├── .gitignore ├── CHANGELOG.md ├── README.md ├── api-gateway ├── .mvn │ └── wrapper │ │ └── maven-wrapper.properties ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── docker │ │ └── Dockerfile │ ├── java │ │ └── com │ │ │ └── kakawait │ │ │ ├── ApiGatewayApplication.java │ │ │ └── security │ │ │ ├── DynamicOauth2ClientContextFilter.java │ │ │ └── SecurityConfiguration.java │ └── resources │ │ └── application.yml │ └── test │ └── java │ └── com │ └── kakawait │ └── ApiGatewayApplicationTests.java ├── docker-compose.yml ├── dummy-service ├── .mvn │ └── wrapper │ │ └── maven-wrapper.properties ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── docker │ │ └── Dockerfile │ ├── java │ │ └── com │ │ │ └── kakawait │ │ │ └── DummyServiceApplication.java │ └── resources │ │ └── application.yml │ └── test │ └── java │ └── com │ └── kakawait │ └── DummyServiceApplicationTests.java ├── network.png ├── pom.xml ├── service-registry ├── .mvn │ └── wrapper │ │ └── maven-wrapper.properties ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── docker │ │ └── Dockerfile │ ├── java │ │ └── com │ │ │ └── kakawait │ │ │ └── ServiceRegistryApplication.java │ └── resources │ │ └── application.yml │ └── test │ └── java │ └── com │ └── kakawait │ └── ServiceDiscoveryApplicationTests.java └── uaa-service ├── .mvn └── wrapper │ └── maven-wrapper.properties ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── docker │ └── Dockerfile ├── java │ └── com │ │ └── kakawait │ │ └── UaaServiceApplication.java └── resources │ ├── application.yml │ ├── keystore.jks │ └── templates │ ├── authorize.ftl │ └── login.ftl └── test └── java └── com └── kakawait └── UaaServiceApplicationTests.java /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by https://www.gitignore.io/api/java,maven,intellij,sublimetext,vim,eclipse 2 | 3 | ### Java ### 4 | *.class 5 | 6 | # Mobile Tools for Java (J2ME) 7 | .mtj.tmp/ 8 | 9 | # Package Files # 10 | *.jar 11 | *.war 12 | *.ear 13 | 14 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 15 | hs_err_pid* 16 | 17 | 18 | ### Maven ### 19 | target/ 20 | pom.xml.tag 21 | pom.xml.releaseBackup 22 | pom.xml.versionsBackup 23 | pom.xml.next 24 | release.properties 25 | dependency-reduced-pom.xml 26 | buildNumber.properties 27 | .mvn/timing.properties 28 | 29 | 30 | ### Intellij ### 31 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio 32 | 33 | *.iml 34 | 35 | ## Directory-based project format: 36 | .idea/ 37 | # if you remove the above rule, at least ignore the following: 38 | 39 | # User-specific stuff: 40 | # .idea/workspace.xml 41 | # .idea/tasks.xml 42 | # .idea/dictionaries 43 | 44 | # Sensitive or high-churn files: 45 | # .idea/dataSources.ids 46 | # .idea/dataSources.xml 47 | # .idea/sqlDataSources.xml 48 | # .idea/dynamic.xml 49 | # .idea/uiDesigner.xml 50 | 51 | # Gradle: 52 | # .idea/gradle.xml 53 | # .idea/libraries 54 | 55 | # Mongo Explorer plugin: 56 | # .idea/mongoSettings.xml 57 | 58 | ## File-based project format: 59 | *.ipr 60 | *.iws 61 | 62 | ## Plugin-specific files: 63 | 64 | # IntelliJ 65 | /out/ 66 | 67 | # mpeltonen/sbt-idea plugin 68 | .idea_modules/ 69 | 70 | # JIRA plugin 71 | atlassian-ide-plugin.xml 72 | 73 | # Crashlytics plugin (for Android Studio and IntelliJ) 74 | com_crashlytics_export_strings.xml 75 | crashlytics.properties 76 | crashlytics-build.properties 77 | 78 | 79 | ### SublimeText ### 80 | # cache files for sublime text 81 | *.tmlanguage.cache 82 | *.tmPreferences.cache 83 | *.stTheme.cache 84 | 85 | # workspace files are user-specific 86 | *.sublime-workspace 87 | 88 | # project files should be checked into the repository, unless a significant 89 | # proportion of contributors will probably not be using SublimeText 90 | # *.sublime-project 91 | 92 | # sftp configuration file 93 | sftp-config.json 94 | 95 | 96 | ### Vim ### 97 | [._]*.s[a-w][a-z] 98 | [._]s[a-w][a-z] 99 | *.un~ 100 | Session.vim 101 | .netrwhist 102 | *~ 103 | 104 | 105 | ### Eclipse ### 106 | *.pydevproject 107 | .metadata 108 | .gradle 109 | bin/ 110 | tmp/ 111 | *.tmp 112 | *.bak 113 | *.swp 114 | *~.nib 115 | local.properties 116 | .settings/ 117 | .loadpath 118 | 119 | # Eclipse Core 120 | .project 121 | 122 | # External tool builders 123 | .externalToolBuilders/ 124 | 125 | # Locally stored "Eclipse launch configurations" 126 | *.launch 127 | 128 | # CDT-specific 129 | .cproject 130 | 131 | # JDT-specific (Eclipse Java Development Tools) 132 | .classpath 133 | 134 | # Java annotation processor (APT) 135 | .factorypath 136 | 137 | # PDT-specific 138 | .buildpath 139 | 140 | # sbteclipse plugin 141 | .target 142 | 143 | # TeXlipse plugin 144 | .texlipse 145 | 146 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | ## [0.0.4] 6 | 7 | ### Changed 8 | 9 | - No more use _loopback trick_ and replace by _load balanced_ `RestTemplate` for `accessTokenUri` (#22) 10 | 11 | ## [0.0.3] 12 | 13 | ### Added 14 | 15 | - `docker` and `docker-compose` support (#12) (thanks to [bilak](https://github.com/bilak)) 16 | 17 | ### Changed 18 | 19 | - Upgrade `spring-boot` to `1.4.1` and `spring-cloud` to `Camden.RELEASE` (#11) (thanks to [bilak](https://github.com/bilak)) 20 | 21 | ## [0.0.2] 22 | 23 | ### Added 24 | 25 | - Upgrade README.md to add *disclamer* section 26 | 27 | ### Changed 28 | 29 | - Upgrade `spring-boot` to `1.3.5` and `spring-cloud` to `Brixton.SR1` (#11) (thanks to [bilak](https://github.com/bilak)) 30 | - Use fully qualified URL instead of relative URI to avoid HSTS redirection when using SSL. 31 | 32 | So instead of returning `/uaa/oauth/authorize` we are not returning full URL, we are calculating *base url* from 33 | `HttpServletRequest` 34 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # UAA (`AuthorizationServer`) load balanced behind API-GATEWAY (Edge service `Zuul`) 2 | 3 | [![Twitter Follow](https://img.shields.io/twitter/follow/thibaudlepretre.svg?style=social&label=%40thibaudlepretre)](https://twitter.com/intent/follow?screen_name=thibaudlepretre) 4 | 5 | ## Disclamer 6 | 7 | **This project is *Proof of concept* (aka `PoC`)** (and code quality is not perfect), please before using in production review security concerns among other things. (See https://github.com/kakawait/uaa-behind-zuul-sample/issues/6) 8 | 9 | ## Change Log 10 | 11 | see [CHANGELOG.md](CHANGELOG.md) 12 | 13 | ## Overview 14 | 15 | Quick&dirty sample to expose how to configure `AuthorizationServer` (*UAA*) behind `Zuul` 16 | 17 | This way to do may not work for all kind of configuration (I do not test without `JWT` and `prefer-token-info: true`) 18 | 19 | ## Usage 20 | 21 | Please deploy every services using [*docker way*](#docker) or [*maven way*](#maven), then simply load `http://localhost:8765/dummy` on your favorite browser. 22 | 23 | Default user/password is `user/password` 24 | 25 | ### Docker 26 | 27 | Start building docker images for every services, simply run following command on root directory 28 | 29 | ```shell 30 | mvn clean package -Pdocker 31 | ``` 32 | 33 | Launch services using `docker-compose` 34 | 35 | ```shell 36 | docker-compose up -d 37 | ``` 38 | 39 | ### Maven 40 | 41 | On each service folder run following command: 42 | 43 | ```sh 44 | mvn spring-boot:run 45 | ``` 46 | 47 | ## Run 48 | 49 | Open http://localhost:8765/dummy and connect with: 50 | 51 | - user: user 52 | - password: password 53 | 54 | ## Goals 55 | 56 | 1. Avoid any absolute/hardcoded urls for `security.oauth2.client.accessTokenUri` & `security.oauth2.client.userAuthorizationUri` in order to improve portability! 57 | 2. `AuthorizationServer` distribution for HA 58 | 3. Do not expose `AuthorizationServer`, like other *service* `AuthorizationServer` will be behind `Zuul` 59 | 60 | ![network](network.png) 61 | 62 | Where `localhost:8765` is `Zuul`, as you can see `AuthorizationServer` is not leaked outside! Only `Zuul` is targeted. 63 | 64 | **ATTENTION** for **2.** you should manage yourself shared storage backend (unlike following sample)! Using database or something els. 65 | 66 | ## Keys points of the sample 67 | 68 | ### [`Zuul`] Custom `OAuth2ClientContextFilter` 69 | 70 | I had to override [`OAuth2ClientContextFilter`](https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/client/filter/OAuth2ClientContextFilter.java) to support `URI` and not only `URL` (see `DynamicOauth2ClientContextFilter`). 71 | Indeed `URL` does not support path like `/uaa/oauth/authorize`. 72 | 73 | Why adding path support on `OAuth2ClientContextFilter`? 74 | 75 | Because I want to use path on `security.oauth2.client.userAuthorizationUri` in order to redirect user to `Zuul` itself. 76 | 77 | On this case I can't use `http://localhost:${server.port}/uaa/oauth/authorize` because `security.oauth2.client.userAuthorizationUri` is use on web redirection (header `Location: `). 78 | 79 | Flow will look like following 80 | 81 | ``` 82 | Browser Zuul UAA 83 | │ /dummy │ │ 84 | ├────────────────────────────────>│ │ 85 | │ Location:http://ZUUL/login │ │ 86 | │<┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┤ │ 87 | │ /login │ │ 88 | ├────────────────────────────────>│ │ 89 | │ Location:/uaa/oauth/authorize │ │ 90 | │<┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┤ │ 91 | │ /uaa/oauth/authorize │ │ 92 | ├────────────────────────────────>│ │ 93 | │ │ /uaa/oauth/authorize │ 94 | │ ├┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄>│ 95 | │ │ ├──┐ 96 | │ │ │ │ Not authorize 97 | │ │ │<─┘ 98 | │ │ Location:http://ZUUL/uaa/login │ 99 | │ │<┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┤ 100 | │ │ │ 101 | │ Location:http://ZUUL/uaa/login │ │ 102 | │<┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┤ │ 103 | │ /uaa/login │ │ 104 | ├────────────────────────────────>│ │ 105 | │ │ /uaa/login │ 106 | │ ├┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄>│ 107 | │ │ LOGIN FORM │ 108 | │ │<┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┤ 109 | │ LOGIN FORM │ │ 110 | │<────────────────────────────────┤ │ 111 | ``` 112 | 113 | Take attention on second redirection, location is using path (not at browser level). 114 | 115 | ### [`Zuul`] `localhost` trick for `security.oauth2.client.accessTokenUri` 116 | 117 | Unlike `security.oauth2.client.userAuthorizationUri`, `security.oauth2.client.accessTokenUri` is not used a browser level for redirection but used by `RestTemplate`. 118 | However default `RestTemplate` used for `accessTokenUri` is not _load balanced_ thus we can't use url like http://service-name/oauth/token. 119 | 120 | We can simply add _load balanced_ feature by adding such `Bean` 121 | 122 | ```java 123 | @Bean 124 | UserInfoRestTemplateCustomizer userInfoRestTemplateCustomizer(SpringClientFactory springClientFactory) { 125 | return template -> { 126 | AccessTokenProviderChain accessTokenProviderChain = Stream 127 | .of(new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), 128 | new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()) 129 | .peek(tp -> tp.setRequestFactory(new RibbonClientHttpRequestFactory(springClientFactory))) 130 | .collect(Collectors.collectingAndThen(Collectors.toList(), AccessTokenProviderChain::new)); 131 | template.setAccessTokenProvider(accessTokenProviderChain); 132 | }; 133 | } 134 | ``` 135 | 136 | An opened isse exists https://github.com/spring-projects/spring-security-oauth/issues/671 137 | 138 | ### [`Zuul`] Clear `sensitiveHeaders` lists for `AuthorizationServer` route 139 | 140 | Since `Brixton.RC1`, `Zuul` filters some headers (http://cloud.spring.io/spring-cloud-static/spring-cloud.html#_cookies_and_sensitive_headers). 141 | 142 | By default it filters: 143 | 144 | - `Cookie` 145 | - `Set-Cookie` 146 | - `Authorization` 147 | 148 | But we need that `AuthorizationServer` could create cookies so we must clear list 149 | 150 | ```yml 151 | zuul: 152 | routes: 153 | uaa-service: 154 | sensitiveHeaders: 155 | path: /uaa/** 156 | stripPrefix: false 157 | ``` 158 | 159 | **TODO** Check if `zuul.routes.uaa-service.sensitiveHeaders: Authorization` could work? 160 | 161 | ### [`Zuul`] Disable `XSRF` at gateway level for `AuthorizationServer` 162 | 163 | `AuthorizationServer` has it own `XSRF` protection so we must disable at `Zuul` level 164 | 165 | ```java 166 | private RequestMatcher csrfRequestMatcher() { 167 | return new RequestMatcher() { 168 | // Always allow the HTTP GET method 169 | private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$"); 170 | 171 | // Disable CSFR protection on the following urls: 172 | private final AntPathRequestMatcher[] requestMatchers = { new AntPathRequestMatcher("/uaa/**") }; 173 | 174 | @Override 175 | public boolean matches(HttpServletRequest request) { 176 | if (allowedMethods.matcher(request.getMethod()).matches()) { 177 | return false; 178 | } 179 | 180 | for (AntPathRequestMatcher matcher : requestMatchers) { 181 | if (matcher.matches(request)) { 182 | return false; 183 | } 184 | } 185 | return true; 186 | } 187 | }; 188 | } 189 | ``` 190 | 191 | ### [`Zuul`] Authorize request to `AuthorizationServer` 192 | 193 | Ok should I really need to explain why? 194 | 195 | ```java 196 | http.authorizeRequests().antMatchers("/uaa/**", "/login").permitAll() 197 | ``` 198 | 199 | **ATTENTION** do not use `"/uaa/**"` authorize only necessary API (I was to lazy) 200 | 201 | ### [`UAA`] Deploy `AuthorizationServer` on isolated `context-path` 202 | 203 | `Zuul` and `AuthorizationServer` have to manage their own session! So both have to write two `JSESSIONID` cookies. 204 | 205 | You must isolate `AuthorizationServer` on other context-path `server.context-path = /uaa` to avoid any cookies collision. 206 | 207 | **ALTERNATIVE** we can check if `server.session.cookie.path` or `server.session.cookie.name` is not sufficient, I did not test it. 208 | 209 | ### [`UAA`] Enable `server.use-forward-headers` 210 | 211 | Does not work without. I will not explain why, please look about `X-Forwarded-*` headers for more information. 212 | 213 | -------------------------------------------------------------------------------- /api-gateway/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip -------------------------------------------------------------------------------- /api-gateway/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> \(.*\)$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /api-gateway/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /api-gateway/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | api-gateway 7 | jar 8 | 9 | api-gateway 10 | Demo project for Spring Boot 11 | 12 | 13 | com.kakawait 14 | uaa-behind-zuul 15 | 0.0.6 16 | 17 | 18 | 19 | UTF-8 20 | 1.8 21 | 22 | 23 | 24 | 25 | org.springframework.cloud 26 | spring-cloud-starter-eureka 27 | 28 | 29 | org.springframework.cloud 30 | spring-cloud-starter-oauth2 31 | 32 | 33 | org.springframework.cloud 34 | spring-cloud-starter-security 35 | 36 | 37 | org.springframework.cloud 38 | spring-cloud-starter-zuul 39 | 40 | 41 | 42 | org.springframework.boot 43 | spring-boot-starter-test 44 | test 45 | 46 | 47 | 48 | 49 | 50 | 51 | org.springframework.boot 52 | spring-boot-maven-plugin 53 | 54 | 55 | 56 | repackage 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | docker 67 | 68 | 69 | 70 | com.spotify 71 | docker-maven-plugin 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /api-gateway/src/main/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-jre-alpine 2 | MAINTAINER Thibaud Leprêtre 3 | 4 | ADD @project.build.finalName@.jar app.jar 5 | 6 | RUN sh -c 'touch /app.jar' 7 | CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-Dspring.profiles.active=docker", "-jar", "/app.jar"] 8 | -------------------------------------------------------------------------------- /api-gateway/src/main/java/com/kakawait/ApiGatewayApplication.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateCustomizer; 6 | import org.springframework.cloud.client.discovery.EnableDiscoveryClient; 7 | import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor; 8 | import org.springframework.cloud.netflix.zuul.EnableZuulProxy; 9 | import org.springframework.context.annotation.Bean; 10 | import org.springframework.http.client.ClientHttpRequestInterceptor; 11 | import org.springframework.security.oauth2.client.token.AccessTokenProviderChain; 12 | import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider; 13 | import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider; 14 | import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider; 15 | import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider; 16 | 17 | import java.util.ArrayList; 18 | import java.util.List; 19 | import java.util.stream.Collectors; 20 | import java.util.stream.Stream; 21 | 22 | /** 23 | * @author Thibaud Leprêtre 24 | */ 25 | @SpringBootApplication 26 | @EnableZuulProxy 27 | @EnableDiscoveryClient 28 | public class ApiGatewayApplication { 29 | 30 | public static void main(String[] args) { 31 | SpringApplication.run(ApiGatewayApplication.class, args); 32 | } 33 | 34 | @Bean 35 | UserInfoRestTemplateCustomizer userInfoRestTemplateCustomizer(LoadBalancerInterceptor loadBalancerInterceptor) { 36 | return template -> { 37 | List interceptors = new ArrayList<>(); 38 | interceptors.add(loadBalancerInterceptor); 39 | AccessTokenProviderChain accessTokenProviderChain = Stream 40 | .of(new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), 41 | new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()) 42 | .peek(tp -> tp.setInterceptors(interceptors)) 43 | .collect(Collectors.collectingAndThen(Collectors.toList(), AccessTokenProviderChain::new)); 44 | template.setAccessTokenProvider(accessTokenProviderChain); 45 | }; 46 | } 47 | 48 | } 49 | -------------------------------------------------------------------------------- /api-gateway/src/main/java/com/kakawait/security/DynamicOauth2ClientContextFilter.java: -------------------------------------------------------------------------------- 1 | package com.kakawait.security; 2 | 3 | import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter; 4 | import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException; 5 | import org.springframework.security.web.DefaultRedirectStrategy; 6 | import org.springframework.security.web.RedirectStrategy; 7 | import org.springframework.web.util.UriComponentsBuilder; 8 | 9 | import javax.servlet.http.HttpServletRequest; 10 | import javax.servlet.http.HttpServletResponse; 11 | 12 | import java.io.IOException; 13 | import java.util.Map; 14 | 15 | /** 16 | * @author Thibaud Leprêtre 17 | */ 18 | class DynamicOauth2ClientContextFilter extends OAuth2ClientContextFilter { 19 | private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); 20 | 21 | @Override 22 | protected void redirectUser(UserRedirectRequiredException e, HttpServletRequest request, 23 | HttpServletResponse response) throws IOException { 24 | String redirectUri = e.getRedirectUri(); 25 | UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(redirectUri); 26 | Map requestParams = e.getRequestParams(); 27 | for (Map.Entry param : requestParams.entrySet()) { 28 | builder.queryParam(param.getKey(), param.getValue()); 29 | } 30 | 31 | if (e.getStateKey() != null) { 32 | builder.queryParam("state", e.getStateKey()); 33 | } 34 | 35 | String url = getBaseUrl(request) + builder.build().encode().toUriString(); 36 | this.redirectStrategy.sendRedirect(request, response, url); 37 | } 38 | 39 | @Override 40 | public void setRedirectStrategy(RedirectStrategy redirectStrategy) { 41 | this.redirectStrategy = redirectStrategy; 42 | } 43 | 44 | private String getBaseUrl(HttpServletRequest request) { 45 | StringBuffer url = request.getRequestURL(); 46 | return url.substring(0, url.length() - request.getRequestURI().length() + request.getContextPath().length()); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /api-gateway/src/main/java/com/kakawait/security/SecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.kakawait.security; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.context.annotation.Configuration; 7 | import org.springframework.context.annotation.Primary; 8 | import org.springframework.core.annotation.Order; 9 | import org.springframework.security.authentication.AuthenticationManager; 10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 12 | import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter; 13 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 14 | import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager; 15 | import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter; 16 | import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; 17 | import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; 18 | import org.springframework.security.web.csrf.CsrfFilter; 19 | import org.springframework.security.web.csrf.CsrfToken; 20 | import org.springframework.security.web.csrf.CsrfTokenRepository; 21 | import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; 22 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher; 23 | import org.springframework.security.web.util.matcher.RequestMatcher; 24 | import org.springframework.web.filter.OncePerRequestFilter; 25 | 26 | import javax.servlet.Filter; 27 | import javax.servlet.FilterChain; 28 | import javax.servlet.ServletException; 29 | import javax.servlet.http.Cookie; 30 | import javax.servlet.http.HttpServletRequest; 31 | import javax.servlet.http.HttpServletResponse; 32 | import java.io.IOException; 33 | import java.util.regex.Pattern; 34 | 35 | /** 36 | * @author Thibaud Leprêtre 37 | */ 38 | @Configuration 39 | @EnableOAuth2Sso 40 | @EnableResourceServer 41 | @Order(value = 0) 42 | public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 43 | private static final String CSRF_COOKIE_NAME = "XSRF-TOKEN"; 44 | private static final String CSRF_HEADER_NAME = "X-XSRF-TOKEN"; 45 | 46 | @Autowired 47 | private ResourceServerTokenServices resourceServerTokenServices; 48 | 49 | @Bean 50 | @Primary 51 | public OAuth2ClientContextFilter dynamicOauth2ClientContextFilter() { 52 | return new DynamicOauth2ClientContextFilter(); 53 | } 54 | 55 | @Override 56 | public void configure(HttpSecurity http) throws Exception { 57 | http.authorizeRequests().antMatchers("/uaa/**", "/login").permitAll().anyRequest().authenticated() 58 | .and() 59 | .csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository()) 60 | .and() 61 | .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class) 62 | .addFilterAfter(oAuth2AuthenticationProcessingFilter(), AbstractPreAuthenticatedProcessingFilter.class) 63 | .logout().permitAll() 64 | .logoutSuccessUrl("/"); 65 | } 66 | 67 | private OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter() { 68 | OAuth2AuthenticationProcessingFilter oAuth2AuthenticationProcessingFilter = 69 | new OAuth2AuthenticationProcessingFilter(); 70 | oAuth2AuthenticationProcessingFilter.setAuthenticationManager(oauthAuthenticationManager()); 71 | oAuth2AuthenticationProcessingFilter.setStateless(false); 72 | 73 | return oAuth2AuthenticationProcessingFilter; 74 | } 75 | 76 | 77 | private AuthenticationManager oauthAuthenticationManager() { 78 | OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager(); 79 | oAuth2AuthenticationManager.setResourceId("apigateway"); 80 | oAuth2AuthenticationManager.setTokenServices(resourceServerTokenServices); 81 | oAuth2AuthenticationManager.setClientDetailsService(null); 82 | 83 | return oAuth2AuthenticationManager; 84 | } 85 | 86 | private RequestMatcher csrfRequestMatcher() { 87 | return new RequestMatcher() { 88 | // Always allow the HTTP GET method 89 | private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$"); 90 | 91 | // Disable CSFR protection on the following urls: 92 | private final AntPathRequestMatcher[] requestMatchers = { new AntPathRequestMatcher("/uaa/**") }; 93 | 94 | @Override 95 | public boolean matches(HttpServletRequest request) { 96 | if (allowedMethods.matcher(request.getMethod()).matches()) { 97 | return false; 98 | } 99 | 100 | for (AntPathRequestMatcher matcher : requestMatchers) { 101 | if (matcher.matches(request)) { 102 | return false; 103 | } 104 | } 105 | return true; 106 | } 107 | }; 108 | } 109 | 110 | private static Filter csrfHeaderFilter() { 111 | return new OncePerRequestFilter() { 112 | @Override 113 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, 114 | FilterChain filterChain) throws ServletException, IOException { 115 | CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); 116 | if (csrf != null) { 117 | Cookie cookie = new Cookie(CSRF_COOKIE_NAME, csrf.getToken()); 118 | cookie.setPath("/"); 119 | cookie.setSecure(true); 120 | response.addCookie(cookie); 121 | } 122 | filterChain.doFilter(request, response); 123 | } 124 | }; 125 | } 126 | 127 | private static CsrfTokenRepository csrfTokenRepository() { 128 | HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository(); 129 | repository.setHeaderName(CSRF_HEADER_NAME); 130 | return repository; 131 | } 132 | } 133 | -------------------------------------------------------------------------------- /api-gateway/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | aop: 3 | proxyTargetClass: true 4 | application: 5 | name: api-gateway 6 | 7 | # Define the port where the API gateway server would be running 8 | server: 9 | port: 8765 10 | 11 | # Define the Eureka server that handles service registration 12 | eureka: 13 | instance: 14 | hostname: localhost 15 | port: 8761 16 | client: 17 | serviceUrl: 18 | defaultZone: http://${eureka.instance.hostname}:${eureka.instance.port}/eureka/ 19 | 20 | zuul: 21 | routes: 22 | dummy-service: /dummy/** 23 | uaa-service: 24 | sensitiveHeaders: 25 | path: /uaa/** 26 | stripPrefix: false 27 | add-proxy-headers: true 28 | 29 | security: 30 | # Disable Spring Boot basic authentication 31 | basic: 32 | enabled: false 33 | oauth2: 34 | sso: 35 | loginPath: /login 36 | client: 37 | accessTokenUri: http://uaa-service/uaa/oauth/token 38 | userAuthorizationUri: /uaa/oauth/authorize 39 | clientId: acme 40 | clientSecret: acmesecret 41 | resource: 42 | jwt: 43 | keyValue: | 44 | -----BEGIN PUBLIC KEY----- 45 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB 46 | -----END PUBLIC KEY----- 47 | id: openid 48 | serviceId: ${PREFIX:}resource 49 | 50 | logging: 51 | level.org.springframework.security: DEBUG 52 | 53 | --- 54 | 55 | spring: 56 | profiles: docker 57 | 58 | server: 59 | port: ${SERVICE_PORT} 60 | 61 | eureka: 62 | instance: 63 | prefer-ip-address: true 64 | client: 65 | service-url: 66 | defaultZone: ${REGISTRY_URL} 67 | -------------------------------------------------------------------------------- /api-gateway/src/test/java/com/kakawait/ApiGatewayApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.autoconfigure.web.ServerProperties; 6 | import org.springframework.boot.test.context.SpringBootTest; 7 | import org.springframework.context.annotation.Bean; 8 | import org.springframework.context.annotation.Configuration; 9 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 10 | 11 | @RunWith(SpringJUnit4ClassRunner.class) 12 | @SpringBootTest(classes = ApiGatewayApplication.class) 13 | public class ApiGatewayApplicationTests { 14 | 15 | @Configuration 16 | public static class ByPassConfiguration { 17 | @Bean 18 | public ServerProperties serverProperties() { 19 | return new ServerProperties(); 20 | } 21 | } 22 | 23 | @Test 24 | public void contextLoads() { 25 | } 26 | 27 | } 28 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | service-registry: 4 | image: kakawait/service-registry 5 | environment: 6 | SERVICE_HOST: registry 7 | SERVICE_PORT: 8761 8 | 9 | uaa-service: 10 | image: kakawait/uaa-service 11 | environment: 12 | SERVICE_PORT: 8769 13 | REGISTRY_URL: http://service-registry:8761/eureka 14 | links: 15 | - service-registry:service-registry 16 | 17 | api-gateway: 18 | image: kakawait/api-gateway 19 | environment: 20 | SERVICE_PORT: 8765 21 | REGISTRY_URL: http://service-registry:8761/eureka 22 | ports: 23 | - 8765:8765 24 | links: 25 | - service-registry:service-registry 26 | - uaa-service:uaa-service 27 | 28 | dummy-service: 29 | image: kakawait/dummy-service 30 | environment: 31 | SERVICE_PORT: 8870 32 | REGISTRY_URL: http://service-registry:8761/eureka 33 | links: 34 | - service-registry:service-registry 35 | - uaa-service:uaa-service 36 | 37 | -------------------------------------------------------------------------------- /dummy-service/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip -------------------------------------------------------------------------------- /dummy-service/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> \(.*\)$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /dummy-service/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /dummy-service/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | dummy-service 7 | jar 8 | 9 | dummy-service 10 | Demo project for Spring Boot 11 | 12 | 13 | com.kakawait 14 | uaa-behind-zuul 15 | 0.0.6 16 | 17 | 18 | 19 | UTF-8 20 | 1.8 21 | 22 | 23 | 24 | 25 | org.springframework.cloud 26 | spring-cloud-starter-eureka 27 | 28 | 29 | org.springframework.cloud 30 | spring-cloud-starter-oauth2 31 | 32 | 33 | org.springframework.boot 34 | spring-boot-starter-web 35 | 36 | 37 | 38 | org.springframework.boot 39 | spring-boot-starter-test 40 | test 41 | 42 | 43 | 44 | 45 | 46 | 47 | org.springframework.boot 48 | spring-boot-maven-plugin 49 | 50 | 51 | 52 | repackage 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | docker 63 | 64 | 65 | 66 | com.spotify 67 | docker-maven-plugin 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /dummy-service/src/main/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-jre-alpine 2 | MAINTAINER Thibaud Leprêtre 3 | 4 | ADD @project.build.finalName@.jar app.jar 5 | 6 | RUN sh -c 'touch /app.jar' 7 | CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-Dspring.profiles.active=docker", "-jar", "/app.jar"] 8 | -------------------------------------------------------------------------------- /dummy-service/src/main/java/com/kakawait/DummyServiceApplication.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | import org.springframework.cloud.client.discovery.EnableDiscoveryClient; 6 | import org.springframework.security.access.prepost.PreAuthorize; 7 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 8 | import org.springframework.stereotype.Controller; 9 | import org.springframework.web.bind.annotation.RequestMapping; 10 | import org.springframework.web.bind.annotation.RequestMethod; 11 | import org.springframework.web.bind.annotation.ResponseBody; 12 | 13 | import java.security.Principal; 14 | 15 | /** 16 | * @author Thibaud Leprêtre 17 | */ 18 | @SpringBootApplication 19 | @EnableResourceServer 20 | @EnableDiscoveryClient 21 | public class DummyServiceApplication { 22 | 23 | public static void main(String[] args) { 24 | SpringApplication.run(DummyServiceApplication.class, args); 25 | } 26 | 27 | @Controller 28 | @RequestMapping("/") 29 | public static class DummyController { 30 | 31 | @RequestMapping(method = RequestMethod.GET) 32 | @ResponseBody 33 | public String helloWorld(Principal principal) { 34 | return principal == null ? "Hello anonymous" : "Hello " + principal.getName(); 35 | } 36 | 37 | @PreAuthorize("#oauth2.hasScope('openid') and hasRole('ROLE_ADMIN')") 38 | @RequestMapping(value = "secret", method = RequestMethod.GET) 39 | @ResponseBody 40 | public String helloSecret(Principal principal) { 41 | return principal == null ? "Hello anonymous" : "S3CR3T - Hello " + principal.getName(); 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /dummy-service/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | application: 3 | name: dummy-service 4 | 5 | # Define the port where the Widget Foundry server would be running 6 | server: 7 | port: 8870 8 | 9 | # Define the Eureka server that handles service registration 10 | eureka: 11 | instance: 12 | hostname: localhost 13 | port: 8761 14 | client: 15 | serviceUrl: 16 | defaultZone: http://${eureka.instance.hostname}:${eureka.instance.port}/eureka/ 17 | 18 | # Disable spring basic authentication security 19 | security: 20 | basic: 21 | enabled: false 22 | oauth2: 23 | resource: 24 | jwt: 25 | keyValue: | 26 | -----BEGIN PUBLIC KEY----- 27 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB 28 | -----END PUBLIC KEY----- 29 | id: openid 30 | serviceId: ${PREFIX:}resource 31 | 32 | --- 33 | 34 | spring: 35 | profiles: docker 36 | 37 | server: 38 | port: ${SERVICE_PORT} 39 | 40 | eureka: 41 | instance: 42 | prefer-ip-address: true 43 | client: 44 | service-url: 45 | defaultZone: ${REGISTRY_URL} 46 | -------------------------------------------------------------------------------- /dummy-service/src/test/java/com/kakawait/DummyServiceApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 7 | import org.springframework.test.context.web.WebAppConfiguration; 8 | 9 | @RunWith(SpringJUnit4ClassRunner.class) 10 | @SpringBootTest(classes = DummyServiceApplication.class) 11 | @WebAppConfiguration 12 | public class DummyServiceApplicationTests { 13 | 14 | @Test 15 | public void contextLoads() { 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kakawait/uaa-behind-zuul-sample/9f025693e86bffe44489e071a1b23a551f737fe9/network.png -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.kakawait 7 | uaa-behind-zuul 8 | 0.0.6 9 | pom 10 | 11 | 12 | org.springframework.boot 13 | spring-boot-starter-parent 14 | 1.5.9.RELEASE 15 | 16 | 17 | 18 | 19 | api-gateway 20 | service-registry 21 | dummy-service 22 | uaa-service 23 | 24 | 25 | 26 | UTF-8 27 | 1.8 28 | 29 | 30 | 31 | 32 | 33 | org.springframework.cloud 34 | spring-cloud-dependencies 35 | Edgware.RELEASE 36 | pom 37 | import 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | false 47 | org.springframework.boot 48 | spring-boot-maven-plugin 49 | 50 | 51 | maven-resources-plugin 52 | 3.0.1 53 | 54 | 55 | prepare-dockerfile 56 | validate 57 | 58 | copy-resources 59 | 60 | 61 | ${project.build.directory}/docker 62 | 63 | 64 | ${project.basedir}/src/main/docker 65 | true 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | com.spotify 74 | docker-maven-plugin 75 | 0.4.13 76 | 77 | 78 | build-image 79 | package 80 | 81 | build 82 | 83 | 84 | 85 | 86 | kakawait/${project.artifactId} 87 | 88 | ${project.version} 89 | latest 90 | 91 | true 92 | ${project.build.directory}/docker 93 | 94 | 95 | / 96 | ${project.build.directory} 97 | ${project.build.finalName}.jar 98 | true 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | spring-release 110 | Spring Release 111 | https://repo.spring.io/libs-release 112 | 113 | true 114 | 115 | 116 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /service-registry/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip -------------------------------------------------------------------------------- /service-registry/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> \(.*\)$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /service-registry/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /service-registry/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | service-registry 7 | jar 8 | 9 | service-discovery 10 | Demo project for Spring Boot 11 | 12 | 13 | com.kakawait 14 | uaa-behind-zuul 15 | 0.0.6 16 | 17 | 18 | 19 | UTF-8 20 | 1.8 21 | 22 | 23 | 24 | 25 | org.springframework.cloud 26 | spring-cloud-starter-eureka-server 27 | 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter-test 32 | test 33 | 34 | 35 | 36 | 37 | 38 | 39 | org.springframework.boot 40 | spring-boot-maven-plugin 41 | 42 | 43 | 44 | repackage 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | docker 55 | 56 | 57 | 58 | com.spotify 59 | docker-maven-plugin 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /service-registry/src/main/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-jre-alpine 2 | MAINTAINER Thibaud Leprêtre 3 | 4 | ADD @project.build.finalName@.jar app.jar 5 | 6 | RUN sh -c 'touch /app.jar' 7 | CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-Dspring.profiles.active=docker", "-jar", "/app.jar"] 8 | -------------------------------------------------------------------------------- /service-registry/src/main/java/com/kakawait/ServiceRegistryApplication.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer; 6 | 7 | /** 8 | * @author Thibaud Leprêtre 9 | */ 10 | @SpringBootApplication 11 | @EnableEurekaServer 12 | public class ServiceRegistryApplication { 13 | 14 | public static void main(String[] args) { 15 | SpringApplication.run(ServiceRegistryApplication.class, args); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /service-registry/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | application: 3 | name: service-registry 4 | 5 | # Define the port where the Service Registry server would be running 6 | server: 7 | port: 8761 8 | 9 | # Defines the Eureka server that is used by the Netflix OSS components to use as the registry 10 | # for server discovery 11 | eureka: 12 | instance: 13 | hostname: localhost 14 | port: ${server.port} 15 | client: 16 | registerWithEureka: false 17 | fetchRegistry: false 18 | serviceUrl: 19 | defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ 20 | server: 21 | waitTimeInMsWhenSyncEmpty: 0 22 | 23 | --- 24 | spring: 25 | profiles: docker 26 | server: 27 | port: ${SERVICE_PORT} 28 | eureka: 29 | instance: 30 | hostname: ${SERVICE_HOST} 31 | port: ${server.port} 32 | client: 33 | registerWithEureka: false 34 | fetchRegistry: false 35 | serviceUrl: 36 | defaultZone: http://${eureka.instance.hostname}:${server.port}/eureka/ 37 | server: 38 | waitTimeInMsWhenSyncEmpty: 0 39 | enable-self-preservation: false 40 | -------------------------------------------------------------------------------- /service-registry/src/test/java/com/kakawait/ServiceDiscoveryApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 7 | 8 | @RunWith(SpringJUnit4ClassRunner.class) 9 | @SpringBootTest(classes = ServiceRegistryApplication.class) 10 | public class ServiceDiscoveryApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /uaa-service/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip -------------------------------------------------------------------------------- /uaa-service/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> \(.*\)$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /uaa-service/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /uaa-service/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | uaa-service 7 | jar 8 | 9 | uaa-service 10 | Demo project for Spring Boot 11 | 12 | 13 | com.kakawait 14 | uaa-behind-zuul 15 | 0.0.6 16 | 17 | 18 | 19 | UTF-8 20 | 1.8 21 | 22 | 23 | 24 | 25 | org.springframework.cloud 26 | spring-cloud-starter-eureka 27 | 28 | 29 | org.springframework.cloud 30 | spring-cloud-starter-oauth2 31 | 32 | 33 | org.springframework.cloud 34 | spring-cloud-starter-security 35 | 36 | 37 | org.springframework.boot 38 | spring-boot-starter-freemarker 39 | 40 | 41 | org.springframework.security 42 | spring-security-jwt 43 | 44 | 45 | org.springframework.boot 46 | spring-boot-starter-web 47 | 48 | 49 | org.springframework.boot 50 | spring-boot-starter-actuator 51 | 52 | 53 | 54 | org.springframework.boot 55 | spring-boot-starter-test 56 | test 57 | 58 | 59 | 60 | 61 | 62 | 63 | org.springframework.boot 64 | spring-boot-maven-plugin 65 | 66 | 67 | 68 | repackage 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | docker 79 | 80 | 81 | 82 | com.spotify 83 | docker-maven-plugin 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /uaa-service/src/main/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM java:8-jre-alpine 2 | MAINTAINER Thibaud Leprêtre 3 | 4 | ADD @project.build.finalName@.jar app.jar 5 | 6 | RUN sh -c 'touch /app.jar' 7 | CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-Dspring.profiles.active=docker", "-jar", "/app.jar"] 8 | -------------------------------------------------------------------------------- /uaa-service/src/main/java/com/kakawait/UaaServiceApplication.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.beans.factory.annotation.Qualifier; 5 | import org.springframework.boot.SpringApplication; 6 | import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties; 7 | import org.springframework.boot.autoconfigure.SpringBootApplication; 8 | import org.springframework.boot.web.servlet.FilterRegistrationBean; 9 | import org.springframework.cloud.client.discovery.EnableDiscoveryClient; 10 | import org.springframework.context.annotation.Bean; 11 | import org.springframework.context.annotation.Configuration; 12 | import org.springframework.core.Ordered; 13 | import org.springframework.core.annotation.Order; 14 | import org.springframework.core.io.ClassPathResource; 15 | import org.springframework.security.authentication.AuthenticationManager; 16 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 17 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 18 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 19 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 20 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 21 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 22 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 23 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 24 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; 25 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; 26 | import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory; 27 | import org.springframework.stereotype.Controller; 28 | import org.springframework.web.filter.ForwardedHeaderFilter; 29 | import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; 30 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 31 | 32 | import java.security.KeyPair; 33 | 34 | /** 35 | * @author Thibaud Leprêtre 36 | */ 37 | @SpringBootApplication 38 | @EnableDiscoveryClient 39 | @EnableWebSecurity 40 | public class UaaServiceApplication extends WebMvcConfigurerAdapter { 41 | 42 | public static void main(String[] args) { 43 | SpringApplication.run(UaaServiceApplication.class, args); 44 | } 45 | 46 | @Bean 47 | FilterRegistrationBean forwardedHeaderFilter() { 48 | FilterRegistrationBean filterRegBean = new FilterRegistrationBean(); 49 | filterRegBean.setFilter(new ForwardedHeaderFilter()); 50 | filterRegBean.setOrder(Ordered.HIGHEST_PRECEDENCE); 51 | return filterRegBean; 52 | } 53 | 54 | @Override 55 | public void addViewControllers(ViewControllerRegistry registry) { 56 | registry.addViewController("/login").setViewName("login"); 57 | registry.addViewController("/oauth/confirm_access").setViewName("authorize"); 58 | } 59 | 60 | @Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER) 61 | @Configuration 62 | protected static class LoginConfiguration extends WebSecurityConfigurerAdapter { 63 | 64 | @Override 65 | @Bean 66 | public AuthenticationManager authenticationManagerBean() throws Exception { 67 | return super.authenticationManagerBean(); 68 | } 69 | 70 | @Override 71 | protected void configure(HttpSecurity http) throws Exception { 72 | http.formLogin().loginPage("/login").permitAll().and().authorizeRequests() 73 | .anyRequest().authenticated(); 74 | } 75 | 76 | @Override 77 | protected void configure(AuthenticationManagerBuilder auth) throws Exception { 78 | auth.inMemoryAuthentication() 79 | .withUser("user").password("password").roles("USER") 80 | .and() 81 | .withUser("admin").password("admin").roles("ADMIN"); 82 | // auth.parentAuthenticationManager(authenticationManager); 83 | } 84 | } 85 | 86 | @Configuration 87 | @EnableAuthorizationServer 88 | protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { 89 | 90 | @Autowired 91 | @Qualifier("authenticationManagerBean") 92 | private AuthenticationManager authenticationManager; 93 | 94 | @Bean 95 | public JwtAccessTokenConverter jwtAccessTokenConverter() { 96 | JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); 97 | KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource("keystore.jks"), "foobar".toCharArray()) 98 | .getKeyPair("test"); 99 | converter.setKeyPair(keyPair); 100 | return converter; 101 | } 102 | 103 | @Override 104 | public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 105 | clients.inMemory() 106 | .withClient("acme") 107 | .secret("acmesecret") 108 | .authorizedGrantTypes("authorization_code", "refresh_token","password") 109 | .scopes("openid"); 110 | } 111 | 112 | @Override 113 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 114 | endpoints.authenticationManager(authenticationManager).accessTokenConverter(jwtAccessTokenConverter()); 115 | } 116 | 117 | @Override 118 | public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { 119 | oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()"); 120 | } 121 | 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /uaa-service/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | application: 3 | name: uaa-service 4 | 5 | # Define the port where the UAA server would be running 6 | server: 7 | port: 8769 8 | # Use different context-path to avoid session cookie overlapping 9 | context-path: /uaa 10 | use-forward-headers: false 11 | 12 | # Define the Eureka server that handles service registration 13 | eureka: 14 | instance: 15 | hostname: localhost 16 | port: 8761 17 | client: 18 | serviceUrl: 19 | defaultZone: http://${eureka.instance.hostname}:${eureka.instance.port}/eureka/ 20 | 21 | # Define security 22 | security: 23 | basic: 24 | enabled: false 25 | user: 26 | password: password 27 | ignored: /css/**,/js/**,/favicon.ico,/webjars/** 28 | 29 | logging: 30 | level.org.springframework.security: DEBUG 31 | 32 | --- 33 | spring: 34 | profiles: docker 35 | 36 | server: 37 | port: ${SERVICE_PORT} 38 | 39 | eureka: 40 | instance: 41 | prefer-ip-address: true 42 | client: 43 | service-url: 44 | defaultZone: ${REGISTRY_URL} 45 | -------------------------------------------------------------------------------- /uaa-service/src/main/resources/keystore.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kakawait/uaa-behind-zuul-sample/9f025693e86bffe44489e071a1b23a551f737fe9/uaa-service/src/main/resources/keystore.jks -------------------------------------------------------------------------------- /uaa-service/src/main/resources/templates/authorize.ftl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |
6 |

Please Confirm

7 | 8 |

9 | Do you authorize "${authorizationRequest.clientId}" at "${authorizationRequest.redirectUri}" to access your 10 | protected resources 11 | with scope ${authorizationRequest.scope?join(", ")}. 12 |

13 |
15 | 16 | 17 | 18 |
19 |
21 | 22 | 23 | 24 |
25 |
26 | 27 | 28 | -------------------------------------------------------------------------------- /uaa-service/src/main/resources/templates/login.ftl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 |
6 |
7 |
8 | 9 | 10 |
11 |
12 | 13 | 14 |
15 | 16 | 17 |
18 |
19 | 20 | 21 | -------------------------------------------------------------------------------- /uaa-service/src/test/java/com/kakawait/UaaServiceApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.kakawait; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 7 | 8 | @RunWith(SpringJUnit4ClassRunner.class) 9 | @SpringBootTest(classes = UaaServiceApplication.class) 10 | public class UaaServiceApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | --------------------------------------------------------------------------------