This is a java Springboot application using the spring-webflux
as the web framework and protected by the spring-security-oauth2-resource-server
and the cloud-security-xsuaa-integration
.
To deploy the application, the following steps are required:
- Configure the Application Router
- Compile the Java application
- Create an XSUAA service instance
- Configure the manifest.yml
- Deploy the application
- Assign Role to your user
- Access the application
The Application Router is used to provide a single entry point to a business application that consists of several different apps (microservices). It dispatches requests to backend microservices and acts as a reverse proxy. The rules that determine which request should be forwarded to which destinations are called routes. The application router can be configured to authenticate the users and propagate the user information. Finally, the application router can serve static content.
Run maven to package the application
mvn clean package
Use the xs-security.json to define the authentication settings and create a service instance
cf create-service xsuaa application xsuaa-webflux -c xs-security.json
The vars contains hosts and paths that you might need to adopt.
Deploy the application using cf push. It will expect 1 GB of free memory quota.
cf push --vars-file ../vars.yml
Finally, as part of your Identity Provider, e.g. SAP ID Service, assign the deployed Role Collection(s) such as Webflux_API_Viewer
to your user as depicted in the screenshot below and as documented here.
Further up-to-date information you can get on sap.help.com:
After deployment, the AppRouter will trigger authentication automatically when you access one of the following URLs:
https://spring-webflux-security-xsuaa-usage-web-<ID>.<LANDSCAPE_APPS_DOMAIN>/v1/sayHello
- produces Http response with content-typeapplication/json; UTF-8
and the body containing the claims of the JWT or an error message
Direct access to the microservice (without the AppRouter) will return an error:
https://spring-webflux-security-xsuaa-usage-<ID>.<LANDSCAPE_APPS_DOMAIN>/v1/sayHello
- produces a error with401
(unauthenticated) status code, as it calls the service withoutAuthorization
header.
Finally delete your application and your service instances using the following commands:
cf delete -f spring-webflux-security-xsuaa-usage
cf delete -f approuter-spring-webflux-security-xsuaa-usage
cf delete-service -f xsuaa-webflux