This sample is a Java Back-End application that utilizes the Java Security client library to validate JWT tokens issued by the Identity service.
It inspects incoming requests to determine if the user has the appropriate access to resource
by using the IasTokenAuthenticator.
Disclaimer: as of now the Identity tokens can only be validated in case the token from the consuming application is issued for the same Identity tenant.
To deploy the application, the following steps are required:
- Compile the Java application
- Create a ias service instance
- Configure the manifest
- Deploy the application
- Access the application
Run maven to package the application
mvn clean packageUse the ias service broker and create a service instance (don't forget to replace the placeholders)
cf create-service identity application ias-java-securityThe vars contains hosts and paths that need to be adopted.
Deploy the application using cf push. It will expect 1 GB of free memory quota.
cf push --vars-file ../vars.yml-
Follow HowToFetchToken guide to fetch IAS id token.
You can get the information to fill the placeholders from your system environment
cf env java-security-usage-iasCopy the
id_tokento your clipboard. -
Access the app via
curl. Don't forget to fill the placeholders.curl -X GET \ https://java-security-usage-ias-<<ID>>.<<LANDSCAPE_APPS_DOMAIN>>/hello-java-security-ias \ -H 'Authorization: Bearer <<your id_token>>' -
You should see something like this:
You ('<your email>') are authenticated and can access the application.💡 If you call the same endpoint without
Authorizationheader you should get a401.
Finally, delete your application and your service instances using the following commands:
cf us java-security-usage-ias ias-java-security
cf delete -f java-security-usage-ias
cf delete-service -f ias-java-security