No java code is required to generate microservice applications with security verification through jhipster
< p class = "indent" > let's continue logging in to our application and navigate to the account > login menu item. We will use admin / admin as the credential, and jhipster will be created automatically by default. Everything is going well. The welcome page will display a message confirming the successful login: you are logged in to use "admin"!
Check the L process: first, the gateway sends our credentials to the oauth2 token endpoint of the UAA, which validates them and generates a response containing access and refresh JWT tokens. The gateway then sends these tokens back to the browser as cookies.
This tutorial, from baeldun, mainly shows how to automatically generate secure microservice applications through jphister without writing java code lines, including corner front end and microservice back end. The following are the main steps of translation, including more detailed screenshots of the original text:
In this tutorial, we will explore jhipster's user account and authorization service (UAA) and how to use it to protect fully mature jhipster based microservice applications. Better yet, all this can be done without writing any code!
Jhipster UAA also supports typical login functions, such as self registration and "remember me". Of course, it is fully integrated with other jhipster services.
Before starting any development, we need a running jhipster registry that allows us to create different services to find and communicate with each other.
1. Generate a new jhipster UAA service
This prompts us to answer some custom questions. The first question is what kind of application we want to build. Using the arrow keys, we will select the "jhipster UAA (for microservice oauth2 authentication)" option.
Next, enter the application name, server port, and service discovery. In most cases, the default answer is good.
The basic name of the application affects many generated artifacts, so we choose "UAA" (lowercase).
2. Test UAA service
Since the generated UAA service itself has no UI, we must use direct API calls to test whether it works as expected.
Before using it in other parts or systems, we must ensure that there are two functions: oauth2 token generation and account retrieval.
First, let's use a simple curl command to obtain a new token from the OAuth endpoint of UAA:
Here, we use the password authorization process, using two pairs of credentials. In this process, we use basic HTTP authentication to send client credentials and encode them directly in the URL. End user credentials are sent as part of the principal using standard user name and password parameters. We also use a user account named "user", which is available in the test configuration file by default.
Assuming that we have provided all the details correctly, we will get the answer including access token and refresh token:
We can now use the returned access_ Token to access the account resource and obtain the information of the relevant account. The account resource is available in the UAA service:
Note that we must issue this command before the access token expires. By default, the token issued by the UAA service is valid for 5 minutes, which is a wise value for production.
YML file, modify UAA to change the lifetime of valid tokens. Network client configuration. Access token validity in seconds. This file is located in the Src / main / resources / con fig directory of the UAA project.
3. Generate UAA enabled gateway
Let's continue logging in to our application and navigate to the account > login menu item. We will use admin / admin as the credential, and jhipster will be created automatically by default. Everything is going well. The welcome page will display a message confirming the successful login: you are logged in to use "admin"!
Check the L process: first, the gateway sends our credentials to the oauth2 token endpoint of the UAA, which validates them and generates a response containing access and refresh JWT tokens. The gateway then sends these tokens back to the browser as cookies.
Next, access the front end of / UAA / API / account API, and the gateway forwards it to UAA again. In this process, the gateway obtains the cookie containing the access token and uses its value to add the authorization header to the request.
If necessary, we can check the logs of UAA and gateway to see all these processes in detail. We can also set up org Apache. http. The wire recorder level is debug.