Docs: Add LDAP UAA Example
This commit is contained in:
committed by
Gunnar Hillert
parent
70ca0050df
commit
d83deb54a8
@@ -1,4 +1,4 @@
|
||||
= LDAP Security and UAA Example
|
||||
=== LDAP Security and UAA Example
|
||||
|
||||
This example provides an example on running
|
||||
Spring Cloud Data Flow with a https://github.com/cloudfoundry/uaa[CloudFoundry User Account and Authentication (UAA) Server] (UAA) backed by _Lightweight Directory Access Protocol_ (LDAP) security.
|
||||
@@ -26,7 +26,7 @@ In order to get everything running we need to setup the following server instanc
|
||||
* Spring Cloud Skipper (secured by UAA, port `7577`)
|
||||
* Spring Cloud Data Flow (secured by UAA, port `9393`)
|
||||
|
||||
== Requirements
|
||||
==== Requirements
|
||||
|
||||
Please ensure you have the following 3 items installed:
|
||||
|
||||
@@ -34,7 +34,7 @@ Please ensure you have the following 3 items installed:
|
||||
* https://git-scm.com/[Git]
|
||||
* https://github.com/cloudfoundry/cf-uaac[CloudFoundry UAA Command Line Client] (UAAC)
|
||||
|
||||
== Build + Start LDAP Server
|
||||
==== Build + Start LDAP Server
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
@@ -44,7 +44,7 @@ $ ./mvnw clean package
|
||||
$ java -jar target/ldapserver-uaa-1.0.0.BUILD-SNAPSHOT.jar
|
||||
----
|
||||
|
||||
== Download + Start UAA Server
|
||||
==== Download + Start UAA Server
|
||||
|
||||
Since by default the UAA Server is available as a war file only, we will
|
||||
use a custom Spring Boot based version that wraps the UAA war file but makes
|
||||
@@ -59,7 +59,7 @@ $ ./mvnw clean package
|
||||
$ java -jar target/uaa-bundled-1.0.0.BUILD-SNAPSHOT.jar
|
||||
----
|
||||
|
||||
== Prepare UAA Server
|
||||
==== Prepare UAA Server
|
||||
|
||||
Simply execute the BASH script `./setup-uaa.sh`. It will execute the following
|
||||
commands:
|
||||
@@ -95,7 +95,7 @@ uaac client add skipper \
|
||||
--secret skipper \
|
||||
----
|
||||
|
||||
== Quick Test Using Curl
|
||||
==== Quick Test Using Curl
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
@@ -135,7 +135,7 @@ This should yield output similar to the following:
|
||||
{"access_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2MjQxMTIwNDc1YTA0NzZmYjhmMmQwZWJmOGZhNmJmZSIsInN1YiI6IjMyMTMzMmExLTZmZjAtNGQ1Yy1hYjMzLTE3YzIzYjk4MzcxNSIsInNjb3BlIjpbImRhdGFmbG93LnZpZXciLCJzY2ltLnVzZXJpZHMiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImRhdGFmbG93Lm1hbmFnZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJkYXRhZmxvdy5jcmVhdGUiXSwiY2xpZW50X2lkIjoiZGF0YWZsb3ciLCJjaWQiOiJkYXRhZmxvdyIsImF6cCI6ImRhdGFmbG93IiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjMyMTMzMmExLTZmZjAtNGQ1Yy1hYjMzLTE3YzIzYjk4MzcxNSIsIm9yaWdpbiI6ImxkYXAiLCJ1c2VyX25hbWUiOiJtYXJsZW5lIiwiZW1haWwiOiJtYXJsZW5lQHVzZXIuZnJvbS5sZGFwLmNmIiwiYXV0aF90aW1lIjoxNTQ1MzM2NTY3LCJyZXZfc2lnIjoiZjg3NjU2MTUiLCJpYXQiOjE1NDUzMzY1NjcsImV4cCI6MTU0NTM0MDE2NywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3VhYS9vYXV0aC90b2tlbiIsInppZCI6InVhYSIsImF1ZCI6WyJzY2ltIiwiY2xvdWRfY29udHJvbGxlciIsInBhc3N3b3JkIiwiZGF0YWZsb3ciLCJvcGVuaWQiXX0.OrV_UzlfGtv5ME6jgp0Xg_DKptUXyCalV7yNlUL0PxYonECJsfej1yzG3twIBuNJ8LGvNAkUIhIokdbBsRx1bVnn-tudaRxahihZDgbrOBOeTsG6MOOK8DrwyNqI9QksuPseh2IaQ8Q0RaPkwLTa_tmNJvZYpYmVaGSImhNsSvYnmVuxFXLALy0XhkLMhSf_ViTbA9-uyYw8n7u9Gsb46_pU3uGKUh-mSA4dETZvXqjFIalV07BBFJj0NhQ7jQPn3URRkKBULQVga1GWBuQkw18jwOF8Q6PA1ENmOOO6PJfqGJUXV0sCWDUC0TQhYSxLbpDodQOwAHVoqJ2M0lD78g","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMSIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzMjEzMzJhMS02ZmYwLTRkNWMtYWIzMy0xN2MyM2I5ODM3MTUiLCJhdWQiOlsiZGF0YWZsb3ciXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3VhYS9vYXV0aC90b2tlbiIsImV4cCI6MTU0NTM0MDE2NywiaWF0IjoxNTQ1MzM2NTY3LCJhbXIiOlsiZXh0IiwicHdkIl0sImF6cCI6ImRhdGFmbG93Iiwic2NvcGUiOlsib3BlbmlkIl0sImVtYWlsIjoibWFybGVuZUB1c2VyLmZyb20ubGRhcC5jZiIsInppZCI6InVhYSIsIm9yaWdpbiI6ImxkYXAiLCJqdGkiOiI2MjQxMTIwNDc1YTA0NzZmYjhmMmQwZWJmOGZhNmJmZSIsInByZXZpb3VzX2xvZ29uX3RpbWUiOjE1NDUzMzQyMTY1MzYsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50X2lkIjoiZGF0YWZsb3ciLCJjaWQiOiJkYXRhZmxvdyIsImdyYW50X3R5cGUiOiJwYXNzd29yZCIsInVzZXJfbmFtZSI6Im1hcmxlbmUiLCJyZXZfc2lnIjoiZjg3NjU2MTUiLCJ1c2VyX2lkIjoiMzIxMzMyYTEtNmZmMC00ZDVjLWFiMzMtMTdjMjNiOTgzNzE1IiwiYXV0aF90aW1lIjoxNTQ1MzM2NTY3fQ.JOa9oNiMKIu-bE0C9su2Kaw-Mbl8Pr6r-ALFfMIvFS_iaI9c5_OIrE-wNAFjtPhGvQkVoLL2d_fSdgtv5GyjWIJ0pCjZb-VJdX2AGauNynnumsR7ct6F6nI9CGrTtCS2Khe6Tp54Nu1wxumk09jd42CaPXA1S2pmUcudQBZEa8AELpESjnjnwOYEbPiKba03cnacGJvqPtbMl3jfWGRMmGqxQEM0A-5CKCqQpMzhkAeokUkPnirVOuNsQHQXNERy1gygO7fji9nReRaOiaFKNYL9aS-hKjY_i3uuAawvY_qpe5qRZ3-xCEesi-TqOItqy2I3BBREDp99t9cfAr2UXQ","expires_in":3599,"scope":"dataflow.view scim.userids openid cloud_controller.read password.write dataflow.manage cloud_controller.write dataflow.create","jti":"6241120475a0476fb8f2d0ebf8fa6bfe"}
|
||||
----
|
||||
|
||||
== Download + Start Spring Cloud Skipper
|
||||
==== Download + Start Spring Cloud Skipper
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
@@ -144,7 +144,7 @@ $ java -jar spring-cloud-skipper-server-2.0.0.BUILD-SNAPSHOT.jar \
|
||||
--spring.config.additional-location=/path/to/ldap-uaa-example/skipper.yml
|
||||
----
|
||||
|
||||
== Download + Start Spring Cloud Data Flow
|
||||
==== Download + Start Spring Cloud Data Flow
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
@@ -153,7 +153,7 @@ $ wget https://repo.spring.io/milestone/org/springframework/cloud/spring-cloud-d
|
||||
$ java -jar spring-cloud-dataflow-server-local-2.0.0.BUILD-SNAPSHOT.jar --spring.config.additional-location=/path/to/ldap-uaa-example/dataflow.yml
|
||||
----
|
||||
|
||||
== Helper Utility
|
||||
==== Helper Utility
|
||||
|
||||
In case you want to experiment with LDAP users and make changes to them, be aware
|
||||
that users are cached in UAA. In that case you can use the following helper BASH script
|
||||
@@ -164,7 +164,7 @@ that will reload the user and display the UAA data as well:
|
||||
$ ./reload-user.sh <username> <password>
|
||||
----
|
||||
|
||||
== Configure and run a Composed Task
|
||||
==== Configure and run a Composed Task
|
||||
|
||||
First start the Spring Cloud Data Flow Shell:
|
||||
|
||||
@@ -204,7 +204,7 @@ dataflow:> task launch my-composed-task --arguments "--dataflow-server-username=
|
||||
This should execute the composed task successfully and yield task executions that look
|
||||
similar to the following:
|
||||
|
||||
[source,bash]
|
||||
[source,console,options=nowrap]
|
||||
----
|
||||
dataflow:>task execution list
|
||||
╔════════════════════════════════╤══╤════════════════════════════╤════════════════════════════╤═════════╗
|
||||
@@ -220,5 +220,5 @@ dataflow:>
|
||||
|
||||
Using the Dashboard, you should see task execution similar to these:
|
||||
|
||||
image::images/composed-task-success.png[Dashboard successful task executions]
|
||||
image::composed-task-success.png[Dashboard successful task executions]
|
||||
|
||||
|
||||
|
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 78 KiB |
BIN
src/main/asciidoc/images/composed-task-success.png
Normal file
BIN
src/main/asciidoc/images/composed-task-success.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 78 KiB |
@@ -1,5 +1,5 @@
|
||||
= Spring Cloud Data Flow Samples
|
||||
Sabby Anandan; David Turanski; Glenn Renfro; Eric Bottard; Mark Pollack; Chris Schaefer; Christian Tzolov
|
||||
Sabby Anandan; David Turanski; Glenn Renfro; Eric Bottard; Mark Pollack; Chris Schaefer; Christian Tzolov; Gunnar Hillert
|
||||
:doctype: book
|
||||
:toc:
|
||||
:toclevels: 4
|
||||
|
||||
@@ -50,3 +50,7 @@ It supports downsampling, automatically expiring and deleting unwanted data, as
|
||||
|
||||
include::micrometer/influx/main.adoc[]
|
||||
include::micrometer/prometheus/main.adoc[]
|
||||
|
||||
== Security
|
||||
|
||||
include::security/main.adoc[]
|
||||
|
||||
4
src/main/asciidoc/security/main.adoc
Normal file
4
src/main/asciidoc/security/main.adoc
Normal file
@@ -0,0 +1,4 @@
|
||||
:sectnums:
|
||||
:docs_dir: ..
|
||||
|
||||
include::{docs_dir}/../../../security-ldap-uaa-example/README.adoc[]
|
||||
Reference in New Issue
Block a user