtlYm6iwqC7/4WI
8 | ldeRvpgr8dq4AoDcQmdpbyLB5sIwkjIC7o4UTU0/7LIU2V+FX7RkntrYuLEN/JuXKaeQHnjGOjee
9 | 3YdgT06FlQ1jQyaEcwIDAQABoDAwLgYJKoZIhvcNAQkOMSEwHzAdBgNVHQ4EFgQUYmmVZZOjFSET
10 | P07Norrgw/r8oPkwDQYJKoZIhvcNAQELBQADggEBAELw4ULaJRV2mU4ajmjPUoCvimH9h9Qug4aF
11 | QBPJtRs7BBu4Ixnwj35UxvwXUgpLe9hypeUouzXe9/aESh1qB2apve2u5PPHXwGuSPa5jRs+s0Hx
12 | P9FA/RFcYCbW775I62lOICoL3/QJVCnrEdZLCKUrYP+aH6m3kko+/TyP1B+nUMDmu0HgXatYvYOh
13 | poOvGrdXHPeNtlxFlmuHGHhufQk8f2teXg86Jma3Oj6YTCT0zusXUFK1oyXoJ15bYIUhRsf0wz60
14 | 96b7gFW58yEK9fv8Gj41y0Vxg+3HAgsgr/esTjG/TMPBH/tveUSP5M1OXVu+vpHl4kJshGBn2Vds
15 | 4vY=
16 | -----END NEW CERTIFICATE REQUEST-----
--------------------------------------------------------------------------------
/secure-client/src/main/resources/signed-client.cer:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDVDCCAjwCCQDQ+acnExl4XzANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJl
3 | czEMMAoGA1UECAwDbWFkMQwwCgYDVQQHDANtYWQxGDAWBgNVBAoMD0NvZGVwZW5k
4 | ZW50IEx0ZDEMMAoGA1UECwwDZGV2MRcwFQYDVQQDDA5jb2RlcGVuZGVudC1jYTAe
5 | Fw0xNzAyMTcwOTIzNDFaFw0xODAyMTcwOTIzNDFaMG4xCzAJBgNVBAYTAmVzMRAw
6 | DgYDVQQIEwdteXN0YXRlMQ8wDQYDVQQHEwZteWNpdHkxDjAMBgNVBAoTBW15b3Jn
7 | MQ4wDAYDVQQLEwVteW9yZzEcMBoGA1UEAxMTY29kZXBlbmRlbnQtY2xpZW50MTCC
8 | ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJsoBNF0cgV7pNT7nYba/Ynm
9 | zlDqkGKg9vq0p9apjcsI2YJu8qss90eAO2M02DJeq2wLBANjd324j8CIaXxMNeeI
10 | /9m8Pr0NSHcI7nROkBqECXYfMmjFTW2AcaFFGkeKyv16vDzm3AizmD/GbRrimUKu
11 | eEBlpfSb94F/cJrazLFE9+RBJvGawHCQwsvh+5PstDp8S2V8uiI5uPI2v4XBVE+t
12 | jFHY7J3/8rInzmzsm2u0deAjgfKCq1NLctrJPh5nagZG7ahhzh8T6FOwusAGRRoW
13 | tzuEX2Lfgztzfnd8IGuc771avW2sy+aKog2Hwan4uke0JUcEykwg+rA+VQeer78C
14 | AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAXA1IOBd4QcM1/lwXDwLVYMLyfUQJYdSX
15 | HdqoX1R9L5NMbWZ+rcPG4GJ3d6BluthesAv/4CJzQ9QfJXgV1WqkrzShlpsNL/5e
16 | uWmRP6JHQG1ORao1g7AKw92EwDI4qvijbCrhGeOkVgM7BM9P5TrEb1zl2Spgu4zS
17 | tVELJLF63wrobXB5WQGPz16YWAn5UX45Y8qOWUrYy7RoYWcTMruLFwD9awpSH901
18 | ObJaru05remSvmHAcoTOQ8bPC8Su4VQUycBhwl5Sa+jW50d8s/1ht7BFW4cFvh+6
19 | +5b6OH/AUBlNtj75RXLG2cdaUB72EwX2vE8uBt+icWVxgNqVaOTuAw==
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/secure-client2/src/main/resources/signed-client.cer:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDVDCCAjwCCQC2x0bVdJ1MGDANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJl
3 | czEMMAoGA1UECAwDbWFkMQwwCgYDVQQHDANtYWQxGDAWBgNVBAoMD0NvZGVwZW5k
4 | ZW50IEx0ZDEMMAoGA1UECwwDZGV2MRcwFQYDVQQDDA5jb2RlcGVuZGVudC1jYTAe
5 | Fw0xNzAyMTcxMDAzNDNaFw0xODAyMTcxMDAzNDNaMG4xCzAJBgNVBAYTAmVzMRAw
6 | DgYDVQQIEwdteXN0YXRlMQ8wDQYDVQQHEwZteWNpdHkxDjAMBgNVBAoTBW15b3Jn
7 | MQ4wDAYDVQQLEwVteW9yZzEcMBoGA1UEAxMTY29kZXBlbmRlbnQtY2xpZW50MjCC
8 | ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWE5L6A2KZHNBe6xkinB2Fu
9 | W3p4sjs+i/DgBixt5NuHJgX/tWW8iYAemdfHgIRDFL81Gc3fjQyFPWxVV29ohwnM
10 | pJ/vif1hoAHOGUOICWxtB42RkVSOpQB9e4is5lPWplc7so1C/Q6VnZDiPMjNCeWu
11 | rBKV4RFSecmjFhb5dBcDVW1xfT8UL/J0kXuMpcGTQS9NsqaMZgd3q1fVBh18J9fk
12 | iirtPOZR2dpSLjhAOdGbZWJuosKgu/+FiJXXkb6YK/HauAKA3EJnaW8iwebCMJIy
13 | Au6OFE1NP+yyFNlfhV+0ZJ7a2LixDfyblymnkB54xjo3nt2HYE9OhZUNY0MmhHMC
14 | AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAoGRgORSM+h0V4XVsAndEzDPyRyMU53En
15 | N8JQgKDr2hD5DIwhOwl+R3AmNaVqcIA03NOrcFAcsHaESBRCT4lJ71caMR7Jihoo
16 | FeBVCE2whjw6cBIyiUfheKUS9CswWY3DYF7uCagMgFTeihCkBCiUGgD2ae7X879D
17 | WrIlUuTpcp4gpIXqieXBc4t1+9iWlunGQM98L9OSqXUVnjUESkbgQJSS8RzsJ0vr
18 | Pk+6nYoiIcrLGABJYQkWTBKCUUX4837+w4Sur+WSnKm7GAX7R4igBlvCTZSwcp7G
19 | 4FMScSFXdex3QIN83i70r9WiwP14Ao3X9LEdpj4L9cqHGei+1HK4gw==
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/secure-client/src/main/java/com/codependent/mutualauth/SecureClientApplication.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import javax.annotation.PostConstruct;
4 |
5 | import org.springframework.boot.SpringApplication;
6 | import org.springframework.boot.autoconfigure.SpringBootApplication;
7 | import org.springframework.context.annotation.Bean;
8 | import org.springframework.web.client.RestTemplate;
9 |
10 | @SpringBootApplication
11 | public class SecureClientApplication {
12 |
13 | @PostConstruct
14 | public void initSsl(){
15 | System.setProperty("javax.net.ssl.keyStore", Thread.currentThread().getContextClassLoader().getResource("client-keystore.jks").getPath());
16 | System.setProperty("javax.net.ssl.keyStorePassword", "secret");
17 | System.setProperty("javax.net.ssl.trustStore", Thread.currentThread().getContextClassLoader().getResource("client-truststore.jks").getPath());
18 | System.setProperty("javax.net.ssl.trustStorePassword", "secret");
19 | /*
20 | javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
21 | (hostname,sslSession) -> {
22 | if (hostname.equals("localhost")) {
23 | return true;
24 | }
25 | return false;
26 | });*/
27 | }
28 |
29 | @Bean
30 | public RestTemplate template() throws Exception{
31 | RestTemplate template = new RestTemplate();
32 | return template;
33 | }
34 |
35 | public static void main(String[] args) {
36 | SpringApplication.run(SecureClientApplication.class, args);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/secure-client2/src/main/java/com/codependent/mutualauth/SecureClient2Application.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth;
2 |
3 | import javax.annotation.PostConstruct;
4 |
5 | import org.springframework.boot.SpringApplication;
6 | import org.springframework.boot.autoconfigure.SpringBootApplication;
7 | import org.springframework.context.annotation.Bean;
8 | import org.springframework.web.client.RestTemplate;
9 |
10 | @SpringBootApplication
11 | public class SecureClient2Application {
12 |
13 | @PostConstruct
14 | public void initSsl(){
15 | System.setProperty("javax.net.ssl.keyStore", Thread.currentThread().getContextClassLoader().getResource("client-keystore.jks").getPath());
16 | System.setProperty("javax.net.ssl.keyStorePassword", "secret");
17 | System.setProperty("javax.net.ssl.trustStore", Thread.currentThread().getContextClassLoader().getResource("client-truststore.jks").getPath());
18 | System.setProperty("javax.net.ssl.trustStorePassword", "secret");
19 | /*
20 | javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
21 | (hostname,sslSession) -> {
22 | if (hostname.equals("localhost")) {
23 | return true;
24 | }
25 | return false;
26 | });*/
27 | }
28 |
29 | @Bean
30 | public RestTemplate template() throws Exception{
31 | RestTemplate template = new RestTemplate();
32 | return template;
33 | }
34 |
35 | public static void main(String[] args) {
36 | SpringApplication.run(SecureClient2Application.class, args);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/secure-server/src/main/java/com/codependent/mutualauth/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.codependent.mutualauth.config;
2 |
3 | import org.springframework.context.annotation.Bean;
4 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
5 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
6 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
7 | import org.springframework.security.core.authority.AuthorityUtils;
8 | import org.springframework.security.core.userdetails.User;
9 | import org.springframework.security.core.userdetails.UserDetailsService;
10 |
11 | @EnableWebSecurity
12 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
13 |
14 | @Override
15 | protected void configure(HttpSecurity http) throws Exception {
16 | http
17 | .authorizeRequests()
18 | .anyRequest().authenticated()
19 | .and()
20 | .x509()
21 | .subjectPrincipalRegex("CN=(.*?)(?:,|$)")
22 | .userDetailsService(userDetailsService());
23 | }
24 |
25 | @Bean
26 | public UserDetailsService userDetailsService() {
27 | return (username -> {
28 | if (username.equals("codependent-client1") || username.equals("codependent-client2")) {
29 | return new User(username, "", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
30 | }else{
31 | return null;
32 | }
33 | });
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/secure-client/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | com.codependent.mutualauth
7 | secure-client
8 | 0.0.1-SNAPSHOT
9 | jar
10 |
11 | secure-client
12 | Demo project for Spring Boot
13 |
14 |
15 | org.springframework.boot
16 | spring-boot-starter-parent
17 | 1.5.1.RELEASE
18 |
19 |
20 |
21 |
22 | UTF-8
23 | UTF-8
24 | 1.8
25 |
26 |
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-web
31 |
32 |
33 |
34 | org.springframework.boot
35 | spring-boot-starter-test
36 | test
37 |
38 |
39 |
40 |
41 |
42 |
43 | org.springframework.boot
44 | spring-boot-maven-plugin
45 |
46 |
47 |
48 |
49 |
50 |
51 |
--------------------------------------------------------------------------------
/secure-client2/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | com.codependent.mutualauth
7 | secure-client2
8 | 0.0.1-SNAPSHOT
9 | jar
10 |
11 | secure-client
12 | Demo project for Spring Boot
13 |
14 |
15 | org.springframework.boot
16 | spring-boot-starter-parent
17 | 1.5.1.RELEASE
18 |
19 |
20 |
21 |
22 | UTF-8
23 | UTF-8
24 | 1.8
25 |
26 |
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-web
31 |
32 |
33 |
34 | org.springframework.boot
35 | spring-boot-starter-test
36 | test
37 |
38 |
39 |
40 |
41 |
42 |
43 | org.springframework.boot
44 | spring-boot-maven-plugin
45 |
46 |
47 |
48 |
49 |
50 |
51 |
--------------------------------------------------------------------------------
/secure-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | com.codependent.mutualauth
7 | secure-server
8 | 0.0.1-SNAPSHOT
9 | jar
10 |
11 | secure-server
12 | Demo project for Spring Boot
13 |
14 |
15 | org.springframework.boot
16 | spring-boot-starter-parent
17 | 1.5.1.RELEASE
18 |
19 |
20 |
21 |
22 | UTF-8
23 | UTF-8
24 | 1.8
25 |
26 |
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-security
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-web
35 |
36 |
37 |
38 | org.springframework.boot
39 | spring-boot-starter-test
40 | test
41 |
42 |
43 |
44 |
45 |
46 |
47 | org.springframework.boot
48 | spring-boot-maven-plugin
49 |
50 |
51 |
52 |
53 |
54 |
55 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # spring-boot-ssl-mutual-authentication
2 | Spring Boot Secure Server and Clients that requires mutual authentication
3 |
4 | There are three projects in this repo:
5 |
6 | - secure-server: available at `https://localhost:8443`
7 | - secure-client: available at `http://localhost:8080`
8 | - secure-client2: available at `http://localhost:8282`
9 |
10 | ## Testing with self signed certificates:
11 |
12 | 1. **Generating the Server Keystore:**
13 | `keytool -genkeypair -alias secure-server -keyalg RSA -dname "CN=localhost,OU=myorg,O=myorg,L=mycity,S=mystate,C=es" -keypass secret -keystore server-keystore.jks -storepass secret`
14 |
15 | 2. **Generating the Client Keystore:**
16 | `keytool -genkeypair -alias secure-client -keyalg RSA -dname "CN=codependent-client,OU=myorg,O=myorg,L=mycity,S=mystate,C=es" -keypass secret -keystore client-keystore.jks -storepass secret`
17 |
18 | 3. **Import the supported client's public certificates intro the server truststore:**
19 | - **Export the client public certificate**: `keytool -exportcert -alias secure-client -file client-public.cer -keystore client-keystore.jks -storepass secret`
20 | - **Import it in the server truststore**: `keytool -importcert -keystore server-truststore.jks -alias clientcert -file client-public.cer -storepass secret`
21 |
22 | 4. **Import the server's public certificate into the client truststores:**
23 | - **Export the server public certificate**: `keytool -exportcert -alias secure-server -file server-public.cer -keystore server-keystore.jks -storepass secret`
24 | - **Import it in the client truststore**: `keytool -importcert -keystore client-truststore.jks -alias servercert -file server-public.cer -storepass secret`
25 |
26 | To check the proyect start both Spring Boot applications and access secure-client -> `http://localhost:8080`. It will call `https://localhost:8443` and if everything goes OK you'll see *"Hello codependent-client1!"*
27 |
28 | if you want to access `https://localhost:8443` from the browser you'll have to install the certificate in it. To export it: `keytool -importkeystore -srckeystore client-keystore.jks -destkeystore codependent-client.p12 -deststoretype PKCS12`
29 |
30 |
31 | ## Testing with signed certificates using a CA Certificate:
32 |
33 | 1. The **server keystore** is the same generated in *Testing with self signed certificates step 1*
34 |
35 | 2. The **client truststores** are the same from *Testing with self signed certificates step 4*
36 |
37 | 3. **Create a CA**
38 |
39 | `openssl req -new -x509 -keyout codependent-ca-key.pem -out codependent-ca.pem -days 365`
40 | ```
41 | Generating a 2048 bit RSA private key
42 | ..........................+++
43 | .......................................................................................+++
44 | writing new private key to 'codependent-ca-key.pem'
45 | Enter PEM pass phrase:
46 | Verifying - Enter PEM pass phrase:
47 | -----
48 | You are about to be asked to enter information that will be incorporated
49 | into your certificate request.
50 | What you are about to enter is what is called a Distinguished Name or a DN.
51 | There are quite a few fields but you can leave some blank
52 | For some fields there will be a default value,
53 | If you enter '.', the field will be left blank.
54 | -----
55 | Country Name (2 letter code) [AU]:es
56 | State or Province Name (full name) [Some-State]:mad
57 | Locality Name (eg, city) []:mad
58 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:Codependent Ltd
59 | Organizational Unit Name (eg, section) []:dev
60 | Common Name (e.g. server FQDN or YOUR name) []:codependent-ca
61 | Email Address []:
62 | ```
63 | This generates two files codependent-ca.pem and codependent-ca-key.pem
64 |
65 | Now, **FOR EVERY CLIENT**:
66 |
67 | 4. **Create the server truststore including the client CA:**
68 |
69 | `keytool -import -alias codependent-ca -file codependent-ca.pem -keystore server-truststore.jks -storepass secret`
70 |
71 | 5. **Generate an unsigned client certificate for secure-client:**
72 |
73 | `keytool -genkeypair -alias secure-client -keyalg RSA -dname "CN=codependent-client1,OU=myorg,O=myorg,L=mycity,S=mystate,C=es" -keypass secret -keystore client-keystore.jks -storepass secret`
74 |
75 | **NOTE: use CN=codependent-client1 for secure-client and cn=codependent-client2 for secure-client2**
76 |
77 | 6. **Generate the Certificate Signing Request:**
78 |
79 | `keytool -keystore client-keystore.jks -certreq -alias secure-client -keyalg rsa -storepass secret`
80 |
81 | Paste the content in a unsigned-client.csr file
82 |
83 | 7. **Generate a signed certificate for the associated Certificate Signing Request:**
84 |
85 | `openssl x509 -req -CA codependent-ca.pem -CAkey codependent-ca-key.pem -in unsigned-client.csr -out signed-client.cer -days 365 -CAcreateserial`
86 |
87 | You get a signed-client.cer file.
88 |
89 | 8. **Import the CA and the client signed certificate into the client keystore:**
90 |
91 | `keytool -import -keystore client-keystore.jks -file codependent-ca.pem -alias codependent-ca`
92 | `keytool -import -keystore client-keystore.jks -file signed-client.cer -alias secure-client`
93 |
94 | References:
95 |
96 | - https://docs.oracle.com/cd/E19509-01/820-3503/ggeyj/index.html
97 | - https://docs.oracle.com/cd/E19509-01/820-3503/ggezy/index.html
98 |
--------------------------------------------------------------------------------
/secure-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
40 |
41 | @REM set %HOME% to equivalent of $HOME
42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
43 |
44 | @REM Execute a user defined script before this one
45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
49 | :skipRcPre
50 |
51 | @setlocal
52 |
53 | set ERROR_CODE=0
54 |
55 | @REM To isolate internal variables from possible post scripts, we use another setlocal
56 | @setlocal
57 |
58 | @REM ==== START VALIDATION ====
59 | if not "%JAVA_HOME%" == "" goto OkJHome
60 |
61 | echo.
62 | echo Error: JAVA_HOME not found in your environment. >&2
63 | echo Please set the JAVA_HOME variable in your environment to match the >&2
64 | echo location of your Java installation. >&2
65 | echo.
66 | goto error
67 |
68 | :OkJHome
69 | if exist "%JAVA_HOME%\bin\java.exe" goto init
70 |
71 | echo.
72 | echo Error: JAVA_HOME is set to an invalid directory. >&2
73 | echo JAVA_HOME = "%JAVA_HOME%" >&2
74 | echo Please set the JAVA_HOME variable in your environment to match the >&2
75 | echo location of your Java installation. >&2
76 | echo.
77 | goto error
78 |
79 | @REM ==== END VALIDATION ====
80 |
81 | :init
82 |
83 | set MAVEN_CMD_LINE_ARGS=%*
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 |
121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar""
122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
123 |
124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS%
125 | if ERRORLEVEL 1 goto error
126 | goto end
127 |
128 | :error
129 | set ERROR_CODE=1
130 |
131 | :end
132 | @endlocal & set ERROR_CODE=%ERROR_CODE%
133 |
134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
138 | :skipRcPost
139 |
140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
142 |
143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
144 |
145 | exit /B %ERROR_CODE%
--------------------------------------------------------------------------------
/secure-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | #
58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look
59 | # for the new JDKs provided by Oracle.
60 | #
61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
62 | #
63 | # Apple JDKs
64 | #
65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
66 | fi
67 |
68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
69 | #
70 | # Apple JDKs
71 | #
72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
73 | fi
74 |
75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
76 | #
77 | # Oracle JDKs
78 | #
79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
80 | fi
81 |
82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
83 | #
84 | # Apple JDKs
85 | #
86 | export JAVA_HOME=`/usr/libexec/java_home`
87 | fi
88 | ;;
89 | esac
90 |
91 | if [ -z "$JAVA_HOME" ] ; then
92 | if [ -r /etc/gentoo-release ] ; then
93 | JAVA_HOME=`java-config --jre-home`
94 | fi
95 | fi
96 |
97 | if [ -z "$M2_HOME" ] ; then
98 | ## resolve links - $0 may be a link to maven's home
99 | PRG="$0"
100 |
101 | # need this for relative symlinks
102 | while [ -h "$PRG" ] ; do
103 | ls=`ls -ld "$PRG"`
104 | link=`expr "$ls" : '.*-> \(.*\)$'`
105 | if expr "$link" : '/.*' > /dev/null; then
106 | PRG="$link"
107 | else
108 | PRG="`dirname "$PRG"`/$link"
109 | fi
110 | done
111 |
112 | saveddir=`pwd`
113 |
114 | M2_HOME=`dirname "$PRG"`/..
115 |
116 | # make it fully qualified
117 | M2_HOME=`cd "$M2_HOME" && pwd`
118 |
119 | cd "$saveddir"
120 | # echo Using m2 at $M2_HOME
121 | fi
122 |
123 | # For Cygwin, ensure paths are in UNIX format before anything is touched
124 | if $cygwin ; then
125 | [ -n "$M2_HOME" ] &&
126 | M2_HOME=`cygpath --unix "$M2_HOME"`
127 | [ -n "$JAVA_HOME" ] &&
128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
129 | [ -n "$CLASSPATH" ] &&
130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
131 | fi
132 |
133 | # For Migwn, ensure paths are in UNIX format before anything is touched
134 | if $mingw ; then
135 | [ -n "$M2_HOME" ] &&
136 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
137 | [ -n "$JAVA_HOME" ] &&
138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
139 | # TODO classpath?
140 | fi
141 |
142 | if [ -z "$JAVA_HOME" ]; then
143 | javaExecutable="`which javac`"
144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
145 | # readlink(1) is not available as standard on Solaris 10.
146 | readLink=`which readlink`
147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
148 | if $darwin ; then
149 | javaHome="`dirname \"$javaExecutable\"`"
150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
151 | else
152 | javaExecutable="`readlink -f \"$javaExecutable\"`"
153 | fi
154 | javaHome="`dirname \"$javaExecutable\"`"
155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
156 | JAVA_HOME="$javaHome"
157 | export JAVA_HOME
158 | fi
159 | fi
160 | fi
161 |
162 | if [ -z "$JAVACMD" ] ; then
163 | if [ -n "$JAVA_HOME" ] ; then
164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
165 | # IBM's JDK on AIX uses strange locations for the executables
166 | JAVACMD="$JAVA_HOME/jre/sh/java"
167 | else
168 | JAVACMD="$JAVA_HOME/bin/java"
169 | fi
170 | else
171 | JAVACMD="`which java`"
172 | fi
173 | fi
174 |
175 | if [ ! -x "$JAVACMD" ] ; then
176 | echo "Error: JAVA_HOME is not defined correctly." >&2
177 | echo " We cannot execute $JAVACMD" >&2
178 | exit 1
179 | fi
180 |
181 | if [ -z "$JAVA_HOME" ] ; then
182 | echo "Warning: JAVA_HOME environment variable is not set."
183 | fi
184 |
185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
186 |
187 | # For Cygwin, switch paths to Windows format before running java
188 | if $cygwin; then
189 | [ -n "$M2_HOME" ] &&
190 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
191 | [ -n "$JAVA_HOME" ] &&
192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
193 | [ -n "$CLASSPATH" ] &&
194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
195 | fi
196 |
197 | # traverses directory structure from process work directory to filesystem root
198 | # first directory with .mvn subdirectory is considered project base directory
199 | find_maven_basedir() {
200 | local basedir=$(pwd)
201 | local wdir=$(pwd)
202 | while [ "$wdir" != '/' ] ; do
203 | if [ -d "$wdir"/.mvn ] ; then
204 | basedir=$wdir
205 | break
206 | fi
207 | wdir=$(cd "$wdir/.."; pwd)
208 | done
209 | echo "${basedir}"
210 | }
211 |
212 | # concatenates all lines of a file
213 | concat_lines() {
214 | if [ -f "$1" ]; then
215 | echo "$(tr -s '\n' ' ' < "$1")"
216 | fi
217 | }
218 |
219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)}
220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
221 |
222 | # Provide a "standardized" way to retrieve the CLI args that will
223 | # work with both Windows and non-Windows executions.
224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
225 | export MAVEN_CMD_LINE_ARGS
226 |
227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
228 |
229 | exec "$JAVACMD" \
230 | $MAVEN_OPTS \
231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
233 | ${WRAPPER_LAUNCHER} "$@"
234 |
--------------------------------------------------------------------------------