• 周五. 12月 2nd, 2022

5G编程聚合网

5G时代下一个聚合的编程学习网

热门标签

Spring cloud data flow integrates UAA using external database and API interface

[db:作者]

1月 6, 2022

My latest and most complete articles are in Pumpkin slow down www.pkslow.com , Welcome to tea !

1 Preface

Previous post 《Spring Cloud Data Flow Integrate Cloudfoundry UAA Services do access control 》 It describes how to use UAA To protect the Spring Cloud Data Flow, But using an in memory database , restart UAA Then the configuration information is lost . And it needs to pass Ruby gem install uaac Command line tools , A little bit of a problem , Not everyone can use it Ruby Of .

This article will solve these two problems , Problem one is that by introducing PostgreSQL To solve ; Question 2 passed UAA REST API To solve .

Spring Cloud Data Flow Related articles :

Spring Cloud Data Flow First experience , With Local mode

hold Spring Cloud Data Flow Deployed in Kubernetes On , Try another mission

Spring Cloud Data Flow use Shell To operate , Easy to set up CICD

By Spring There’s a hole in it , Check the source code and finally solve it DataFlow Deploy K8s Application problems

2 Connect PostgreSQL database

For convenience , We go through Docker To start up PostgreSQL, You can refer to 《Docker start-up PostgreSQL And recommend several connection tools 》, The order is as follows :

docker run -itd \
--name pkslow-postgres \
-e POSTGRES_DB=pkslow \
-e POSTGRES_USER=pkslow \
-e POSTGRES_PASSWORD=pkslow \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-p 5432:5432 \
postgres:10

To configure uaa.yml The connection to the database is as follows :

spring_profiles: default,postgresql
database:
driverClassName: org.postgresql.Driver
url: jdbc:postgresql://localhost:5432/pkslow
username: pkslow
password: pkslow
maxactive: 15
maxidle: 10
minidle: 3
removeabandoned: false
logabandoned: true
abandonedtimeout: 300
evictionintervalms: 15000
caseinsensitive: false

Configuration complete, start UAA, You can see that PostgreSQL Many related tables have been generated automatically .

These tables are still very useful , You can see some default configurations and correlations . Table structure and data is an important entry to understand logic .

3 adopt UAA API To configure

We passed it before uaac Command to create the client 、 Groups and users, etc , This time we don’t rely on uaac, But by visiting Api To operate . Before you use it , We need to add Json rely on , Otherwise, an error will be reported . as follows :

<!--json-->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.9.9</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.9.9</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.9</version>
</dependency>

(1) obtain admin Of Token

We’re going to operate , First of all admin Administrator’s account number , The default username and password are admin:adminsecret, Get it Token The order is as follows :

curl -v -d "username=admin&password=adminsecret&client_id=admin&grant_type=client_credentials" -u "admin:adminsecret" http://localhost:8080/uaa/oauth/token

UAA The server will return a long Token, We need to record it , It will be used in the future .

(2) Create client

One client corresponds to the authentication of one application , Here you create a name called dataflow The client of , The order is as follows :

curl 'http://localhost:8080/uaa/oauth/clients' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1Nxxxxxx' \
-H 'Accept: application/json' \
-d '{
"name" : "dataflow",
"client_id" : "dataflow",
"client_secret" : "dataflow",
"scope" : ["cloud_controller.read", "cloud_controller.write", "openid", "password.write", "scim.userids", "sample.create", "sample.view", "dataflow.create", "dataflow.deploy", "dataflow.destroy", "dataflow.manage", "dataflow.modify", "dataflow.schedule", "dataflow.view"],
"resource_ids" : [ ],
"authorized_grant_types" : [ "password", "authorization_code", "client_credentials", "refresh_token" ],
"redirect_uri" : [ "http://localhost:9393/login" ],
"authorities" : ["uaa.resource", "dataflow.create", "dataflow.deploy", "dataflow.destroy", "dataflow.manage", "dataflow.modify", "dataflow.schedule", "dataflow.view", "sample.view", "sample.create"],
"token_salt" : "m6c6fB",
"autoapprove" : "openid",
"allowedproviders" : [ "uaa", "ldap", "my-saml-provider" ]
}'

Be careful :Bearer And then admin Of Token, It’s too long to post here .

(3) Create groups

Groups correspond to permissions , Only the users in the group , Only then has the related authority . While creating a group , You can also add users , Appoint members Just go , I don’t want to add . The order is as follows :

curl 'http://localhost:8080/uaa/Groups' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzxxx' \
-d '{
"displayName" : "dataflow.view",
"description" : "dataflow.view"
}'

After successful creation, it will return to the group UUID, It needs to be recorded .

(4) Create user

The user mentioned here is the specific user who logs in to the client application , Create users here larry, The password for larry, The order is as follows :

curl 'http://localhost:8080/uaa/Users' -i -X POST \
-H 'Accept: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSxxx' \
-H 'Content-Type: application/json' \
-d '{
"externalId" : "test-user",
"meta" : {
"version" : 0,
"created" : "2020-12-18T15:55:56.465Z"
},
"userName" : "larry",
"name" : {
"formatted" : "Larry Deng",
"familyName" : "Deng",
"givenName" : "Larry"
},
"emails" : [ {
"value" : "[email protected]",
"primary" : true
} ],
"phoneNumbers" : [ {
"value" : "666666"
} ],
"active" : true,
"verified" : true,
"origin" : "",
"password" : "larry",
"schemas" : [ "urn:scim:schemas:core:1.0" ]
}'

After successful creation, it will return to the user UUID, It needs to be recorded .

(5) Add users to groups

When groups and users are created successfully , Just add the user to the group , This is through UUID To relate to , The order is as follows :

curl 'http://localhost:8080/uaa/Groups/d633a216-029b-4f44-a7e0-15c5fd326ef2/members' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzIxxx' \
-d '{"origin":"uaa","type":"USER","value":"a45a62a1-47ad-4345-bcef-ba12d7fd97e4"}'

URL It’s groups UUID, The message body is the user’s UUID.

4 Login authentication

When the configuration is complete , You can view the database to authenticate . Of course, the most intuitive thing is to log in directly Data Flow To have a try :

You can see , user larry Successful landing , And only read-only access , Does not add 、 Modification and other operation functions . This is because we only added one group dataflow.view, Certification by !

5 summary

After knowing the basic operation , Other operations are easy . more API Please check the official website address for the interface :https://docs.cloudfoundry.org/api/uaa/version/74.30.0/index.html .

Please check the code :https://github.com/LarryDpk/pkslow-samples


Welcome to WeChat official account. < Pumpkin slow down >, Will continue to update… For you …

Read more , Share more ; Write more , More finishing .

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注