Skip to content

Commit

Permalink
Merge branch 'main' into maint/rm-app-switcher
Browse files Browse the repository at this point in the history 
# Conflicts:
#	refarch-gateway/README.md
  • Loading branch information
@simonhir
simonhir committed Oct 9, 2024
2 parents a821863 + 94f6ea0 commit dd5a3f4
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 38 deletions.
30 changes: 15 additions & 15 deletions .github/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
changelog:
categories:
# refarch-gateway
- title: Gateway - 💥 Breaking Changes
labels:
- BREAKING
exclude:
labels:
- "Component: Integrations"
- "Component: CLI"
- title: Gateway - 🎉 New Features
labels:
- "Type: Feature"
Expand Down Expand Up @@ -43,15 +50,15 @@ changelog:
labels:
- "Component: Integrations"
- "Component: CLI"
- title: Gateway - 💥 Breaking Changes

# refarch-integrations
- title: Integrations - 💥 Breaking Changes
labels:
- BREAKING
exclude:
labels:
- "Component: Integrations"
- "Component: API-Gateway"
- "Component: CLI"

# refarch-integrations
- title: Integrations - 🎉 New Features
labels:
- "Type: Feature"
Expand Down Expand Up @@ -94,15 +101,15 @@ changelog:
labels:
- "Component: API-Gateway"
- "Component: CLI"
- title: Integrations - 💥 Breaking Changes

# refarch-cli
- title: CLI - 💥 Breaking Changes
labels:
- BREAKING
exclude:
labels:
- "Component: API-Gateway"
- "Component: CLI"

# refarch-cli
- "Component: Integrations"
- title: CLI - 🎉 New Features
labels:
- "Type: Feature"
Expand Down Expand Up @@ -145,10 +152,3 @@ changelog:
labels:
- "Component: API-Gateway"
- "Component: Integrations"
- title: CLI - 💥 Breaking Changes
labels:
- BREAKING
exclude:
labels:
- "Component: API-Gateway"
- "Component: Integrations"
34 changes: 29 additions & 5 deletions refarch-gateway/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,37 @@ Beside the default behaviour there are some special route prefixes which are han
| Var | Description | Example |
|----------------------------------------------------------|----------------------------------------------------|-------------------------------------------------------------------------|
| `SPRING_PROFILES_ACTIVE` | See profiles | `local,hazelcast-local` |
| `SSO_ISSUER_URL` | Url of the oAuth2 server used for authentication. | `https://sso.muenchen.de/auth/realms/muenchen.de` |
| `SSO_CLIENT_ID` | OAuth2 client id used for authentication. | |
| `SSO_CLIENT_SECRET` | OAuth2 client secret used for authentication. | |
| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_ID` | Id of a route definition. | `backend` |
| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_URI` | The uri to route to if this route matches. | `http://backend-service:8080/` |
| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_PREDICATES_<index>` | Route predicates i.e. matcher. | `Path=/api/backend-service/**` |
| `SPRING_CLOUD_GATEWAY_ROUTES_<index>_FILTERS_<index>` | List of filters applied to the route. | `RewritePath=/api/backend-service/(?<urlsegments>.*), /$\{urlsegments}` |
| `ALLOWED_ORIGINS_PUBLIC` (optional) | List of urls allowed as origin for public routes. | `https://*.muenchen.de,http://localhost:*` |
| `ALLOWED_ORIGINS_CLIENTS` (optional) | List of urls allowed as origin for clients routes. | `https://*.muenchen.de,http://localhost:*` |
| `ALLOWED_ORIGINS_PUBLIC` (optional) | List of urls allowed as origin for public routes. | `https://*.example.com,http://localhost:*` |
| `ALLOWED_ORIGINS_CLIENTS` (optional) | List of urls allowed as origin for clients routes. | `https://*.example.com,http://localhost:*` |
| `REFARCH_SECURITY_CSRFWHITELISTED_<index>` (optional) | List of routes to disable csrf protection for. | `/example/**` |

### Security

For authentication via SSO, OAuth2 needs to be configured.
See following example or the [according Spring documentation](https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html).

Alternatively the `no-security` profile can be used.

```yaml
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: "https://sso.example/auth/realms/example"
client:
provider:
sso:
issuer-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}
registration:
sso:
provider: sso
client-id:
client-secret:
# needed for userInfo endpoint
scope: profile, openid
```
18 changes: 15 additions & 3 deletions refarch-gateway/src/main/resources/application-local.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
SSO_ISSUER_URL: http://localhost:8100/auth/realms/local_realm
SSO_CLIENT_ID: local
SSO_CLIENT_SECRET: client_secret
server:
port: 8083
spring:
Expand All @@ -18,3 +15,18 @@ spring:
uri: http://localhost:4173/
predicates:
- "Path=/**"
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8100/auth/realms/local_realm
client:
provider:
sso:
issuer-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}
registration:
sso:
provider: sso
client-id: local
client-secret: client_secret
scope: profile, openid
15 changes: 0 additions & 15 deletions refarch-gateway/src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,6 @@ spring:
indent-output: on
session:
timeout: 1800 # in seconds; Goal: same lifetime as SSO Session, actual: 30 minutes
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${SSO_ISSUER_URL}
client:
provider:
keycloak:
issuer-uri: ${SSO_ISSUER_URL}
registration:
keycloak:
client-id: ${SSO_CLIENT_ID}
client-secret: ${SSO_CLIENT_SECRET}
scope: email, profile, openid # needed for userInfo endpoint
provider: keycloak
cloud:
gateway:
globalcors:
Expand Down

0 comments on commit dd5a3f4

Please sign in to comment.