UAA/LDAP sample: Add support for additional roles

This commit is contained in:
Gunnar Hillert
2019-02-26 22:35:07 -10:00
parent f3b1c2b02d
commit 7aa185cb82
5 changed files with 65 additions and 16 deletions

View File

@@ -11,7 +11,7 @@ with pre-configured users. In this example we will use 2 users.
- username: marlene
- password: supersecret
- assigned LDAP groups: *view*, *create*, *manage*
- assigned LDAP groups: *create*, *deploy*, *destroy*, *manage*, *modify*, *schedule*, *view*
*Second user* with view and manage roles only:

View File

@@ -1,10 +1,16 @@
security:
spring:
cloud:
dataflow:
security:
authorization:
map-oauth-scopes: true
security:
oauth2:
client:
client-id: dataflow
client-secret: dataflow
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
client-id: dataflow
client-secret: dataflow
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
resource:
user-info-uri: http://dataflow.local:8080/uaa/userinfo
token-info-uri: http://dataflow.local:8080/uaa/check_token

View File

@@ -2,17 +2,26 @@
uaac token client get admin -s adminsecret
uaac group add "dataflow.view"
uaac group add "dataflow.create"
uaac group add "dataflow.deploy"
uaac group add "dataflow.destroy"
uaac group add "dataflow.manage"
uaac group add "dataflow.modify"
uaac group add "dataflow.schedule"
uaac group add "dataflow.view"
uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap
uaac group map "cn=create,ou=groups,dc=springframework,dc=org" --name="dataflow.create" --origin=ldap
uaac group map "cn=deploy,ou=groups,dc=springframework,dc=org" --name="dataflow.deploy" --origin=ldap
uaac group map "cn=destroy,ou=groups,dc=springframework,dc=org" --name="dataflow.destroy" --origin=ldap
uaac group map "cn=manage,ou=groups,dc=springframework,dc=org" --name="dataflow.manage" --origin=ldap
uaac group map "cn=modify,ou=groups,dc=springframework,dc=org" --name="dataflow.modify" --origin=ldap
uaac group map "cn=schedule,ou=groups,dc=springframework,dc=org" --name="dataflow.schedule" --origin=ldap
uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap
uaac client add dataflow \
--name dataflow \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
--authorities uaa.resource \
--redirect_uri http://localhost:9393/login \
@@ -21,7 +30,7 @@ uaac client add dataflow \
uaac client add skipper \
--name skipper \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
--authorities uaa.resource \
--redirect_uri http://localhost:7577/login \

View File

@@ -1,10 +1,16 @@
spring:
cloud:
dataflow:
security:
authorization:
map-oauth-scopes: true
security:
oauth2:
client:
client-id: test
client-secret: test
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
client-id: skipper
client-secret: skipper
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
resource:
user-info-uri: http://dataflow.local:8080/uaa/userinfo
token-info-uri: http://dataflow.local:8080/uaa/check_token
user-info-uri: http://dataflow.local:8080/uaa/userinfo
token-info-uri: http://dataflow.local:8080/uaa/check_token

View File

@@ -133,6 +133,34 @@ cn: create
ou: create
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
dn: cn=deploy,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: deploy
ou: deploy
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
dn: cn=destroy,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: destroy
ou: destroy
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
dn: cn=modify,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: modify
ou: modify
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
dn: cn=schedule,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: schedule
ou: schedule
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
dn: cn=manage,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames