org.zalando.stups:spring-boot-zalando-stups-tokens

Tokens Support for Spring-Boot apps

Is a small wrapper around Tokens with lifecycle-management and autoconfiguration-support in Spring-Boot applications.

With this in place you can use the 'AccessTokens' anywhere in your application (@Autowire directly or in a configuration class), use it directly or inject it into some 'TokenProvider'-implementations that delegate somehow.

Install

Maven

Add the following to your pom.xml:

    <dependency>
        <groupId>org.zalando.stups</groupId>
        <artifactId>tokens-spring-boot-starter</artifactId>
        <version>${version}</version>
    </dependency>

Gradle

Add the following to your build.gradle:

compile('org.zalando.stups:tokens-spring-boot-starter:${version}')

Usage in Zalandos K8s environment (with PlatformCredentialsSet)

Only put the dependency into your pom.xml. It uses /meta/credentials as a default folder to look for provided tokens by PlatformCredentialsSet.

Want to migrate from STUPS to K8s? See the hints.

Usage in Zalandos STUPS environment

    tokens:
        accessTokenUri: http://localhost:9191/access_token?realm=whatever
    
        token-configuration-list:
            - tokenId: firstService
              scopes:
                  - read
                  - write
                  - all
            - tokenId: secondService
              scopes: all

Migration from Zalandos STUPS env to Zalandos K8s env

Please make sure the credentials are mounted as shown in the example below.

...
          volumeMounts:
          - name: "{{ APPLICATION }}-credentials"
            mountPath: /meta/credentials
            readOnly: true
      volumes:
        - name: "{{ APPLICATION }}-credentials"
          secret:
            secretName: "{{ APPLICATION }}-credentials"

Please also make sure that token identifiers/names must equal the respective items in credentials.yaml:

apiVersion: "zalando.org/v1"
kind: PlatformCredentialsSet
metadata:
   name: "{{ APPLICATION }}-credentials"
spec:
   application: "{{ APPLICATION }}"
   tokens:
     firstService:
       privileges:
         - com.zalando::read
         - com.zalando::write
         - com.zalando::all
     secondService:
       privileges:
         - com.zalando::all

Build

./mvnw install

License

Copyright © 2015 Zalando SE

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.