diff --git a/security-ldap-uaa-example/README.adoc b/security-ldap-uaa-example/README.adoc index 4da8fff..0a26880 100644 --- a/security-ldap-uaa-example/README.adoc +++ b/security-ldap-uaa-example/README.adoc @@ -1,4 +1,4 @@ -= LDAP Security and UAA Example +=== LDAP Security and UAA Example This example provides an example on running Spring Cloud Data Flow with a https://github.com/cloudfoundry/uaa[CloudFoundry User Account and Authentication (UAA) Server] (UAA) backed by _Lightweight Directory Access Protocol_ (LDAP) security. @@ -26,7 +26,7 @@ In order to get everything running we need to setup the following server instanc * Spring Cloud Skipper (secured by UAA, port `7577`) * Spring Cloud Data Flow (secured by UAA, port `9393`) -== Requirements +==== Requirements Please ensure you have the following 3 items installed: @@ -34,7 +34,7 @@ Please ensure you have the following 3 items installed: * https://git-scm.com/[Git] * https://github.com/cloudfoundry/cf-uaac[CloudFoundry UAA Command Line Client] (UAAC) -== Build + Start LDAP Server +==== Build + Start LDAP Server [source,bash] ---- @@ -44,7 +44,7 @@ $ ./mvnw clean package $ java -jar target/ldapserver-uaa-1.0.0.BUILD-SNAPSHOT.jar ---- -== Download + Start UAA Server +==== Download + Start UAA Server Since by default the UAA Server is available as a war file only, we will use a custom Spring Boot based version that wraps the UAA war file but makes @@ -59,7 +59,7 @@ $ ./mvnw clean package $ java -jar target/uaa-bundled-1.0.0.BUILD-SNAPSHOT.jar ---- -== Prepare UAA Server +==== Prepare UAA Server Simply execute the BASH script `./setup-uaa.sh`. It will execute the following commands: @@ -95,7 +95,7 @@ uaac client add skipper \ --secret skipper \ ---- -== Quick Test Using Curl +==== Quick Test Using Curl [source,bash] ---- @@ -135,7 +135,7 @@ This should yield output similar to the following: {"access_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMSIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI2MjQxMTIwNDc1YTA0NzZmYjhmMmQwZWJmOGZhNmJmZSIsInN1YiI6IjMyMTMzMmExLTZmZjAtNGQ1Yy1hYjMzLTE3YzIzYjk4MzcxNSIsInNjb3BlIjpbImRhdGFmbG93LnZpZXciLCJzY2ltLnVzZXJpZHMiLCJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImRhdGFmbG93Lm1hbmFnZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJkYXRhZmxvdy5jcmVhdGUiXSwiY2xpZW50X2lkIjoiZGF0YWZsb3ciLCJjaWQiOiJkYXRhZmxvdyIsImF6cCI6ImRhdGFmbG93IiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjMyMTMzMmExLTZmZjAtNGQ1Yy1hYjMzLTE3YzIzYjk4MzcxNSIsIm9yaWdpbiI6ImxkYXAiLCJ1c2VyX25hbWUiOiJtYXJsZW5lIiwiZW1haWwiOiJtYXJsZW5lQHVzZXIuZnJvbS5sZGFwLmNmIiwiYXV0aF90aW1lIjoxNTQ1MzM2NTY3LCJyZXZfc2lnIjoiZjg3NjU2MTUiLCJpYXQiOjE1NDUzMzY1NjcsImV4cCI6MTU0NTM0MDE2NywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3VhYS9vYXV0aC90b2tlbiIsInppZCI6InVhYSIsImF1ZCI6WyJzY2ltIiwiY2xvdWRfY29udHJvbGxlciIsInBhc3N3b3JkIiwiZGF0YWZsb3ciLCJvcGVuaWQiXX0.OrV_UzlfGtv5ME6jgp0Xg_DKptUXyCalV7yNlUL0PxYonECJsfej1yzG3twIBuNJ8LGvNAkUIhIokdbBsRx1bVnn-tudaRxahihZDgbrOBOeTsG6MOOK8DrwyNqI9QksuPseh2IaQ8Q0RaPkwLTa_tmNJvZYpYmVaGSImhNsSvYnmVuxFXLALy0XhkLMhSf_ViTbA9-uyYw8n7u9Gsb46_pU3uGKUh-mSA4dETZvXqjFIalV07BBFJj0NhQ7jQPn3URRkKBULQVga1GWBuQkw18jwOF8Q6PA1ENmOOO6PJfqGJUXV0sCWDUC0TQhYSxLbpDodQOwAHVoqJ2M0lD78g","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMSIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzMjEzMzJhMS02ZmYwLTRkNWMtYWIzMy0xN2MyM2I5ODM3MTUiLCJhdWQiOlsiZGF0YWZsb3ciXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3VhYS9vYXV0aC90b2tlbiIsImV4cCI6MTU0NTM0MDE2NywiaWF0IjoxNTQ1MzM2NTY3LCJhbXIiOlsiZXh0IiwicHdkIl0sImF6cCI6ImRhdGFmbG93Iiwic2NvcGUiOlsib3BlbmlkIl0sImVtYWlsIjoibWFybGVuZUB1c2VyLmZyb20ubGRhcC5jZiIsInppZCI6InVhYSIsIm9yaWdpbiI6ImxkYXAiLCJqdGkiOiI2MjQxMTIwNDc1YTA0NzZmYjhmMmQwZWJmOGZhNmJmZSIsInByZXZpb3VzX2xvZ29uX3RpbWUiOjE1NDUzMzQyMTY1MzYsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50X2lkIjoiZGF0YWZsb3ciLCJjaWQiOiJkYXRhZmxvdyIsImdyYW50X3R5cGUiOiJwYXNzd29yZCIsInVzZXJfbmFtZSI6Im1hcmxlbmUiLCJyZXZfc2lnIjoiZjg3NjU2MTUiLCJ1c2VyX2lkIjoiMzIxMzMyYTEtNmZmMC00ZDVjLWFiMzMtMTdjMjNiOTgzNzE1IiwiYXV0aF90aW1lIjoxNTQ1MzM2NTY3fQ.JOa9oNiMKIu-bE0C9su2Kaw-Mbl8Pr6r-ALFfMIvFS_iaI9c5_OIrE-wNAFjtPhGvQkVoLL2d_fSdgtv5GyjWIJ0pCjZb-VJdX2AGauNynnumsR7ct6F6nI9CGrTtCS2Khe6Tp54Nu1wxumk09jd42CaPXA1S2pmUcudQBZEa8AELpESjnjnwOYEbPiKba03cnacGJvqPtbMl3jfWGRMmGqxQEM0A-5CKCqQpMzhkAeokUkPnirVOuNsQHQXNERy1gygO7fji9nReRaOiaFKNYL9aS-hKjY_i3uuAawvY_qpe5qRZ3-xCEesi-TqOItqy2I3BBREDp99t9cfAr2UXQ","expires_in":3599,"scope":"dataflow.view scim.userids openid cloud_controller.read password.write dataflow.manage cloud_controller.write dataflow.create","jti":"6241120475a0476fb8f2d0ebf8fa6bfe"} ---- -== Download + Start Spring Cloud Skipper +==== Download + Start Spring Cloud Skipper [source,bash] ---- @@ -144,7 +144,7 @@ $ java -jar spring-cloud-skipper-server-2.0.0.BUILD-SNAPSHOT.jar \ --spring.config.additional-location=/path/to/ldap-uaa-example/skipper.yml ---- -== Download + Start Spring Cloud Data Flow +==== Download + Start Spring Cloud Data Flow [source,bash] ---- @@ -153,7 +153,7 @@ $ wget https://repo.spring.io/milestone/org/springframework/cloud/spring-cloud-d $ java -jar spring-cloud-dataflow-server-local-2.0.0.BUILD-SNAPSHOT.jar --spring.config.additional-location=/path/to/ldap-uaa-example/dataflow.yml ---- -== Helper Utility +==== Helper Utility In case you want to experiment with LDAP users and make changes to them, be aware that users are cached in UAA. In that case you can use the following helper BASH script @@ -164,7 +164,7 @@ that will reload the user and display the UAA data as well: $ ./reload-user.sh ---- -== Configure and run a Composed Task +==== Configure and run a Composed Task First start the Spring Cloud Data Flow Shell: @@ -204,7 +204,7 @@ dataflow:> task launch my-composed-task --arguments "--dataflow-server-username= This should execute the composed task successfully and yield task executions that look similar to the following: -[source,bash] +[source,console,options=nowrap] ---- dataflow:>task execution list ╔════════════════════════════════╤══╤════════════════════════════╤════════════════════════════╤═════════╗ @@ -220,5 +220,5 @@ dataflow:> Using the Dashboard, you should see task execution similar to these: -image::images/composed-task-success.png[Dashboard successful task executions] +image::composed-task-success.png[Dashboard successful task executions] diff --git a/security-ldap-uaa-example/images/composed-task-success.png b/security-ldap-uaa-example/composed-task-success.png similarity index 100% rename from security-ldap-uaa-example/images/composed-task-success.png rename to security-ldap-uaa-example/composed-task-success.png diff --git a/src/main/asciidoc/images/composed-task-success.png b/src/main/asciidoc/images/composed-task-success.png new file mode 100644 index 0000000..4fa48c3 Binary files /dev/null and b/src/main/asciidoc/images/composed-task-success.png differ diff --git a/src/main/asciidoc/index.adoc b/src/main/asciidoc/index.adoc index e2beff9..b8d95e6 100644 --- a/src/main/asciidoc/index.adoc +++ b/src/main/asciidoc/index.adoc @@ -1,5 +1,5 @@ = Spring Cloud Data Flow Samples -Sabby Anandan; David Turanski; Glenn Renfro; Eric Bottard; Mark Pollack; Chris Schaefer; Christian Tzolov +Sabby Anandan; David Turanski; Glenn Renfro; Eric Bottard; Mark Pollack; Chris Schaefer; Christian Tzolov; Gunnar Hillert :doctype: book :toc: :toclevels: 4 diff --git a/src/main/asciidoc/overview.adoc b/src/main/asciidoc/overview.adoc index ca4e9c9..1cc7fb4 100644 --- a/src/main/asciidoc/overview.adoc +++ b/src/main/asciidoc/overview.adoc @@ -50,3 +50,7 @@ It supports downsampling, automatically expiring and deleting unwanted data, as include::micrometer/influx/main.adoc[] include::micrometer/prometheus/main.adoc[] + +== Security + +include::security/main.adoc[] diff --git a/src/main/asciidoc/security/main.adoc b/src/main/asciidoc/security/main.adoc new file mode 100644 index 0000000..01bca2b --- /dev/null +++ b/src/main/asciidoc/security/main.adoc @@ -0,0 +1,4 @@ +:sectnums: +:docs_dir: .. + +include::{docs_dir}/../../../security-ldap-uaa-example/README.adoc[]