Is a small wrapper around Tokens with lifecycle-management and autoconfiguration-support in Spring-Boot applications.
With this in place you can use the 'AccessTokens' anywhere in your application (@Autowire directly or in a configuration class), use it directly or inject it into some 'TokenProvider'-implementations that delegate somehow.
Add the following to your pom.xml
:
<dependency>
<groupId>org.zalando.stups</groupId>
<artifactId>tokens-spring-boot-starter</artifactId>
<version>${version}</version>
</dependency>
Add the following to your build.gradle
:
compile('org.zalando.stups:tokens-spring-boot-starter:${version}')
Only put the dependency into your pom.xml.
It uses /meta/credentials
as a default folder to look for provided tokens by PlatformCredentialsSet
.
Want to migrate from STUPS to K8s? See the hints.
tokens:
accessTokenUri: http://localhost:9191/access_token?realm=whatever
token-configuration-list:
- tokenId: firstService
scopes:
- read
- write
- all
- tokenId: secondService
scopes: all
Please make sure the credentials are mounted as shown in the example below.
...
volumeMounts:
- name: "{{ APPLICATION }}-credentials"
mountPath: /meta/credentials
readOnly: true
volumes:
- name: "{{ APPLICATION }}-credentials"
secret:
secretName: "{{ APPLICATION }}-credentials"
Please also make sure that token identifiers/names must equal the respective items in credentials.yaml
:
apiVersion: "zalando.org/v1"
kind: PlatformCredentialsSet
metadata:
name: "{{ APPLICATION }}-credentials"
spec:
application: "{{ APPLICATION }}"
tokens:
firstService:
privileges:
- com.zalando::read
- com.zalando::write
- com.zalando::all
secondService:
privileges:
- com.zalando::all
./mvnw install
Copyright © 2015 Zalando SE
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.