Sync docs from v1.0.3.RELEASE to gh-pages
This commit is contained in:
54
spring-cloud-security/1.0.3.RELEASE/ghpages.sh
Normal file
54
spring-cloud-security/1.0.3.RELEASE/ghpages.sh
Normal file
@@ -0,0 +1,54 @@
|
|||||||
|
#!/bin/bash -x
|
||||||
|
|
||||||
|
git remote set-url --push origin `git config remote.origin.url | sed -e 's/^git:/https:/'`
|
||||||
|
|
||||||
|
if ! (git remote set-branches --add origin gh-pages && git fetch -q); then
|
||||||
|
echo "No gh-pages, so not syncing"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! [ -d docs/target/generated-docs ]; then
|
||||||
|
echo "No gh-pages sources in docs/target/generated-docs, so not syncing"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Find name of current branch
|
||||||
|
###################################################################
|
||||||
|
branch=$TRAVIS_BRANCH
|
||||||
|
[ "$branch" == "" ] && branch=`git rev-parse --abbrev-ref HEAD`
|
||||||
|
target=.
|
||||||
|
if [ "$branch" != "master" ]; then target=./$branch; mkdir -p $target; fi
|
||||||
|
|
||||||
|
# Stash any outstanding changes
|
||||||
|
###################################################################
|
||||||
|
git diff-index --quiet HEAD
|
||||||
|
dirty=$?
|
||||||
|
if [ "$dirty" != "0" ]; then git stash; fi
|
||||||
|
|
||||||
|
# Switch to gh-pages branch to sync it with current branch
|
||||||
|
###################################################################
|
||||||
|
git checkout gh-pages
|
||||||
|
|
||||||
|
for f in docs/target/generated-docs/*; do
|
||||||
|
file=${f#docs/target/generated-docs/*}
|
||||||
|
if ! git ls-files -i -o --exclude-standard --directory | grep -q ^$file$; then
|
||||||
|
# Not ignored...
|
||||||
|
cp -rf $f $target
|
||||||
|
git add -A $target/$file
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
git add -A README.adoc || echo "No change to README.adoc"
|
||||||
|
git commit -a -m "Sync docs from $branch to gh-pages" || echo "Nothing committed"
|
||||||
|
|
||||||
|
# Uncomment the following push if you want to auto push to
|
||||||
|
# the gh-pages branch whenever you commit to branch locally.
|
||||||
|
# This is a little extreme. Use with care!
|
||||||
|
###################################################################
|
||||||
|
git push origin gh-pages || echo "Cannot push gh-pages"
|
||||||
|
|
||||||
|
# Finally, switch back to the current branch and exit block
|
||||||
|
git checkout $branch
|
||||||
|
if [ "$dirty" != "0" ]; then git stash pop; fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
976
spring-cloud-security/1.0.3.RELEASE/index.html
Normal file
976
spring-cloud-security/1.0.3.RELEASE/index.html
Normal file
@@ -0,0 +1,976 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<meta name="generator" content="Asciidoctor 1.5.2">
|
||||||
|
<title>Spring Cloud Security</title>
|
||||||
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400">
|
||||||
|
<style>
|
||||||
|
/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
|
||||||
|
/* Remove the comments around the @import statement below when using this as a custom stylesheet */
|
||||||
|
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400";*/
|
||||||
|
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
|
||||||
|
audio,canvas,video{display:inline-block}
|
||||||
|
audio:not([controls]){display:none;height:0}
|
||||||
|
[hidden],template{display:none}
|
||||||
|
script{display:none!important}
|
||||||
|
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
|
||||||
|
body{margin:0}
|
||||||
|
a{background:transparent}
|
||||||
|
a:focus{outline:thin dotted}
|
||||||
|
a:active,a:hover{outline:0}
|
||||||
|
h1{font-size:2em;margin:.67em 0}
|
||||||
|
abbr[title]{border-bottom:1px dotted}
|
||||||
|
b,strong{font-weight:bold}
|
||||||
|
dfn{font-style:italic}
|
||||||
|
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
|
||||||
|
mark{background:#ff0;color:#000}
|
||||||
|
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
||||||
|
pre{white-space:pre-wrap}
|
||||||
|
q{quotes:"\201C" "\201D" "\2018" "\2019"}
|
||||||
|
small{font-size:80%}
|
||||||
|
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
|
||||||
|
sup{top:-.5em}
|
||||||
|
sub{bottom:-.25em}
|
||||||
|
img{border:0}
|
||||||
|
svg:not(:root){overflow:hidden}
|
||||||
|
figure{margin:0}
|
||||||
|
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
||||||
|
legend{border:0;padding:0}
|
||||||
|
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
||||||
|
button,input{line-height:normal}
|
||||||
|
button,select{text-transform:none}
|
||||||
|
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
|
||||||
|
button[disabled],html input[disabled]{cursor:default}
|
||||||
|
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
|
||||||
|
input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}
|
||||||
|
input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}
|
||||||
|
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
||||||
|
textarea{overflow:auto;vertical-align:top}
|
||||||
|
table{border-collapse:collapse;border-spacing:0}
|
||||||
|
*,*:before,*:after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
|
||||||
|
html,body{font-size:100%}
|
||||||
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto}
|
||||||
|
a:hover{cursor:pointer}
|
||||||
|
img,object,embed{max-width:100%;height:auto}
|
||||||
|
object,embed{height:100%}
|
||||||
|
img{-ms-interpolation-mode:bicubic}
|
||||||
|
#map_canvas img,#map_canvas embed,#map_canvas object,.map_canvas img,.map_canvas embed,.map_canvas object{max-width:none!important}
|
||||||
|
.left{float:left!important}
|
||||||
|
.right{float:right!important}
|
||||||
|
.text-left{text-align:left!important}
|
||||||
|
.text-right{text-align:right!important}
|
||||||
|
.text-center{text-align:center!important}
|
||||||
|
.text-justify{text-align:justify!important}
|
||||||
|
.hide{display:none}
|
||||||
|
.antialiased,body{-webkit-font-smoothing:antialiased}
|
||||||
|
img{display:inline-block;vertical-align:middle}
|
||||||
|
textarea{height:auto;min-height:50px}
|
||||||
|
select{width:100%}
|
||||||
|
p.lead,.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{font-size:1.21875em;line-height:1.6}
|
||||||
|
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
||||||
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
|
||||||
|
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
||||||
|
a:hover,a:focus{color:#1d4b8f}
|
||||||
|
a img{border:none}
|
||||||
|
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
||||||
|
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
||||||
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
||||||
|
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
||||||
|
h1{font-size:2.125em}
|
||||||
|
h2{font-size:1.6875em}
|
||||||
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
||||||
|
h4,h5{font-size:1.125em}
|
||||||
|
h6{font-size:1em}
|
||||||
|
hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
|
||||||
|
em,i{font-style:italic;line-height:inherit}
|
||||||
|
strong,b{font-weight:bold;line-height:inherit}
|
||||||
|
small{font-size:60%;line-height:inherit}
|
||||||
|
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
||||||
|
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
||||||
|
ul,ol,ul.no-bullet,ol.no-bullet{margin-left:1.5em}
|
||||||
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
|
||||||
|
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
||||||
|
ul.square{list-style-type:square}
|
||||||
|
ul.circle{list-style-type:circle}
|
||||||
|
ul.disc{list-style-type:disc}
|
||||||
|
ul.no-bullet{list-style:none}
|
||||||
|
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
||||||
|
dl dt{margin-bottom:.3125em;font-weight:bold}
|
||||||
|
dl dd{margin-bottom:1.25em}
|
||||||
|
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
|
||||||
|
abbr{text-transform:none}
|
||||||
|
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
||||||
|
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
|
||||||
|
blockquote cite:before{content:"\2014 \0020"}
|
||||||
|
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
|
||||||
|
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
||||||
|
@media only screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
||||||
|
h1{font-size:2.75em}
|
||||||
|
h2{font-size:2.3125em}
|
||||||
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
||||||
|
h4{font-size:1.4375em}}table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
|
||||||
|
table thead,table tfoot{background:#f7f8f7;font-weight:bold}
|
||||||
|
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
||||||
|
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
||||||
|
table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
|
||||||
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
|
||||||
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
||||||
|
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
||||||
|
.clearfix:before,.clearfix:after,.float-group:before,.float-group:after{content:" ";display:table}
|
||||||
|
.clearfix:after,.float-group:after{clear:both}
|
||||||
|
*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
|
||||||
|
pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
|
||||||
|
.keyseq{color:rgba(51,51,51,.8)}
|
||||||
|
kbd{display:inline-block;color:rgba(0,0,0,.8);font-size:.75em;line-height:1.4;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:-.15em .15em 0 .15em;padding:.2em .6em .2em .5em;vertical-align:middle;white-space:nowrap}
|
||||||
|
.keyseq kbd:first-child{margin-left:0}
|
||||||
|
.keyseq kbd:last-child{margin-right:0}
|
||||||
|
.menuseq,.menu{color:rgba(0,0,0,.8)}
|
||||||
|
b.button:before,b.button:after{position:relative;top:-1px;font-weight:400}
|
||||||
|
b.button:before{content:"[";padding:0 3px 0 2px}
|
||||||
|
b.button:after{content:"]";padding:0 2px 0 3px}
|
||||||
|
p a>code:hover{color:rgba(0,0,0,.9)}
|
||||||
|
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
||||||
|
#header:before,#header:after,#content:before,#content:after,#footnotes:before,#footnotes:after,#footer:before,#footer:after{content:" ";display:table}
|
||||||
|
#header:after,#content:after,#footnotes:after,#footer:after{clear:both}
|
||||||
|
#content{margin-top:1.25em}
|
||||||
|
#content:before{content:none}
|
||||||
|
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
||||||
|
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8}
|
||||||
|
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px}
|
||||||
|
#header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
|
||||||
|
#header .details span:first-child{margin-left:-.125em}
|
||||||
|
#header .details span.email a{color:rgba(0,0,0,.85)}
|
||||||
|
#header .details br{display:none}
|
||||||
|
#header .details br+span:before{content:"\00a0\2013\00a0"}
|
||||||
|
#header .details br+span.author:before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
|
||||||
|
#header .details br+span#revremark:before{content:"\00a0|\00a0"}
|
||||||
|
#header #revnumber{text-transform:capitalize}
|
||||||
|
#header #revnumber:after{content:"\00a0"}
|
||||||
|
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
|
||||||
|
#toc{border-bottom:1px solid #efefed;padding-bottom:.5em}
|
||||||
|
#toc>ul{margin-left:.125em}
|
||||||
|
#toc ul.sectlevel0>li>a{font-style:italic}
|
||||||
|
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
|
||||||
|
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
|
||||||
|
#toc a{text-decoration:none}
|
||||||
|
#toc a:active{text-decoration:underline}
|
||||||
|
#toctitle{color:#7a2518;font-size:1.2em}
|
||||||
|
@media only screen and (min-width:768px){#toctitle{font-size:1.375em}
|
||||||
|
body.toc2{padding-left:15em;padding-right:0}
|
||||||
|
#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
||||||
|
#toc.toc2 #toctitle{margin-top:0;font-size:1.2em}
|
||||||
|
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
||||||
|
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
||||||
|
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
|
||||||
|
body.toc2.toc-right{padding-left:0;padding-right:15em}
|
||||||
|
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}@media only screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
|
||||||
|
#toc.toc2{width:20em}
|
||||||
|
#toc.toc2 #toctitle{font-size:1.375em}
|
||||||
|
#toc.toc2>ul{font-size:.95em}
|
||||||
|
#toc.toc2 ul ul{padding-left:1.25em}
|
||||||
|
body.toc2.toc-right{padding-left:0;padding-right:20em}}#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
||||||
|
#content #toc>:first-child{margin-top:0}
|
||||||
|
#content #toc>:last-child{margin-bottom:0}
|
||||||
|
#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
|
||||||
|
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
|
||||||
|
.sect1{padding-bottom:.625em}
|
||||||
|
@media only screen and (min-width:768px){.sect1{padding-bottom:1.25em}}.sect1+.sect1{border-top:1px solid #efefed}
|
||||||
|
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
|
||||||
|
#content h1>a.anchor:before,h2>a.anchor:before,h3>a.anchor:before,#toctitle>a.anchor:before,.sidebarblock>.content>.title>a.anchor:before,h4>a.anchor:before,h5>a.anchor:before,h6>a.anchor:before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
|
||||||
|
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
||||||
|
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
||||||
|
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
||||||
|
.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
||||||
|
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
||||||
|
table.tableblock>caption.title{white-space:nowrap;overflow:visible;max-width:0}
|
||||||
|
.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{color:rgba(0,0,0,.85)}
|
||||||
|
table.tableblock #preamble>.sectionbody>.paragraph:first-of-type p{font-size:inherit}
|
||||||
|
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
||||||
|
.admonitionblock>table td.icon{text-align:center;width:80px}
|
||||||
|
.admonitionblock>table td.icon img{max-width:none}
|
||||||
|
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
||||||
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)}
|
||||||
|
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
||||||
|
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
|
||||||
|
.exampleblock>.content>:first-child{margin-top:0}
|
||||||
|
.exampleblock>.content>:last-child{margin-bottom:0}
|
||||||
|
.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
||||||
|
.sidebarblock>:first-child{margin-top:0}
|
||||||
|
.sidebarblock>:last-child{margin-bottom:0}
|
||||||
|
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
||||||
|
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
||||||
|
.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
|
||||||
|
.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
|
||||||
|
.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em}
|
||||||
|
.literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal}
|
||||||
|
@media only screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}@media only screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
|
||||||
|
.listingblock pre.highlightjs{padding:0}
|
||||||
|
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
|
||||||
|
.listingblock pre.prettyprint{border-width:0}
|
||||||
|
.listingblock>.content{position:relative}
|
||||||
|
.listingblock code[data-lang]:before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
|
||||||
|
.listingblock:hover code[data-lang]:before{display:block}
|
||||||
|
.listingblock.terminal pre .command:before{content:attr(data-prompt);padding-right:.5em;color:#999}
|
||||||
|
.listingblock.terminal pre .command:not([data-prompt]):before{content:"$"}
|
||||||
|
table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
||||||
|
table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0}
|
||||||
|
table.pyhltable td.code{padding-left:.75em;padding-right:0}
|
||||||
|
pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8}
|
||||||
|
pre.pygments .lineno{display:inline-block;margin-right:.25em}
|
||||||
|
table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
|
||||||
|
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
||||||
|
.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
|
||||||
|
.quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
||||||
|
.quoteblock blockquote{margin:0;padding:0;border:0}
|
||||||
|
.quoteblock blockquote:before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
||||||
|
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
||||||
|
.quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right}
|
||||||
|
.quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)}
|
||||||
|
.quoteblock .quoteblock blockquote{padding:0 0 0 .75em}
|
||||||
|
.quoteblock .quoteblock blockquote:before{display:none}
|
||||||
|
.verseblock{margin:0 1em 1.25em 1em}
|
||||||
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
||||||
|
.verseblock pre strong{font-weight:400}
|
||||||
|
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
||||||
|
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
||||||
|
.quoteblock .attribution br,.verseblock .attribution br{display:none}
|
||||||
|
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.05em;color:rgba(0,0,0,.6)}
|
||||||
|
.quoteblock.abstract{margin:0 0 1.25em 0;display:block}
|
||||||
|
.quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{text-align:left;word-spacing:0}
|
||||||
|
.quoteblock.abstract blockquote:before,.quoteblock.abstract blockquote p:first-of-type:before{display:none}
|
||||||
|
table.tableblock{max-width:100%;border-collapse:separate}
|
||||||
|
table.tableblock td>.paragraph:last-child p>p:last-child,table.tableblock th>p:last-child,table.tableblock td>p:last-child{margin-bottom:0}
|
||||||
|
table.spread{width:100%}
|
||||||
|
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
||||||
|
table.grid-all th.tableblock,table.grid-all td.tableblock{border-width:0 1px 1px 0}
|
||||||
|
table.grid-all tfoot>tr>th.tableblock,table.grid-all tfoot>tr>td.tableblock{border-width:1px 1px 0 0}
|
||||||
|
table.grid-cols th.tableblock,table.grid-cols td.tableblock{border-width:0 1px 0 0}
|
||||||
|
table.grid-all *>tr>.tableblock:last-child,table.grid-cols *>tr>.tableblock:last-child{border-right-width:0}
|
||||||
|
table.grid-rows th.tableblock,table.grid-rows td.tableblock{border-width:0 0 1px 0}
|
||||||
|
table.grid-all tbody>tr:last-child>th.tableblock,table.grid-all tbody>tr:last-child>td.tableblock,table.grid-all thead:last-child>tr>th.tableblock,table.grid-rows tbody>tr:last-child>th.tableblock,table.grid-rows tbody>tr:last-child>td.tableblock,table.grid-rows thead:last-child>tr>th.tableblock{border-bottom-width:0}
|
||||||
|
table.grid-rows tfoot>tr>th.tableblock,table.grid-rows tfoot>tr>td.tableblock{border-width:1px 0 0 0}
|
||||||
|
table.frame-all{border-width:1px}
|
||||||
|
table.frame-sides{border-width:0 1px}
|
||||||
|
table.frame-topbot{border-width:1px 0}
|
||||||
|
th.halign-left,td.halign-left{text-align:left}
|
||||||
|
th.halign-right,td.halign-right{text-align:right}
|
||||||
|
th.halign-center,td.halign-center{text-align:center}
|
||||||
|
th.valign-top,td.valign-top{vertical-align:top}
|
||||||
|
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
||||||
|
th.valign-middle,td.valign-middle{vertical-align:middle}
|
||||||
|
table thead th,table tfoot th{font-weight:bold}
|
||||||
|
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
|
||||||
|
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
||||||
|
p.tableblock>code:only-child{background:none;padding:0}
|
||||||
|
p.tableblock{font-size:1em}
|
||||||
|
td>div.verse{white-space:pre}
|
||||||
|
ol{margin-left:1.75em}
|
||||||
|
ul li ol{margin-left:1.5em}
|
||||||
|
dl dd{margin-left:1.125em}
|
||||||
|
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
||||||
|
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
||||||
|
ul.unstyled,ol.unnumbered,ul.checklist,ul.none{list-style-type:none}
|
||||||
|
ul.unstyled,ol.unnumbered,ul.checklist{margin-left:.625em}
|
||||||
|
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1em;font-size:.85em}
|
||||||
|
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{width:1em;position:relative;top:1px}
|
||||||
|
ul.inline{margin:0 auto .625em auto;margin-left:-1.375em;margin-right:0;padding:0;list-style:none;overflow:hidden}
|
||||||
|
ul.inline>li{list-style:none;float:left;margin-left:1.375em;display:block}
|
||||||
|
ul.inline>li>*{display:block}
|
||||||
|
.unstyled dl dt{font-weight:400;font-style:normal}
|
||||||
|
ol.arabic{list-style-type:decimal}
|
||||||
|
ol.decimal{list-style-type:decimal-leading-zero}
|
||||||
|
ol.loweralpha{list-style-type:lower-alpha}
|
||||||
|
ol.upperalpha{list-style-type:upper-alpha}
|
||||||
|
ol.lowerroman{list-style-type:lower-roman}
|
||||||
|
ol.upperroman{list-style-type:upper-roman}
|
||||||
|
ol.lowergreek{list-style-type:lower-greek}
|
||||||
|
.hdlist>table,.colist>table{border:0;background:none}
|
||||||
|
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
||||||
|
td.hdlist1{padding-right:.75em;font-weight:bold}
|
||||||
|
td.hdlist1,td.hdlist2{vertical-align:top}
|
||||||
|
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
||||||
|
.colist>table tr>td:first-of-type{padding:0 .75em;line-height:1}
|
||||||
|
.colist>table tr>td:last-of-type{padding:.25em 0}
|
||||||
|
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
|
||||||
|
.imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0}
|
||||||
|
.imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em}
|
||||||
|
.imageblock>.title{margin-bottom:0}
|
||||||
|
.imageblock.thumb,.imageblock.th{border-width:6px}
|
||||||
|
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
|
||||||
|
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
|
||||||
|
.image.left{margin-right:.625em}
|
||||||
|
.image.right{margin-left:.625em}
|
||||||
|
a.image{text-decoration:none}
|
||||||
|
span.footnote,span.footnoteref{vertical-align:super;font-size:.875em}
|
||||||
|
span.footnote a,span.footnoteref a{text-decoration:none}
|
||||||
|
span.footnote a:active,span.footnoteref a:active{text-decoration:underline}
|
||||||
|
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
|
||||||
|
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em 0;border-width:1px 0 0 0}
|
||||||
|
#footnotes .footnote{padding:0 .375em;line-height:1.3;font-size:.875em;margin-left:1.2em;text-indent:-1.2em;margin-bottom:.2em}
|
||||||
|
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none}
|
||||||
|
#footnotes .footnote:last-of-type{margin-bottom:0}
|
||||||
|
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
||||||
|
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
||||||
|
.gist .file-data>table td.line-data{width:99%}
|
||||||
|
div.unbreakable{page-break-inside:avoid}
|
||||||
|
.big{font-size:larger}
|
||||||
|
.small{font-size:smaller}
|
||||||
|
.underline{text-decoration:underline}
|
||||||
|
.overline{text-decoration:overline}
|
||||||
|
.line-through{text-decoration:line-through}
|
||||||
|
.aqua{color:#00bfbf}
|
||||||
|
.aqua-background{background-color:#00fafa}
|
||||||
|
.black{color:#000}
|
||||||
|
.black-background{background-color:#000}
|
||||||
|
.blue{color:#0000bf}
|
||||||
|
.blue-background{background-color:#0000fa}
|
||||||
|
.fuchsia{color:#bf00bf}
|
||||||
|
.fuchsia-background{background-color:#fa00fa}
|
||||||
|
.gray{color:#606060}
|
||||||
|
.gray-background{background-color:#7d7d7d}
|
||||||
|
.green{color:#006000}
|
||||||
|
.green-background{background-color:#007d00}
|
||||||
|
.lime{color:#00bf00}
|
||||||
|
.lime-background{background-color:#00fa00}
|
||||||
|
.maroon{color:#600000}
|
||||||
|
.maroon-background{background-color:#7d0000}
|
||||||
|
.navy{color:#000060}
|
||||||
|
.navy-background{background-color:#00007d}
|
||||||
|
.olive{color:#606000}
|
||||||
|
.olive-background{background-color:#7d7d00}
|
||||||
|
.purple{color:#600060}
|
||||||
|
.purple-background{background-color:#7d007d}
|
||||||
|
.red{color:#bf0000}
|
||||||
|
.red-background{background-color:#fa0000}
|
||||||
|
.silver{color:#909090}
|
||||||
|
.silver-background{background-color:#bcbcbc}
|
||||||
|
.teal{color:#006060}
|
||||||
|
.teal-background{background-color:#007d7d}
|
||||||
|
.white{color:#bfbfbf}
|
||||||
|
.white-background{background-color:#fafafa}
|
||||||
|
.yellow{color:#bfbf00}
|
||||||
|
.yellow-background{background-color:#fafa00}
|
||||||
|
span.icon>.fa{cursor:default}
|
||||||
|
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
||||||
|
.admonitionblock td.icon .icon-note:before{content:"\f05a";color:#19407c}
|
||||||
|
.admonitionblock td.icon .icon-tip:before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
|
||||||
|
.admonitionblock td.icon .icon-warning:before{content:"\f071";color:#bf6900}
|
||||||
|
.admonitionblock td.icon .icon-caution:before{content:"\f06d";color:#bf3400}
|
||||||
|
.admonitionblock td.icon .icon-important:before{content:"\f06a";color:#bf0000}
|
||||||
|
.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
||||||
|
.conum[data-value] *{color:#fff!important}
|
||||||
|
.conum[data-value]+b{display:none}
|
||||||
|
.conum[data-value]:after{content:attr(data-value)}
|
||||||
|
pre .conum[data-value]{position:relative;top:-.125em}
|
||||||
|
b.conum *{color:inherit!important}
|
||||||
|
.conum:not([data-value]):empty{display:none}
|
||||||
|
h1,h2{letter-spacing:-.01em}
|
||||||
|
dt,th.tableblock,td.content{text-rendering:optimizeLegibility}
|
||||||
|
p,td.content{letter-spacing:-.01em}
|
||||||
|
p strong,td.content strong{letter-spacing:-.005em}
|
||||||
|
p,blockquote,dt,td.content{font-size:1.0625rem}
|
||||||
|
p{margin-bottom:1.25rem}
|
||||||
|
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
||||||
|
.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
||||||
|
.print-only{display:none!important}
|
||||||
|
@media print{@page{margin:1.25cm .75cm}
|
||||||
|
*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
|
||||||
|
a{color:inherit!important;text-decoration:underline!important}
|
||||||
|
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
||||||
|
a[href^="http:"]:not(.bare):after,a[href^="https:"]:not(.bare):after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
||||||
|
abbr[title]:after{content:" (" attr(title) ")"}
|
||||||
|
pre,blockquote,tr,img{page-break-inside:avoid}
|
||||||
|
thead{display:table-header-group}
|
||||||
|
img{max-width:100%!important}
|
||||||
|
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
||||||
|
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
||||||
|
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
||||||
|
#toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important}
|
||||||
|
.sect1{padding-bottom:0!important}
|
||||||
|
.sect1+.sect1{border:0!important}
|
||||||
|
#header>h1:first-child{margin-top:1.25rem}
|
||||||
|
body.book #header{text-align:center}
|
||||||
|
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em 0}
|
||||||
|
body.book #header .details{border:0!important;display:block;padding:0!important}
|
||||||
|
body.book #header .details span:first-child{margin-left:0!important}
|
||||||
|
body.book #header .details br{display:block}
|
||||||
|
body.book #header .details br+span:before{content:none!important}
|
||||||
|
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
|
||||||
|
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
|
||||||
|
.listingblock code[data-lang]:before{display:block}
|
||||||
|
#footer{background:none!important;padding:0 .9375em}
|
||||||
|
#footer-text{color:rgba(0,0,0,.6)!important;font-size:.9em}
|
||||||
|
.hide-on-print{display:none!important}
|
||||||
|
.print-only{display:block!important}
|
||||||
|
.hide-for-print{display:none!important}
|
||||||
|
.show-for-print{display:inherit!important}}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body class="article">
|
||||||
|
<div id="header">
|
||||||
|
<h1>Spring Cloud Security</h1>
|
||||||
|
</div>
|
||||||
|
<div id="content">
|
||||||
|
<div id="preamble">
|
||||||
|
<div class="sectionbody">
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Spring Cloud Security offers a set of primitives for building secure
|
||||||
|
applications and services with minimum fuss. A declarative model which
|
||||||
|
can be heavily configured externally (or centrally) lends itself to
|
||||||
|
the implementation of large systems of co-operating, remote components,
|
||||||
|
usually with a central indentity management service. It is also extremely
|
||||||
|
easy to use in a service platform like Cloud Foundry. Building on
|
||||||
|
Spring Boot and Spring Security OAuth2 we can quickly create systems that
|
||||||
|
implement common patterns like single sign on, token relay and token
|
||||||
|
exchange.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p><a href="https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/docs/src/main/asciidoc/contributing-docs.adoc" class="bare">https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/docs/src/main/asciidoc/contributing-docs.adoc</a></p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect1">
|
||||||
|
<h2 id="_quickstart">Quickstart</h2>
|
||||||
|
<div class="sectionbody">
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_oauth2_single_sign_on">OAuth2 Single Sign On</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Here’s a Spring Cloud "Hello World" app with HTTP Basic
|
||||||
|
authentication and a single user account:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">app.groovy</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Grab('spring-boot-starter-security')
|
||||||
|
@Controller
|
||||||
|
class Application {
|
||||||
|
|
||||||
|
@RequestMapping('/')
|
||||||
|
String home() {
|
||||||
|
'Hello World'
|
||||||
|
}
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>You can run it with <code>spring run app.groovy</code> and watch the logs for the password (username is "user"). So far this is just the default for a Spring Boot app.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Here’s a Spring Cloud app with OAuth2 SSO:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">app.groovy</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Controller
|
||||||
|
@EnableOAuth2Sso
|
||||||
|
class Application {
|
||||||
|
|
||||||
|
@RequestMapping('/')
|
||||||
|
String home() {
|
||||||
|
'Hello World'
|
||||||
|
}
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Spot the difference? This app will actually behave exactly the same as
|
||||||
|
the previous one, because it doesn’t know it’s OAuth2 credentals
|
||||||
|
yet.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>You can register an app in github quite easily, so try that if you
|
||||||
|
want a production app on your own domain. If you are happy to test on
|
||||||
|
localhost:8080, then set up these properties in your application
|
||||||
|
configuration:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">application.yml</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-yaml" data-lang="yaml">spring:
|
||||||
|
oauth2:
|
||||||
|
client:
|
||||||
|
clientId: bd1c0a783ccdd1c9b9e4
|
||||||
|
clientSecret: 1a9030fbca47a5b2c28e92f19050bb77824b5ad1
|
||||||
|
accessTokenUri: https://github.com/login/oauth/access_token
|
||||||
|
userAuthorizationUri: https://github.com/login/oauth/authorize
|
||||||
|
clientAuthenticationScheme: form
|
||||||
|
resource:
|
||||||
|
userInfoUri: https://api.github.com/user
|
||||||
|
preferTokenInfo: false</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>run the app above and it will redirect to github for authorization. If
|
||||||
|
you are already signed into github you won’t even notice that it has
|
||||||
|
authenticated. These credentials will only work if your app is
|
||||||
|
running on port 8080.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>To limit the scope that the client asks for when it obtains an access token
|
||||||
|
you can set <code>spring.oauth2.client.scope</code> (comma separated or an array in YAML). By
|
||||||
|
default the scope is empty and it is up to to Authorization Server to
|
||||||
|
decide what the defaults should be, usually depending on the settings in
|
||||||
|
the client registration that it holds.</p>
|
||||||
|
</div>
|
||||||
|
<div class="admonitionblock note">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td class="icon">
|
||||||
|
<div class="title">Note</div>
|
||||||
|
</td>
|
||||||
|
<td class="content">
|
||||||
|
The examples above are all Groovy scripts. If you want to write the
|
||||||
|
same code in Java (or Groovy) you need to add Spring Security OAuth2
|
||||||
|
to the classpath (e.g. see the
|
||||||
|
<a href="https://github.com/spring-cloud-samples/sso">sample here</a>).
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_oauth2_protected_resource">OAuth2 Protected Resource</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>You want to protect an API resource with an OAuth2 token? Here’s a
|
||||||
|
simple example (paired with the client above):</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">app.groovy</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Grab('spring-cloud-starter-security')
|
||||||
|
@RestController
|
||||||
|
@EnableOAuth2Resource
|
||||||
|
class Application {
|
||||||
|
|
||||||
|
@RequestMapping('/')
|
||||||
|
def home() {
|
||||||
|
[message: 'Hello World']
|
||||||
|
}
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>and</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">application.yml</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-yaml" data-lang="yaml">spring:
|
||||||
|
oauth2:
|
||||||
|
resource:
|
||||||
|
userInfoUri: https://api.github.com/user
|
||||||
|
preferTokenInfo: false</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect1">
|
||||||
|
<h2 id="_more_detail">More Detail</h2>
|
||||||
|
<div class="sectionbody">
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_single_sign_on">Single Sign On</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>An app will activate <code>@EnableOAuth2Sso</code> if you bind provide the
|
||||||
|
following properties in the <code>Environment</code>:</p>
|
||||||
|
</div>
|
||||||
|
<div class="ulist">
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p><code>spring.oauth2.client.*</code> with <code>*</code> equal to <code>clientId</code>, <code>clientSecret</code>,
|
||||||
|
<code>accessTokenUri</code>, <code>userAuthorizationUri</code> and one of:</p>
|
||||||
|
<div class="ulist">
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p><code>spring.oauth2.resource.userInfoUri</code> to use the "/me" resource
|
||||||
|
(e.g. "https://uaa.run.pivotal.io/userinfo" on PWS), or</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><code>spring.oauth2.resource.tokenInfoUri</code> to use the token decoding endpoint
|
||||||
|
(e.g. "https://uaa.run.pivotal.io/check_token" on PWS).</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>If you specify both the <code>userInfoUri</code> and the <code>tokenInfoUri</code> then
|
||||||
|
you can set a flag to say that one is preferred over the other
|
||||||
|
(<code>preferTokenInfo=true</code> is the default). Or</p>
|
||||||
|
</div>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p><code>spring.oauth2.resource.jwt.keyValue</code> to
|
||||||
|
decode a JWT token locally, where the key is a verification key. The
|
||||||
|
verification key value is either a symmetric secret or PEM-encoded
|
||||||
|
RSA public key. If you don’t have the key and it’s public you can
|
||||||
|
provide a URI where it can be downloaded (as a JSON object with a
|
||||||
|
"value" field) with <code>spring.oauth2.resource.jwt.keyUri</code>. E.g. on PWS:</p>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="content">
|
||||||
|
<pre>$ curl https://uaa.run.pivotal.io/token_key
|
||||||
|
{"alg":"SHA256withRSA","value":"-----BEGIN PUBLIC KEY-----\nMIIBI...\n-----END PUBLIC KEY-----\n"}</pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div class="admonitionblock warning">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td class="icon">
|
||||||
|
<div class="title">Warning</div>
|
||||||
|
</td>
|
||||||
|
<td class="content">
|
||||||
|
If you use the <code>spring.oauth2.resource.jwt.keyUri</code> the authorization
|
||||||
|
server needs to be running when your application starts up. It will
|
||||||
|
log a warning if it can’t find the key, and tell you what to do to fix
|
||||||
|
it.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>You can set the preferred scope (as a comma-separated list or YAML
|
||||||
|
array) in <code>spring.oauth2.client.scope</code>. It defaults to empty, in which case
|
||||||
|
most Authorization Servers will ask the user for approval for the
|
||||||
|
maximum allowed scope for the client.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>There is also a setting for <code>spring.oauth2.client.clientAuthenticationScheme</code> which
|
||||||
|
defaults to "header" (but you might need to set it to "form" if, like
|
||||||
|
Github for instance, your OAuth2 provider doesn’t like header
|
||||||
|
authentication). The <code>spring.oauth2.client.*</code> properties are bound to an instance
|
||||||
|
of <code>AuthorizationCodeResourceDetails</code> so all its properties can be specified.</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_token_type_in_user_info">Token Type in User Info</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>Google (and certain other 3rd party identity providers) is more strict
|
||||||
|
about the token type name that is sent in the headers to the user info
|
||||||
|
endpoint. The default is "Bearer" which suits most providers and
|
||||||
|
matches the spec, but if you need to change it you can set
|
||||||
|
<code>spring.oauth2.resource.tokenType</code>.</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_customizing_the_resttemplate">Customizing the RestTemplate</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>The SSO (and Resource Server) features use an <code>OAuth2RestTemplate</code>
|
||||||
|
internally to fetch user details for authentication. This is provided
|
||||||
|
as a qualified <code>@Bean</code> with id "userInfoRestTemplate", but you
|
||||||
|
shouldn’t need to know that to just use it. The default should be fine
|
||||||
|
for most providers, but occasionally you might need to add additional
|
||||||
|
interceptors, or change the request authenticator (which is how the
|
||||||
|
token gets attached to outgoing requests). To add a customization just
|
||||||
|
create a bean of type <code>UserInfoRestTemplateCustomizer</code> - it has a
|
||||||
|
single method that will be called after the bean is created but before
|
||||||
|
it is initialized. The rest template that is being customized here is
|
||||||
|
<em>only</em> used internally to carry out authentication (in the SSO or
|
||||||
|
Resource Server use cases).</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>A second {@link OAuth2RestTemplate} is available for autowiring if you
|
||||||
|
want to use it for back channel calls, and if there is a
|
||||||
|
token-authenticated user (in a web application) it will have the token
|
||||||
|
injected for you.</p>
|
||||||
|
</div>
|
||||||
|
<div class="admonitionblock tip">
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td class="icon">
|
||||||
|
<div class="title">Tip</div>
|
||||||
|
</td>
|
||||||
|
<td class="content">
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>To set an RSA key value in YAML use the "pipe" continuation
|
||||||
|
marker to split it over multiple lines ("|") and remember to indent
|
||||||
|
the key value (it’s a standard YAML language feature). Example:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-yaml" data-lang="yaml">oauth2:
|
||||||
|
resource:
|
||||||
|
jwt:
|
||||||
|
keyValue: |
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC...
|
||||||
|
-----END PUBLIC KEY-----</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_access_decision_rules">Access Decision Rules</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>By default the whole application will be secured with OAuth2 with the
|
||||||
|
same access rule ("authenticated"). This includes the Actuator
|
||||||
|
endpoints, which you might prefer to be secured differently, so Spring
|
||||||
|
Cloud Security provides a configurer callback that lets you change the
|
||||||
|
matching and access rules for OAuth2 authentication. Any bean of type
|
||||||
|
<code>OAuth2SsoConfigurer</code> (there is a convenient empty base class) will
|
||||||
|
get 2 callbacks, one to set the request matchers for the OAuth2
|
||||||
|
filter, and one with the full <code>HttpSecurity</code> builder (so you can set
|
||||||
|
up all sorts of behaviour, but the main application is to control
|
||||||
|
access rules).</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>The default login path, i.e. the one that triggers the redirect to the
|
||||||
|
OAuth2 Authorization Server, is "/login". It will always be added to
|
||||||
|
the matching patterns for the OAuth2 SSO, even if you have
|
||||||
|
<code>OAuth2SsoConfigurer</code> beans as well. The default logout path is
|
||||||
|
"/logout" and it gets similar treatment, as does the "home" page
|
||||||
|
(which is the logout success page, defaults to "/"). Those paths can
|
||||||
|
be overriden by setting <code>spring.oauth2.sso.*' (`loginPath</code>, <code>logoutPath</code> and
|
||||||
|
<code>home.path</code>).</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>For example if you want the resources under "/ui/**" to be protected with OAuth2:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Configuration
|
||||||
|
@EnableOAuth2Sso
|
||||||
|
@EnableAutoConfiguration
|
||||||
|
protected static class TestConfiguration extends OAuth2SsoConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
public void match(RequestMatchers matchers) {
|
||||||
|
matchers.antMatchers("/ui/**");
|
||||||
|
}
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>In this case the rest of the application will default to the normal
|
||||||
|
Spring Boot access control (Basic authentication, or whatever custom
|
||||||
|
filters you put in place).</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_integrating_with_the_actuator_endpoints">Integrating with the Actuator Endpoints</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>The Spring Boot Actuator endpoints ("/env", "/metrics", etc.) if
|
||||||
|
present will, by default, be protected by the standard Spring Boot
|
||||||
|
basic authentication. The SSO authentication filter is added in a
|
||||||
|
position directly behind the filter that intercepts requests to the
|
||||||
|
Actuator endpoints by default (i.e.
|
||||||
|
<code>ManagementProperties.BASIC_AUTH_ORDER + 1</code> which is
|
||||||
|
<code>Ordered.LOWEST_PRECEDENCE-9</code> or <code>2147483636</code>). If you want to change
|
||||||
|
the order you can set <code>spring.oauth2.sso.filterOrder</code>. If you do that
|
||||||
|
and the value is less than the default, then you will need to consider
|
||||||
|
setting the access rules for the Actuator, since they will become
|
||||||
|
accessible to all authenticated users who sign on with the external
|
||||||
|
provider. One way to do that would be to set
|
||||||
|
<code>management.contextPath=/admin</code> (for instance) and use an
|
||||||
|
<code>OAuth2SsoConfigurer</code> to set the access rules, e.g.</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java"> @Configuration
|
||||||
|
@EnableOAuth2Sso
|
||||||
|
@EnableAutoConfiguration
|
||||||
|
protected static class TestConfiguration extends OAuth2SsoConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
public void configure(HttpSecurity http) {
|
||||||
|
http.authorizeRequests()
|
||||||
|
.antMatchers("/admin/**").role("ADMIN")
|
||||||
|
.anyRequest().authenticated();
|
||||||
|
}
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_resource_server">Resource Server</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>The <code>@EnableOAuth2Resource</code> annotation will protect your API endpoints
|
||||||
|
if you have the same environment settings as the SSO client, except
|
||||||
|
that it doesn’t need a <code>tokenUri</code> or <code>authorizationUri</code>, and it also
|
||||||
|
doesn’t need a <code>clientId</code> and <code>clientSecret</code> if it isn’t using the
|
||||||
|
<code>tokenInfoUri</code> (i.e. if it has <code>jwt.*</code> or <code>userInfoUri</code>).</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>By default <strong>all</strong> your endpoints are protected (i.e. "/**") but you can
|
||||||
|
pick and choose by adding a <code>ResourceServerConfigurerAdapter</code> (standard
|
||||||
|
Spring OAuth feature), e.g. to protect only the "/api/**" resources</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">Application.java</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@RestController
|
||||||
|
@EnableOAuth2Resource
|
||||||
|
class Application extends ResourceServerConfigurerAdapter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(HttpSecurity http) throws Exception {
|
||||||
|
http.requestMatchers()
|
||||||
|
.antMatchers("/api/**")
|
||||||
|
.and()
|
||||||
|
.authorizeRequests()
|
||||||
|
.anyRequest().authenticated();
|
||||||
|
}
|
||||||
|
|
||||||
|
@RequestMapping("/api")
|
||||||
|
public String home() {
|
||||||
|
return "Hello World";
|
||||||
|
}
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_customizing_the_jwt_token_converter">Customizing the JWT Token Converter</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>When a resource server accepts an access token as a JWT, it has to
|
||||||
|
convert it to an <code>Authentication</code> so that Spring Security can do its
|
||||||
|
access decisions. Different token providers might support JWT tokens
|
||||||
|
with different contents, so Spring OAuth2 has an abstraction for
|
||||||
|
converting the token into security domain objects
|
||||||
|
(<code>AccessTokenConverter</code>). You can modify the default behaviour easily
|
||||||
|
by providing a <code>@Bean</code> of type <code>JwtAccessTokenConverterConfigurer</code>,
|
||||||
|
e.g.</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Component
|
||||||
|
public class JwtCustomization extends DefaultAccessTokenConverter implements
|
||||||
|
JwtAccessTokenConverterConfigurer {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(JwtAccessTokenConverter converter) {
|
||||||
|
converter.setAccessTokenConverter(this);
|
||||||
|
}
|
||||||
|
|
||||||
|
... // implement custom AccessTokenConverter here
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_token_relay">Token Relay</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>A Token Relay is where an OAuth2 consumer acts as a Client and
|
||||||
|
forwards the incoming token to outgoing resource requests. The
|
||||||
|
consumer can be a pure Client (like an SSO application) or a Resource
|
||||||
|
Server.</p>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_client_token_relay">Client Token Relay</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>If your app has a
|
||||||
|
<a href="http://cloud.spring.io/spring-cloud.html#netflix-zuul-reverse-proxy">Spring
|
||||||
|
Cloud Zuul</a> embedded reverse proxy (using <code>@EnableZuulProxy</code>) then you
|
||||||
|
can ask it to forward OAuth2 access tokens downstream to the services
|
||||||
|
it is proxying. Thus the SSO app above can be enhanced simply like this:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">app.groovy</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Controller
|
||||||
|
@EnableOAuth2Sso
|
||||||
|
@EnableZuulProxy
|
||||||
|
class Application {
|
||||||
|
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>and it will (in addition to loggin the user in and grabbing a token)
|
||||||
|
pass the authentication token downstream to the <code>/proxy/*</code>
|
||||||
|
services. If those services are implemented with
|
||||||
|
<code>@EnableOAuth2Resource</code> then they will get a valid token in the
|
||||||
|
correct header.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>How does it work? The <code>@EnableOAuth2Sso</code> annotation pulls in
|
||||||
|
<code>spring-cloud-starter-security</code> (which you could do manually in a
|
||||||
|
traditional app), and that in turn triggers some autoconfiguration for
|
||||||
|
a <code>ZuulFilter</code>, which itself is activated because Zuul is on the
|
||||||
|
classpath (via <code>@EnableZuulProxy</code>). The
|
||||||
|
<a href="https://github.com/spring-cloud/spring-cloud-security/tree/master/src/main/java/org/springframework/cloud/security/oauth2/proxy/OAuth2TokenRelayFilter.java">filter</a>
|
||||||
|
just extracts an access token from the currently authenticated user,
|
||||||
|
and puts it in a request header for the downstream requests.</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect3">
|
||||||
|
<h4 id="_resource_server_token_relay">Resource Server Token Relay</h4>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>If your app has <code>@EnableOAuth2Resource</code> and also is a Client (i.e. it
|
||||||
|
has a <code>spring.oauth2.client.clientId</code>, even if it doesn’t use it),
|
||||||
|
then the <code>OAuth2RestOperations</code> that is provided for <code>@Autowired</code>
|
||||||
|
users by Spring Cloud (it is declared as <code>@Primary</code>) will also forward
|
||||||
|
tokens. If you don’t want to forward tokens (and that is a valid
|
||||||
|
choice, since you might want to act as yourself, rather than the
|
||||||
|
client that sent you the token), then you only need to create your own
|
||||||
|
<code>OAuth2RestOperations</code> instead of autowiring the default one. Here’s
|
||||||
|
a basic example showing the use of the autowired rest template ("foo.com"
|
||||||
|
is a Resource Server accepting the same tokens as the surrounding app):</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">MyController.java</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-java" data-lang="java">@Autowired
|
||||||
|
private OAuth2RestOperations restTemplate;
|
||||||
|
|
||||||
|
@RequestMapping("/relay")
|
||||||
|
public String relay() {
|
||||||
|
ResponseEntity<String> response =
|
||||||
|
restTemplate.getForEntity("https://foo.com/bar", String.class);
|
||||||
|
return "Success! (" + response.getBody() + ")";
|
||||||
|
}</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="sect1">
|
||||||
|
<h2 id="_configuring_authentication_downstream_of_a_zuul_proxy">Configuring Authentication Downstream of a Zuul Proxy</h2>
|
||||||
|
<div class="sectionbody">
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>You can control the authorization behaviour downstream of an
|
||||||
|
<code>@EnableZuulProxy</code> through the <code>proxy.auth.*</code> settings. Example:</p>
|
||||||
|
</div>
|
||||||
|
<div class="listingblock">
|
||||||
|
<div class="title">application.yml</div>
|
||||||
|
<div class="content">
|
||||||
|
<pre class="highlight"><code class="language-yaml" data-lang="yaml">proxy:
|
||||||
|
auth:
|
||||||
|
routes:
|
||||||
|
customers: oauth2
|
||||||
|
stores: passthru
|
||||||
|
recommendations: none</code></pre>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>In this example the "customers" service gets an OAuth2 token relay,
|
||||||
|
the "stores" service gets a passthrough (the authorization header is
|
||||||
|
just passed downstream), and the "recommendations" service has its
|
||||||
|
authorization header removed. The default behaviour is to do a token
|
||||||
|
relay if there is a token available, and passthru otherwise.</p>
|
||||||
|
</div>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>See
|
||||||
|
<a href="https://github.com/spring-cloud/spring-cloud-security/tree/master/src/main/java/org/springframework/cloud/security/oauth2/proxy/ProxyAuthenticationProperties">
|
||||||
|
ProxyAuthenticationProperties</a> for full details.</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div id="footer">
|
||||||
|
<div id="footer-text">
|
||||||
|
Last updated 2016-08-18 14:22:47 +02:00
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
Reference in New Issue
Block a user