Skip to content

aerius/auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
docker
docker
 
 
scripts
scripts
 
 
source
source
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AERIUS authorization

Spring boot project using Spring Authorization Server to construct the main authorization point for our AERIUS application(s).

Database

This service requires a PostgreSQL database.

Flyway

This project uses Flyway to keep the database in check. This handles migrations/versioning for the database.

JOOQ

This project uses JOOQ to generate java classes, which can be used to query the database in a typesafe manner (less chance of typos).

The generated classes currently are generated by a JOOQ extension: DDLDatabase. The current version works by executing the flyway scripts against a (in-memory) H2 database, and using the resulting database to generate code. This does mean that there are some limits to the SQL use, as for instance a unique constraint on a text column is not supported in H2, and functions won't work either. To avoid problems with that, a combination of comments /* [jooq ignore start] */ and /* [jooq ignore stop] */ can be used to ignore parts of the script.

To generate the JOOQ classes, a normal generate-sources can be used:

mvn clean generate-sources

When adding a script, it's advisable to check if JOOQ can actually handle the SQL before starting the application, as otherwise you'll end up with a version error when you have to adjust the scripts.

Local users

Currently the service has local users: users that can be authenticated by this service itself. In that case, this service is used as the identity provider. In the future we might support other identity providers (federated identity management).

To create a user, there is a convenience method auth.ae_create_local_user. That can be used in the following manner:

-- First argument: username
-- Second argument: The bcrypt encrypted password, without method prefix (this is added by the function).
-- Third argument: the role name, should match the code in auth.roles table.
SELECT auth.ae_create_local_user(
	'someUserName',
	'$2a$12$sG0hLLmx3/3Mjts69Y1Lp.B.EXCH51dnUxkRPXQ2RJ8tsrbU4OsqS',
	'ROLE_NAME');

To link a user to a competent authority, there is a convenience method ``. That can be used as such:

-- First argument: username
-- Second argument: the authority code, should match the code in auth.competent_authorities table.
SELECT auth.ae_link_local_user_authority(
	'someUserName',
	'SOME_AUTHORITY_CODE');

Running

Some pointers to start:

  • Ensure a correct application.properties is available. As a developer, copy the application.properties in the resources dir to the config directory and adjust according to your own environment.
  • Ensure a database is available, and that this is configured properly in the application.properties
  • Start the application

When running locally, using localhost for both the authorization server and the client can cause some cookie issues. To avoid that, use something like 127.0.0.1 aerius-auth-local in your hosts file, and use aerius-auth-local in URL's targetting the authorization server.

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages