Repository files navigation

This example shows how to create a microservices architecture with Spring Boot and display its data with an Angular UI.

Please readBuild a Microservices Architecture for Microbrews with Spring Boot for a tutorial that shows you how to build this application.

Prerequisites:Java 8 andNode.js.

Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.

• Getting Started
• Help
• Links
• License

To install this example application, run the following commands:

git clone https://github.com/oktadeveloper/spring-boot-microservices-example.gitcd spring-boot-microservices-example

This will get a copy of the project installed locally. To run the client and all the servers, execute./run.sh, or execute thecommands in this file manually.

r=`pwd`echo$r# Eurekacd$r/eureka-serviceecho"Starting Eureka Service..."mvn -q clean spring-boot:run&# Beer Serviceecho"Starting Beer Catalog Service..."cd$r/beer-catalog-servicemvn -q clean spring-boot:run&# Edge Serviceecho"Starting Edge Service..."cd$r/edge-servicemvn -q clean spring-boot:run&# Clientcd$r/clientnpm installecho"Starting Angular Client..."npm start

The primary example (without authentication) is in themaster branch. A pure Spring Security OAuth implementation is in anoauth branch, and an example with the Stormpath SDK is in theokta branch. Both branches use the Okta Sign-In Widget on the front end.

Okta implements theOAuth 2.0 protocol for its API. This means you can use libraries likeSpring Security OAuth to provide single sign-on to your applications.

To check out the branch that uses Spring Security OAuth, run the following command.

git checkout oauth

The code in theoauth branch is described inSecure a Spring Microservices Architecture with Spring Security and OAuth 2.0.

The changes required to move from the Stormpath SDK to Spring Security OAuth can be viewed inpull request #8.

If you don't have one,create an Okta Developer account. After you've completed the setup process, log in to your account and navigate toApplications >Add Application. ClickWeb andNext. On the next page, enter the following values and clickDone.

• Application Name:Spring OAuth
• Base URIs:http://localhost:8081
• Login redirect URIs:http://localhost:8081/login

You need to add aroles claim to your ID Token, so your groups in Okta are translated to Spring Security authorities. In your Okta developer console, navigate toAPI >Authorization Servers, click theAuthorization Servers tab and edit the default one. Click theClaims tab andAdd Claim. Name it "roles" and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of.*.

Changesecurity.oauth2.* properties in the following files to enter your client ID and client secret.

• edge-service/src/main/resources/application.properties
• beer-catalog-service/src/main/resources/application.properties

You can also create a~/.okta.env file to override the properties in these files.

#!/bin/bash# Okta with JHipsterexport SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI="https://{yourOktaDomain}.com/oauth2/default/v1/token"export SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI="https://{yourOktaDomain}.com/oauth2/default/v1/authorize"export SECURITY_OAUTH2_RESOURCE_USER_INFO_URI="https://{yourOktaDomain}.com/oauth2/default/v1/userinfo"export SECURITY_OAUTH2_RESOURCE_TOKEN_INFO_URI="https://{yourOktaDomain}.com/oauth2/default/v1/introspect"export SECURITY_OAUTH2_CLIENT_CLIENT_ID="{clientId}"export SECURITY_OAUTH2_CLIENT_CLIENT_SECRET="{clientSecret}"

Then run the following before starting any servers.

source ~/.okta.env

To use Okta's Sign-In Widget, you'll need to modify your app in Okta to enable anImplicit grant type. Log in to your account, navigate toApplications >Spring OAuth >General tab and clickEdit. EnableImplicit (Hybrid) underAllowed grant types and select both checkboxes below it. Addhttp://localhost:4200 underLogin redirect URIs and clickSave.

In order for the Sign-In Widget to make requests to this application, you'll also need to configure the client URL as a trusted origin. ClickAPI >Trusted Origins >Add Origin. Enterhttp://localhost:4200 as theOrigin URL and select both checkboxes under it.

Change{clientId} and{yourOktaDomain} inclient/src/app/shared/okta/okta.service.ts to match your app's values.

signIn=newOktaSignIn({baseUrl:'https://{yourOktaDomain}.com',clientId:'{clientId}',authParams:{issuer:'default',responseType:['id_token','token'],scopes:['openid','email','profile']}});

To check out the branch that uses the Stormpath SDK, run the following command.

git checkout okta

The code in theokta branch is described inSecure a Spring Microservices Architecture with Spring Security, JWTs, Juiser, and Okta.

You will need tocreate an Okta developer account to configure the Spring Boot side of things. After creating an app and an access token, you should be able to set the following environment variables:

export STORMPATH_CLIENT_BASEURL={baseUrl}export OKTA_APPLICATION_ID={applicationId}export OKTA_API_TOKEN={apiToken}export OKTA_AUTHORIZATIONSERVER_ID=default

After you set these environment variables, make sure to restart your Spring Boot applications.

For Angular, you'll need to create an OIDC app on Okta. Change{clientId} and{yourOktaDomain} inclient/src/app/shared/okta/okta.service.ts to match your app's values.

signIn=newOktaSignIn({baseUrl:'https://{yourOktaDomain}.com',clientId:'{clientId}',authParams:{issuer:'default',responseType:['id_token','token'],scopes:['openid','email','profile']}});

NOTE: The value of{yourOktaDomain} should be something likedev-123456.oktapreview.com. Make sure you don't include-admin in the value!

After making these changes, you should be able to log in with your credentials athttp://localhost:4200.

This example uses the following libraries provided by Okta:

• Stormpath Java SDK
• Okta Sign-In Widget

Please post any questions as comments on the following blog posts, or visit ourOkta Developer Forums. You can also emaildevelopers@okta.com if would like to create a support ticket.

• Build a Microservices Architecture for Microbrews with Spring Boot
• Secure a Spring Microservices Architecture with Spring Security, JWTs, Juiser, and Okta
• Secure a Spring Microservices Architecture with Spring Security and OAuth 2.0

Apache 2.0, seeLICENSE.