This sample is a Java back-end application running on the Cloud Foundry. For all incoming requests it checks whether the user is authorized using the
IasTokenAuthenticator which is defined in the Java Security library.
Disclaimer: as of now the IAS token can only be validated in case the token from the consuming application is issued for the same IAS tenant.
To deploy the application, the following steps are required:
- Compile the Java application
- Create a ias service instance
- Configure the manifest
- Deploy the application
- Access the application
Run maven to package the application
mvn clean packageUse the ias service broker and create a service instance (don't forget to replace the placeholders)
cf create-service identity application ias-java-securityThe vars contains hosts and paths that need to be adopted.
Deploy the application using cf push. It will expect 1 GB of free memory quota.
cf push --vars-file ../vars.yml-
Follow HowToFetchToken guide to fetch IAS id token.
You can get the information to fill the placeholders from your system environment
cf env java-security-usage-iasCopy the
id_tokento your clipboard. -
Access the app via
curl. Don't forget to fill the placeholders.curl -X GET \ https://java-security-usage-ias-<<ID>>.<<LANDSCAPE_APPS_DOMAIN>>/hello-java-security-ias \ -H 'Authorization: Bearer <<your id_token>>' -
You should see something like this:
You ('<your email>') are authenticated and can access the application.💡 If you call the same endpoint without
Authorizationheader you should get a401.
Finally delete your application and your service instances using the following commands:
cf us java-security-usage-ias ias-java-security
cf delete -f java-security-usage-ias
cf delete-service -f ias-java-security