UAA/LDAP sample: Add support for additional roles
This commit is contained in:
@@ -11,7 +11,7 @@ with pre-configured users. In this example we will use 2 users.
|
||||
|
||||
- username: marlene
|
||||
- password: supersecret
|
||||
- assigned LDAP groups: *view*, *create*, *manage*
|
||||
- assigned LDAP groups: *create*, *deploy*, *destroy*, *manage*, *modify*, *schedule*, *view*
|
||||
|
||||
*Second user* with view and manage roles only:
|
||||
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
security:
|
||||
spring:
|
||||
cloud:
|
||||
dataflow:
|
||||
security:
|
||||
authorization:
|
||||
map-oauth-scopes: true
|
||||
security:
|
||||
oauth2:
|
||||
client:
|
||||
client-id: dataflow
|
||||
client-secret: dataflow
|
||||
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
|
||||
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
|
||||
client-id: dataflow
|
||||
client-secret: dataflow
|
||||
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
|
||||
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
|
||||
resource:
|
||||
user-info-uri: http://dataflow.local:8080/uaa/userinfo
|
||||
token-info-uri: http://dataflow.local:8080/uaa/check_token
|
||||
@@ -2,17 +2,26 @@
|
||||
|
||||
uaac token client get admin -s adminsecret
|
||||
|
||||
uaac group add "dataflow.view"
|
||||
uaac group add "dataflow.create"
|
||||
uaac group add "dataflow.deploy"
|
||||
uaac group add "dataflow.destroy"
|
||||
uaac group add "dataflow.manage"
|
||||
uaac group add "dataflow.modify"
|
||||
uaac group add "dataflow.schedule"
|
||||
uaac group add "dataflow.view"
|
||||
|
||||
|
||||
uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap
|
||||
uaac group map "cn=create,ou=groups,dc=springframework,dc=org" --name="dataflow.create" --origin=ldap
|
||||
uaac group map "cn=deploy,ou=groups,dc=springframework,dc=org" --name="dataflow.deploy" --origin=ldap
|
||||
uaac group map "cn=destroy,ou=groups,dc=springframework,dc=org" --name="dataflow.destroy" --origin=ldap
|
||||
uaac group map "cn=manage,ou=groups,dc=springframework,dc=org" --name="dataflow.manage" --origin=ldap
|
||||
uaac group map "cn=modify,ou=groups,dc=springframework,dc=org" --name="dataflow.modify" --origin=ldap
|
||||
uaac group map "cn=schedule,ou=groups,dc=springframework,dc=org" --name="dataflow.schedule" --origin=ldap
|
||||
uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap
|
||||
|
||||
uaac client add dataflow \
|
||||
--name dataflow \
|
||||
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
|
||||
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \
|
||||
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
|
||||
--authorities uaa.resource \
|
||||
--redirect_uri http://localhost:9393/login \
|
||||
@@ -21,7 +30,7 @@ uaac client add dataflow \
|
||||
|
||||
uaac client add skipper \
|
||||
--name skipper \
|
||||
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
|
||||
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \
|
||||
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
|
||||
--authorities uaa.resource \
|
||||
--redirect_uri http://localhost:7577/login \
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
spring:
|
||||
cloud:
|
||||
dataflow:
|
||||
security:
|
||||
authorization:
|
||||
map-oauth-scopes: true
|
||||
security:
|
||||
oauth2:
|
||||
client:
|
||||
client-id: test
|
||||
client-secret: test
|
||||
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
|
||||
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
|
||||
client-id: skipper
|
||||
client-secret: skipper
|
||||
access-token-uri: http://dataflow.local:8080/uaa/oauth/token
|
||||
user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize
|
||||
resource:
|
||||
user-info-uri: http://dataflow.local:8080/uaa/userinfo
|
||||
token-info-uri: http://dataflow.local:8080/uaa/check_token
|
||||
user-info-uri: http://dataflow.local:8080/uaa/userinfo
|
||||
token-info-uri: http://dataflow.local:8080/uaa/check_token
|
||||
@@ -133,6 +133,34 @@ cn: create
|
||||
ou: create
|
||||
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
|
||||
|
||||
dn: cn=deploy,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: deploy
|
||||
ou: deploy
|
||||
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
|
||||
|
||||
dn: cn=destroy,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: destroy
|
||||
ou: destroy
|
||||
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
|
||||
|
||||
dn: cn=modify,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: modify
|
||||
ou: modify
|
||||
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
|
||||
|
||||
dn: cn=schedule,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
cn: schedule
|
||||
ou: schedule
|
||||
member: uid=marlene,ou=otherpeople,dc=springframework,dc=org
|
||||
|
||||
dn: cn=manage,ou=groups,dc=springframework,dc=org
|
||||
objectclass: top
|
||||
objectclass: groupOfNames
|
||||
|
||||
Reference in New Issue
Block a user