The brackets at the end of each step indicate the alias’s or IntelliJ Live Templates to use. You can find the template definitions at mraible/idea-live-templates.
-
Create a Eureka Server
http https://start.spring.io/starter.zip javaVersion==11 \ artifactId==discovery-service name==eureka-service \ dependencies==cloud-eureka-server baseDir==discovery-service | tar -xzvf -
-
Create a Car Service
http https://start.spring.io/starter.zip \ artifactId==car-service name==car-service baseDir==car-service \ dependencies==actuator,cloud-eureka,data-jpa,h2,data-rest,web,devtools,lombok | tar -xzvf -
-
Create an API Gateway
http https://start.spring.io/starter.zip \ artifactId==api-gateway name==api-gateway baseDir==api-gateway \ dependencies==cloud-eureka,cloud-feign,data-rest,web,cloud-hystrix,lombok | tar -xzvf -
-
Install Java 11 with SDKMAN! https://sdkman.io/
sdk list java sdk install java 11.0.2-open sdk default java 11.0.2-open
-
Add
@EnableEurekaServerand properties to set port and turn off discoveryserver.port=8761 eureka.client.register-with-eureka=false
-
Add
@EnableDiscoveryClientto main classes incar-serviceandapi-gateway -
Configure
car-serviceto run on8090and set its nameserver.port=8090 spring.application.name=car-service
-
Add an application name to the
api-gatewayprojectspring.application.name=api-gateway
-
Create an API with Spring Boot and Spring Data [
boot-entity-lombok,boot-repo,boot-data] -
Show Lombok plugin is installed in IntelliJ
-
Configure gateway to enable resilient server-to-server communication
@EnableFeignClients @EnableCircuitBreaker
-
Create a
Carclass with@Data -
Create a feign client and cool car controller [
feign-client,cool-car-adapter] -
Add
@HystrixCommandfor failover [hystrix-fallback] -
Start all servers, view Eureka server, and https://localhost:8080/cool-cars endpoint
-
Add Okta Spring Boot starter to
api-gatewayandcar-service[okta-maven-boot]<dependency> <groupId>com.okta.spring</groupId> <artifactId>okta-spring-boot-starter</artifactId> <version>1.4.0</version> </dependency>
-
Create a web app on Okta, use
http://localhost:8080/login/oauth2/code/oktafor redirect URI -
Populate Okta properties in
application.propertiesokta.oauth2.issuer=$issuer okta.oauth2.client-id=$clientId okta.oauth2.client-secret=$clientSecret
-
Create a
SecurityConfigurationclass, and enable OAuth Login and a Resource Server [ss-resource-config]@EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests().anyRequest().authenticated() .and() .oauth2Login() .and() .oauth2ResourceServer().jwt(); // @formatter:on } } -
Enable Resource Server in the
car-serviceapplication [ss-resource-config] -
Create
UserFeignClientInterceptorto addAuthorizationheader inapi-gateway[feign-interceptor] -
Register interceptor as a bean [
feign-bean]@Bean public RequestInterceptor getUserFeignClientInterceptor(OAuth2AuthorizedClientService clientService) { return new UserFeignClientInterceptor(clientService); } -
Make Feign Spring Security-aware
feign.hystrix.enabled=true hystrix.shareSecurityContext=true
-
Restart all apps and show with security enabled
-
Add Zuul as a dependency and
@EnableZuulProxy<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-zuul</artifactId> </dependency>
-
Create an
AuthorizationHeaderFilterto pass the access token to proxied routes [zuul-auth-header] -
Register
AuthorizationHeaderFilterfilter as a bean [zuul-bean]@Bean public AuthorizationHeaderFilter authHeaderFilter(OAuth2AuthorizedClientService clientService) { return new AuthorizationHeaderFilter(clientService); } -
Add Zuul routes for
/carsand/home[zuul-routes] -
Add
HomeControllerto thecar-service[zuul-home] -
Restart and confirm
http://localhost:8080/carsandhttp://localhost:8080/homeroutes work -
Fin! 🏁