Skip to content

Latest commit

 

History

History
 
 

spring-security-basic-auth

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
README.md
README.md
 
 
manifest.yml
manifest.yml
 
 
pom.xml
pom.xml
 
 
xs-security.json
xs-security.json
 
 

README.md

Description

In some situations, the client does not support OAuth protocols so you need to fall back to basic authentication. This sample uses a implementation of the BearerTokenResolver. Depending on the configuration, this resolver will

  • Support OAuth JWT tokens and
    • either exchange incoming credentials using the OAuth password grant flow
    • or exchange incoming credentials using the OAuth client credential flow

In order to get the basic auth login popup, the response header WWW-Authenticate must be changed from Bearer to Basic. This is done by means of the class BasicAuthenticationEntryPoint in the Security Configuration.

Coding

This sample is using the spring-security project. As of version 5 of spring-security, this includes the OAuth resource-server functionality. It enables caching using Caffeine to avoid requesting new tokens from XSUAA for every incoming request.

Deployment on Cloud Foundry

To deploy the application, the following steps are required:

  • Compile the Java application
  • Create a XSUAA service instance
  • Configure the manifest.yml
  • Deploy the application
  • Assign Role Collection to your user
  • Access the application

Compile the Java application

Run maven to package the application

mvn clean package

Create the XSUAA service instance

Use the xs-security.json to define the authentication settings and create a service instance

cf create-service xsuaa application xsuaa-basic -c xs-security.json

Configure the manifest

The vars contains hosts and paths that need to be adopted.

Deploy the application

Deploy the application using cf push. It will expect 1 GB of free memory quota.

cf push --vars-file ../vars.yml

Cockpit administration tasks: Assign Role to your User

Finally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection such as BASIC_AUTH_API_Viewer to your user as depicted in the screenshot below and as documented here.

Further up-to-date information you can get on sap.help.com:

Access the application

After deployment, the spring service can be called with basic authentication.

curl -i --user "<SAP ID Service User>:<SAP ID Service Password>" https://spring-security-basic-auth-<ID>.<LANDSCAPE_APPS_DOMAIN>/hello-token

You will get a response like:

{
  "client id": "sb-spring-security-xsuaa-usage!t291",
  "family name": "Jones",
  "given name": "Bob",
  "subaccount id": "2f047cc0-4364-4d8b-ae70-b8bd39d15bf0",
  "logon name": "[email protected]",
  "email": "[email protected]",
  "grant type": "password",
  "authorities": "[openid, spring-security-basic-auth!t19435.Display]",
  "scopes": "[openid, spring-security-basic-auth!t19435.Display]"
}

Clean-Up

Finally delete your application and your service instances using the following commands:

cf delete -f spring-security-basic-auth
cf delete-service -f xsuaa-basic