<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
<version>${sap.cloud.security.version}</version>
</dependency>
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // session is created by approuter
.and()
.authorizeRequests()
.antMatchers("/v1/sayHello").hasAuthority("Read")
.antMatchers("/v1/*").authenticated()
.antMatchers("/v2/*").hasAuthority("Read")
.antMatchers("/v3/*").hasAuthority("Read")
.antMatchers("/v3/requestRefreshToken/*").hasAuthority("Read")
.antMatchers("/health").permitAll()
.antMatchers("/tokencheck").permitAll()
.antMatchers("/jwtcheck").permitAll()
.antMatchers("/gettestnum").permitAll()
.antMatchers("/").permitAll()
.anyRequest().denyAll()
.and()
.oauth2ResourceServer()
.bearerTokenResolver(new IasXsuaaExchangeBroker(xsuaaTokenFlows))
.jwt()
.jwtAuthenticationConverter(getJwtAuthenticationConverter());
}
/**
* Customizes how GrantedAuthority are derived from a Jwt
*/
Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
TokenAuthenticationConverter converter = new TokenAuthenticationConverter(xsuaaServiceConfiguration);
converter.setLocalScopeAsAuthorities(true);
return converter;
}
@GetMapping("/gettestnum")
public int gettestNum(@AuthenticationPrincipal Token token) {
System.out.println("Come here!!!");
if (token == null) {
System.out.println("token is null.....");
return 0;
}
System.out.println("Got the Xsuaa token: " + token.getAppToken());
System.out.println("grant type: " + token.getGrantType());
System.out.println("client id: " + token.getClientId());
System.out.println("subaccount id: " + token.getSubaccountId());
System.out.println("zone id: " + token.getZoneId());
System.out.println("logon name: " + token.getLogonName());
System.out.println("family name: " + token.getFamilyName());
System.out.println("given name: " + token.getGivenName());
System.out.println("email: " + token.getEmail());
System.out.println("authorities: " + String.valueOf(token.getAuthorities()));
System.out.println("scopes: " + String.valueOf(token.getScopes()));
//
// 色々なJWTのAttributeで処理を分岐
//
return 3;
}
{
"xsappname": "spring-security-xsuaa-usage",
"oauth2-configuration": {
"credential-types": ["x509"]
},
"tenant-mode": "dedicated",
"scopes": [
{
"name": "$XSAPPNAME.Read",
"description": "Read Permissions."
},
{
"name": "$XSAPPNAME.Admin",
"description": "Admin permissions."
}
],
"role-templates": [
{
"name": "Viewer",
"description": "View Data",
"scope-references": [
"$XSAPPNAME.Read",
"uaa.user"
]
},
{
"name": "Administrator",
"description": "View Sensitive Data",
"scope-references": [
"$XSAPPNAME.Read",
"$XSAPPNAME.Admin"
]
}
],
"role-collections": [
{
"name": "Viewer",
"description": "Viewer (read)",
"role-template-references": [
"$XSAPPNAME.Viewer"
]
},
{
"name": "Administrator",
"description": "Administrator (read all)",
"role-template-references": [
"$XSAPPNAME.Administrator"
]
}
]
}
---
applications:
- name: otaspringsecuritytest
buildpack: sap_java_buildpack
path: ./target/spring-security-xsuaa-usage.jar
services:
- ota_springsecurity_test_xsuaa
Properties | Name | 任意の名前。"_"は使用不可 |
Type | HTTP | |
Description | <Option> | |
URL | 作成済みJava ApplicationのURL | |
Proxy | Internet | |
Authentication | OAuth2UserTokenExchangeもしくはOAuth2JWTBearer | |
Client ID | Environment variableからコピー | |
Client Secret | Environment variableからコピー | |
Token Service URL Type | Dedicated | |
Token Service URL | Environment variableからコピー + 末尾に/oauth/token | |
Additional Properties | HTML5.DynamicDestination | true |
"crossNavigation": {
"inbounds": {
"intent1": {
"signature": {
"parameters": {},
"additionalParameters": "allowed"
},
"semanticObject": "Object",
"action": "otadisplay",
"title": "Ota Dynamic Tile!",
"info": "{{appTitle}}",
"subTitle": "{{appSubTitle}}",
"icon": "sap-icon://account",
"indicatorDataSource": {
"dataSource": "otaspringsecuritytest",
"path": "/dynamic_dest/otaspringsecuritytest/gettestnum",
"refresh": 0
}
}
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
10 | |
10 | |
7 | |
7 | |
7 | |
6 | |
6 | |
5 | |
4 |