---
applications:
- name: xsuaa-sample
memory: 1G
path: target/com.sap.xsuaa.sample.userinfo.war
buildpack: sap_java_buildpack
env:
TARGET_RUNTIME: tomee
JBP_CONFIG_DEBUG: '{enabled: true}'
SAP_JWT_TRUST_ACL: "[{\"clientid\":\"*\",\"identityzone\":\"*\"}]"
<security-role>
<description>Read permission for the user</description>
<role-name>Hello.User</role-name>
</security-role>
<security-constraint>
<display-name>Hello User Access</display-name>
<web-resource-collection>
<web-resource-name>All resources protected</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Hello.User</role-name>
</auth-constraint>
</security-constraint>
{
"xsappname": "xsuaa-sample",
"tenant-mode": "dedicated",
"authorities": [
"$XSAPPNAME.Hello.User"
],
"scopes": [
{
"name": "$XSAPPNAME.Hello.User",
"description": "Permission for accessing xsuaa-sample app"
}
],
"role-templates": [
{
"name": "HelloUser",
"description": "Permission required to access xsuaa-sample web app",
"scope-references": [
"$XSAPPNAME.Hello.User"
]
}
],
"role-collections": [
{
"name": "Hello.Users",
"description": "Permission required for xsuaa-sample app",
"role-template-references": [
"$XSAPPNAME.HelloUser"
]
}
]
}
{
"name": "xsuaa-sample-approuter",
"dependencies": {
"@sap/approuter": "*"
},
"scripts": {
"start": "node node_modules/@sap/approuter/approuter.js"
}
}
{
"authenticationMethod": "route",
"routes": [
{
"source": "^/logout-page.html$",
"localDir": "my-static-resources",
"authenticationType": "none"
},
{
"source": "^/(.*)",
"destination": "xsuaa-sample-webapp",
"authenticationType": "xsuaa",
"csrfProtection": false
}
],
"logout": {
"logoutEndpoint": "/logout",
"logoutPage": "/logout-page.html"
}
}
---
applications:
- name: xsuaa-sample-approuter
path: xsuaa-sample-approuter
memory: 128M
buildpack: nodejs_buildpack
env:
destinations: >
[{
"name": "xsuaa-sample-webapp",
"url": "https://xsuaa-sample.cfapps.eu10.hana.ondemand.com/",
"forwardAuthToken": true
}]
services:
- xsuaa-sample
<login-config>
<auth-method>XSUAA</auth-method>
</login-config>
<!-- for java servlet implementation -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- xsuaa library -->
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>api</artifactId>
<version>2.6.2</version>
<scope>provided</scope>
</dependency>
<!-- Http Client library for calling xsuaa rest api -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.8</version>
</dependency>
<!-- for json parsing -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
</dependency>
<!-- for reading http response stream -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
package com.sap.xsuaa.sample.userinfo.model;
import java.util.List;
public class User {
private List<String> roleCollections;
private List<Scope> allScopesInSubDomain;
public List<String> getRoleCollections() {
return roleCollections;
}
public void setRoleCollections(List<String> roleCollections) {
this.roleCollections = roleCollections;
}
public List<Scope> getAllScopesInSubDomain() {
return allScopesInSubDomain;
}
public void setAllScopesInSubDomain(List<Scope> allScopesInSubDomain) {
this.allScopesInSubDomain = allScopesInSubDomain;
}
public class Scope {
private String value;
private String display;
private String type;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getDisplay() {
return display;
}
public void setDisplay(String display) {
this.display = display;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
}
}
package com.sap.xsuaa.sample.userinfo.servlet;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.sap.xsa.security.container.XSUserInfo;
import com.sap.xsa.security.container.XSUserInfoException;
import com.sap.xsuaa.sample.userinfo.model.User;
/**
* Servlet implementation class UserInfo
*/
public class UserInfo extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("application/json");
User user = new User();
XSUserInfo userInfo = (XSUserInfo) request.getUserPrincipal();
// removing Bearer
String jwt = userInfo.getAppToken();
try {
// fetch all role collections from JWT of the logged-in user
String[] roleCollections = userInfo.getSystemAttribute("xs.rolecollections");
user.setRoleCollections(Arrays.asList(roleCollections));
} catch (XSUserInfoException e) {
System.out.println("Error : " + e.getMessage());
}
String userId = null;
String subDomainAuthUrl = null;
String subDomainUserInfo = null;
JsonParser parser = new JsonParser();
if (jwt == null) {
response.setStatus(HttpStatus.SC_FORBIDDEN);
response.getWriter().append("No JWT received");
}
String[] jwtParts = jwt.split("\\.");
String jwtDecoded = new String(Base64.getDecoder().decode(jwtParts[1]));
JsonElement eleJWT = parser.parse(jwtDecoded);
// Fetching userid from JWT
if (eleJWT != null) {
JsonObject objJWT = eleJWT.getAsJsonObject();
userId = objJWT.get("user_id") != null ? objJWT.get("user_id").getAsString() : null;
}
// fetch sub domain authentication url
String JWTMetaDataDecoded = new String(Base64.getDecoder().decode(jwtParts[0]));
JsonElement eleJWTMetadata = parser.parse(JWTMetaDataDecoded);
if (eleJWTMetadata != null) {
JsonObject objMetadata = eleJWTMetadata.getAsJsonObject();
subDomainAuthUrl = objMetadata.get("jku") != null ? objMetadata.get("jku").getAsString().split("/token_keys")[0] : null;
}
if (userId != null && subDomainAuthUrl != null) {
CloseableHttpClient httpClient = HttpClients.createDefault();
HttpGet get = new HttpGet(subDomainAuthUrl + "/Users/" + userId);
get.setHeader("Authorization", "Bearer " + jwt);
CloseableHttpResponse xsuaaResponse = httpClient.execute(get);
if (xsuaaResponse.getEntity() != null && xsuaaResponse.getEntity().getContent() != null) {
InputStream ins = xsuaaResponse.getEntity().getContent();
subDomainUserInfo = IOUtils.toString(ins);
}
}
// Parsing XSUAA auth API response for all scopes (groups)
if (subDomainUserInfo != null) {
JsonElement subDomainUser = parser.parse(subDomainUserInfo);
if (subDomainUser != null) {
JsonArray groupsArr = subDomainUser.getAsJsonObject().getAsJsonArray("groups");
List<User.Scope> scopes = new ArrayList<User.Scope>();
for (int i = 0; i < groupsArr.size(); i++) {
User.Scope scope = new Gson().fromJson(groupsArr.get(i), User.Scope.class);
scopes.add(scope);
}
user.setAllScopesInSubDomain(scopes);
}
}
response.getWriter().append(new Gson().toJson(user).toString());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
15 | |
11 | |
10 | |
9 | |
8 | |
8 | |
7 | |
7 | |
7 | |
7 |