{
"xsappname": "callapiwithsrvbroker-uaa",
"description": "Roles for callapiwithsrvbroker",
"tenant-mode": "shared",
"scopes": [
{
"name": "$XSAPPNAME.GetConsumerToken",
"description": "GetConsumerToken scope"
}
],
"role-templates": [
{
"name": "GetConsumerToken",
"description": "Role for GetConsumerToken",
"scope-references": [
"$XSAPPNAME.GetConsumerToken"
]
}
]
}
mvn clean install
cf push
cf create-service-broker callapiwithsrvbroker-srvbroker-fzjconsumer broker_user broker_password [service broker URL] --space-scoped
cf create-service callapiwithsrvbroker-srvprovider-fzj default callapiwithsrvbroker-srvprovider-instance
cf services
cf create-service-key callapiwithsrvbroker-srvprovider-instance callapiwithsrvbroker-srvprovider-instancekey
cf service-key callapiwithsrvbroker-srvprovider-instance callapiwithsrvbroker-srvprovider-instancekey
private String getToken() throws Exception {
HttpResponse<JsonNode> jsonResponse = Unirest.post("<authentication URL in service instance key>/oauth/token")
.header("accept", "application/json")
.field("grant_type", "password")
.field("username", "<user in IdP>")
.field("password", "<password in IdP>")
.field("client_id", "<client ID in service instance key>")
.field("client_secret", "<client secret in service instance key>")
.field("login_hint", "{\"origin\":\"sap.custom\"}")
.asJson();
if (jsonResponse.getStatus() != HttpStatus.SC_OK) {
throw new Exception("Invalid response from UAA. Status code: " + String.valueOf(jsonResponse.getStatus()));
}
JSONObject response = jsonResponse.getBody().getObject();
Object accessToken = response.get("access_token");
if (accessToken == null) {
throw new Exception("No access token found. Response from UAA: " + response.toString());
}
return accessToken.toString();
}
private HttpResponse<String> requestService(String token) throws UnirestException, MalformedURLException {
String productServiceRootUrl = "<business app URL in service instance key>";
String productServiceUrl = new URL(new URL(productServiceRootUrl), "/getconsumertoken").toString();
return Unirest.get(productServiceUrl).header("Authorization", "Bearer " + token).asString();
}
{
"xsappname": "callapiwithsrvbroker-uaa",
"description": "Roles for callapiwithsrvbroker",
"tenant-mode": "shared",
"scopes": [
{
"name": "$XSAPPNAME.GetConsumerToken",
"description": "GetConsumerToken scope"
}
],
"role-templates": [
{
"name": "GetConsumerToken",
"description": "Role for GetConsumerToken",
"scope-references": [
"$XSAPPNAME.GetConsumerToken"
]
}
]
}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.callapiwithsrvbroker</groupId>
<artifactId>serviceprovider</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>serviceprovider</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/xsuaa-spring-boot-starter -->
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
package com.callapiwithsrvbroker.serviceprovider.controller;
import com.sap.cloud.security.xsuaa.token.SpringSecurityContext;
import com.sap.cloud.security.xsuaa.token.Token;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class ServiceProviderController {
@GetMapping("getconsumertoken")
String getConsumerToken(){
Token token = SpringSecurityContext.getToken();
return token.getAppToken();
}
}
package com.callapiwithsrvbroker.serviceprovider.config;
import com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration;
import com.sap.cloud.security.xsuaa.token.TokenAuthenticationConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.jwt.Jwt;
import static org.springframework.http.HttpMethod.*;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final XsuaaServiceConfiguration xsuaaServiceConfiguration;
@Autowired
public SecurityConfig(XsuaaServiceConfiguration xsuaaServiceConfiguration) {
this.xsuaaServiceConfiguration = xsuaaServiceConfiguration;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(GET, "/getconsumertoken/**").hasAuthority("GetConsumerToken") // checks scope $XSAPPNAME.GetConsumerToken
.anyRequest().denyAll() // denies anything not configured above
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(getJwtAuthoritiesConverter());
}
Converter<Jwt, AbstractAuthenticationToken> getJwtAuthoritiesConverter() {
TokenAuthenticationConverter converter = new TokenAuthenticationConverter(xsuaaServiceConfiguration);
converter.setLocalScopeAsAuthorities(true);
return converter;
}
}
applications:
- name: callapiwithsrvbroker-srvprovider
routes:
- route: <provider subaccount ID>-callapiwithsrvbroker-srvprovider.<domain>
path: target/serviceprovider-0.0.1-SNAPSHOT.jar
buildpack: java_buildpack
memory: 1024M
services:
- callapiwithsrvbroker-uaa
{
"services": [
{
"name": "callapiwithsrvbroker-srvprovider",
"description": "callapiwithsrvbroker-srvprovider",
"bindable": true,
"plans": [
{
"name": "default",
"description": "callapiwithsrvbroker-srvprovider plan",
"id": "240c1326-d380-4185-b401-cca5dc02f6a7"
}
],
"id": "10e75929-cef8-4ab7-b999-556877696aeb"
}
]
}
{
"name": "callapiwithsrvbroker-srvbroker",
"version": "1.0.0",
"description": "callapiwithsrvbroker-srvbroker",
"main": "server.js",
"scripts": {
"start": "start-broker",
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"@sap/sbf": "^6.2.0"
},
"engines": {
"node": "^12.0.0"
}
}
---
applications:
- name: callapiwithsrvbroker-srvbroker
host: callapiwithsrvbroker-srvbroker
memory: 128M
path: /
services:
- callapiwithsrvbroker-uaa
- callapiwithsrvbroker-auditlog
health-check-type: http
health-check-http-endpoint: /health
env:
SBF_CATALOG_SUFFIX: fzj
SBF_BROKER_CREDENTIALS: >
{
"broker_user": "broker_password"
}
SBF_SERVICE_CONFIG: >
{
"callapiwithsrvbroker-srvprovider": {
"extend_credentials": {
"shared": {
"vendor": "SAP"
},
"per_plan": {
"default": {
"url": "<Route defined in manifest.yml of serviceprovider>"
}
}
}
}
}
{
"info": {
"_postman_id": "955391ec-2c71-4b9e-a907-db99c94db696",
"name": "GetAPIAccessToken",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "GetToken",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "grant_type",
"value": "password",
"type": "text"
},
{
"key": "client_id",
"value": "{{client_id}}",
"type": "text"
},
{
"key": "client_secret",
"value": "{{client_secret}}",
"type": "text"
},
{
"key": "username",
"value": "{{username}}",
"type": "text"
},
{
"key": "password",
"value": "{{password}}",
"type": "text"
},
{
"key": "login_hint",
"value": "{\"origin\":\"sap.custom\"}",
"type": "text"
}
]
},
"url": {
"raw": "{{url}}/oauth/token?grant_type=password",
"host": [
"{{url}}"
],
"path": [
"oauth",
"token"
],
"query": [
{
"key": "grant_type",
"value": "password"
}
]
}
},
"response": []
}
],
"protocolProfileBehavior": {}
}
{
"id": "cfe8a93a-dc39-45d0-94d4-03a083471aac",
"name": "GetAPIAccessTokenEnv",
"values": [
{
"key": "url",
"value": "uaa.url in service key",
"enabled": true
},
{
"key": "client_id",
"value": "clien_id in service key",
"enabled": true
},
{
"key": "client_secret",
"value": "3aSwBuzLPkikcI3Nl8CXGw1MkW0=",
"enabled": true
},
{
"key": "username",
"value": "username in IDP",
"enabled": true
},
{
"key": "password",
"value": "passowrd",
"enabled": true
}
],
"_postman_variable_scope": "environment",
"_postman_exported_at": "2020-09-29T02:21:16.870Z",
"_postman_exported_using": "Postman/7.33.0"
}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.callapiwithsrvbroker</groupId>
<artifactId>serviceconsumer</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>serviceconsumer</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.mashape.unirest</groupId>
<artifactId>unirest-java</artifactId>
<version>1.4.9</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
package com.callapiwithsrvbroker.serviceconsumer.controller;
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.JsonNode;
import com.mashape.unirest.http.Unirest;
import com.mashape.unirest.http.exceptions.UnirestException;
import org.apache.http.HttpStatus;
import org.json.JSONObject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import java.net.MalformedURLException;
import java.net.URL;
@RestController
public class serviceconsumercontroller {
@GetMapping("getconsumertoken")
String getConsumerToken(){
HttpResponse<String> serviceResponse;
try {
String token = getToken();
serviceResponse = requestService(token);
} catch (Exception e) {
return "Error";
}
return serviceResponse.getBody().toString();
}
private String getToken() throws Exception {
HttpResponse<JsonNode> jsonResponse = Unirest.post("<authentication URL in service instance key>/oauth/token")
.header("accept", "application/json")
.field("grant_type", "password")
.field("username", "<user in IdP>")
.field("password", "<password in IdP>")
.field("client_id", "<client ID in service instance key>")
.field("client_secret", "<client secret in service instance key>")
.field("login_hint", "{\"origin\":\"sap.custom\"}")
.asJson();
if (jsonResponse.getStatus() != HttpStatus.SC_OK) {
throw new Exception("Invalid response from UAA. Status code: " + String.valueOf(jsonResponse.getStatus()));
}
JSONObject response = jsonResponse.getBody().getObject();
Object accessToken = response.get("access_token");
if (accessToken == null) {
throw new Exception("No access token found. Response from UAA: " + response.toString());
}
return accessToken.toString();
}
private HttpResponse<String> requestService(String token) throws UnirestException, MalformedURLException {
String productServiceRootUrl = "<business app URL in service instance key>";
String productServiceUrl = new URL(new URL(productServiceRootUrl), "/getconsumertoken").toString();
return Unirest.get(productServiceUrl).header("Authorization", "Bearer " + token).asString();
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
6 | |
4 |