diff --git a/security-ldap-uaa-example/README.adoc b/security-ldap-uaa-example/README.adoc index 231500f..bf00846 100644 --- a/security-ldap-uaa-example/README.adoc +++ b/security-ldap-uaa-example/README.adoc @@ -11,7 +11,7 @@ with pre-configured users. In this example we will use 2 users. - username: marlene - password: supersecret -- assigned LDAP groups: *view*, *create*, *manage* +- assigned LDAP groups: *create*, *deploy*, *destroy*, *manage*, *modify*, *schedule*, *view* *Second user* with view and manage roles only: diff --git a/security-ldap-uaa-example/dataflow.yml b/security-ldap-uaa-example/dataflow.yml index 49ed2ca..43eb969 100644 --- a/security-ldap-uaa-example/dataflow.yml +++ b/security-ldap-uaa-example/dataflow.yml @@ -1,10 +1,16 @@ -security: +spring: + cloud: + dataflow: + security: + authorization: + map-oauth-scopes: true +security: oauth2: client: - client-id: dataflow - client-secret: dataflow - access-token-uri: http://dataflow.local:8080/uaa/oauth/token - user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize + client-id: dataflow + client-secret: dataflow + access-token-uri: http://dataflow.local:8080/uaa/oauth/token + user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize resource: user-info-uri: http://dataflow.local:8080/uaa/userinfo token-info-uri: http://dataflow.local:8080/uaa/check_token \ No newline at end of file diff --git a/security-ldap-uaa-example/setup-uaa.sh b/security-ldap-uaa-example/setup-uaa.sh index 218906d..1921c77 100755 --- a/security-ldap-uaa-example/setup-uaa.sh +++ b/security-ldap-uaa-example/setup-uaa.sh @@ -2,17 +2,26 @@ uaac token client get admin -s adminsecret -uaac group add "dataflow.view" uaac group add "dataflow.create" +uaac group add "dataflow.deploy" +uaac group add "dataflow.destroy" uaac group add "dataflow.manage" +uaac group add "dataflow.modify" +uaac group add "dataflow.schedule" +uaac group add "dataflow.view" + -uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap uaac group map "cn=create,ou=groups,dc=springframework,dc=org" --name="dataflow.create" --origin=ldap +uaac group map "cn=deploy,ou=groups,dc=springframework,dc=org" --name="dataflow.deploy" --origin=ldap +uaac group map "cn=destroy,ou=groups,dc=springframework,dc=org" --name="dataflow.destroy" --origin=ldap uaac group map "cn=manage,ou=groups,dc=springframework,dc=org" --name="dataflow.manage" --origin=ldap +uaac group map "cn=modify,ou=groups,dc=springframework,dc=org" --name="dataflow.modify" --origin=ldap +uaac group map "cn=schedule,ou=groups,dc=springframework,dc=org" --name="dataflow.schedule" --origin=ldap +uaac group map "cn=view,ou=groups,dc=springframework,dc=org" --name="dataflow.view" --origin=ldap uaac client add dataflow \ --name dataflow \ - --scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \ + --scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \ --authorized_grant_types password,authorization_code,client_credentials,refresh_token \ --authorities uaa.resource \ --redirect_uri http://localhost:9393/login \ @@ -21,7 +30,7 @@ uaac client add dataflow \ uaac client add skipper \ --name skipper \ - --scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \ + --scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.create,dataflow.deploy,dataflow.destroy,dataflow.manage,dataflow.modify,dataflow.schedule,dataflow.view \ --authorized_grant_types password,authorization_code,client_credentials,refresh_token \ --authorities uaa.resource \ --redirect_uri http://localhost:7577/login \ diff --git a/security-ldap-uaa-example/skipper.yml b/security-ldap-uaa-example/skipper.yml index 7d1f3aa..cf696c5 100644 --- a/security-ldap-uaa-example/skipper.yml +++ b/security-ldap-uaa-example/skipper.yml @@ -1,10 +1,16 @@ +spring: + cloud: + dataflow: + security: + authorization: + map-oauth-scopes: true security: oauth2: client: - client-id: test - client-secret: test - access-token-uri: http://dataflow.local:8080/uaa/oauth/token - user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize + client-id: skipper + client-secret: skipper + access-token-uri: http://dataflow.local:8080/uaa/oauth/token + user-authorization-uri: http://dataflow.local:8080/uaa/oauth/authorize resource: - user-info-uri: http://dataflow.local:8080/uaa/userinfo - token-info-uri: http://dataflow.local:8080/uaa/check_token \ No newline at end of file + user-info-uri: http://dataflow.local:8080/uaa/userinfo + token-info-uri: http://dataflow.local:8080/uaa/check_token \ No newline at end of file diff --git a/security-ldap-uaa-example/src/main/resources/testUsers.ldif b/security-ldap-uaa-example/src/main/resources/testUsers.ldif index 80697ba..9119573 100644 --- a/security-ldap-uaa-example/src/main/resources/testUsers.ldif +++ b/security-ldap-uaa-example/src/main/resources/testUsers.ldif @@ -133,6 +133,34 @@ cn: create ou: create member: uid=marlene,ou=otherpeople,dc=springframework,dc=org +dn: cn=deploy,ou=groups,dc=springframework,dc=org +objectclass: top +objectclass: groupOfNames +cn: deploy +ou: deploy +member: uid=marlene,ou=otherpeople,dc=springframework,dc=org + +dn: cn=destroy,ou=groups,dc=springframework,dc=org +objectclass: top +objectclass: groupOfNames +cn: destroy +ou: destroy +member: uid=marlene,ou=otherpeople,dc=springframework,dc=org + +dn: cn=modify,ou=groups,dc=springframework,dc=org +objectclass: top +objectclass: groupOfNames +cn: modify +ou: modify +member: uid=marlene,ou=otherpeople,dc=springframework,dc=org + +dn: cn=schedule,ou=groups,dc=springframework,dc=org +objectclass: top +objectclass: groupOfNames +cn: schedule +ou: schedule +member: uid=marlene,ou=otherpeople,dc=springframework,dc=org + dn: cn=manage,ou=groups,dc=springframework,dc=org objectclass: top objectclass: groupOfNames