This application was generated using JHipster 7.1.0, you can find documentation and help at https://www.jhipster.tech/documentation-archive/v7.1.0.
This applicaiton was generated using the Monolithic option in JHipster with H2 in-memory DB for local development and Authentication Type of oauth2
. Code was then added to provide a web API endpoint of /api/gusto-current-user
so that it uses the WebClient class to access an external API at https://api.gusto-demo.com/v1/me
. However, the automatic redirect to the Gusto login page and authorization page appears to not be working. The same code to access the Gusto API is in another sample Spring Boot application (https://github.com/terafuze/spring-security-oauth-5-2-gusto). However, the Gusto login page IS displayed as expected in the spring-security-oauth-5-2-gusto application.
Assuming that you have deployed locally Jhipster 7 monolithic apps with Angular before, the following should be all you need to run this application locally and to re-create the error that I'm facing...
- Start Keycloak in a terminal window:
docker-compose -f src/main/docker/keycloak.yml up
- Start the Spring Boot application using the Maven wrapper:
./mvnw
(on OSx) - Start the frontend Angular app:
npm start
- Go to
http://localhost:9000
in a browser. Sign in as admin/admin. - After logging in, enter the following URL into the browser:
http://localhost:9000/api/gusto-current-user
You will receive the following HTTP response (which will be displayed in the browser):
{
type: "https://www.jhipster.tech/problem/problem-with-message",
title: "Internal Server Error",
status: 500,
detail: "[client_authorization_required] Authorization required for Client Registration Id: gusto",
path: "/api/gusto-current-user",
message: "error.http.500"
}
com.mycompany.myapp.web.rest.GustoRestController.java
package com.mycompany.myapp.web.rest;
import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
import com.mycompany.myapp.models.CurrentUserResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.reactive.function.client.WebClient;
@RestController
@RequestMapping("/api")
public class GustoRestController {
private final Logger log = LoggerFactory.getLogger(GustoRestController.class);
@Value("${gusto-api.current-user-endpoint}")
private String currentUserEndpoint;
@Value("${gusto-api.employees-endpoint}")
private String employeesEndpoint;
@Autowired
private WebClient webClient;
public GustoRestController() {}
@GetMapping(value = "/gusto-token")
public String gustoToken(@RegisteredOAuth2AuthorizedClient("gusto") OAuth2AuthorizedClient gustoAuthorizedClient) {
log.debug("Gusto Access Token: {}", gustoAuthorizedClient.getAccessToken().getTokenValue());
return gustoAuthorizedClient.getAccessToken().getTokenValue();
}
@GetMapping(value = "/gusto-current-user")
public ResponseEntity<CurrentUserResponse> getCurrentUser(
@RegisteredOAuth2AuthorizedClient("gusto") OAuth2AuthorizedClient gustoAuthorizedClient
) {
log.debug("Gusto Access Token: {}", gustoAuthorizedClient.getAccessToken().getTokenValue());
ResponseEntity<CurrentUserResponse> response =
this.webClient.get()
.uri(this.currentUserEndpoint)
.attributes(clientRegistrationId("gusto"))
.retrieve()
.toEntity(CurrentUserResponse.class)
.block();
log.debug("Got HTTP Response!");
CurrentUserResponse currentUser = response.getBody();
log.info("Current User: {}", currentUser.toString());
return response;
}
}
com.mycompany.myapp.config.WebClientConfig.java
@Configuration
public class WebClientConfig {
@Bean
WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) {
ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2Client = new ServletOAuth2AuthorizedClientExchangeFilterFunction(
authorizedClientManager
);
oauth2Client.setDefaultClientRegistrationId("gusto");
oauth2Client.setDefaultOAuth2AuthorizedClient(false);
return WebClient.builder().apply(oauth2Client.oauth2Configuration()).filter(WebClientFilter.logRequest()).build();
}
@Bean
OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository
) {
OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder
.builder()
.authorizationCode()
.refreshToken()
.build();
// use the Default OAuth2 Authorized Client Manager as the authorized client manager.
DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
clientRegistrationRepository,
authorizedClientRepository
);
// Configure the Authorized Client Manager with the Authorized Client Provider
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
}
src/main/resources/application.yml
security:
oauth2:
client:
provider:
gusto:
authorization-uri: https://api.gusto-demo.com/oauth/authorize
token-uri: https://api.gusto-demo.com/oauth/token
oidc:
issuer-uri: http://localhost:9080/auth/realms/jhipster
registration:
gusto:
provider: gusto
client-id: igF4ABTff_pkvy8j8YT39bd1kaWpEq2Vc-Hal6Amlbk
client-secret: iRlKbMWSaaCUTDjkkct1T-GpAgv3mde4OAT1dLw82Os
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/api/authorized/'
oidc:
client-id: web_app
client-secret: web_app
scope: openid,profile,email
gusto-api:
current-user-endpoint: https://api.gusto-demo.com/v1/me
employees-endpoint: https://api.gusto-demo.com/v1/companies/{companyId}/employees
base-uri: https://api.gusto-demo.com/oauth/token
Before you can build this project, you must install and configure the following dependencies on your machine:
- Node.js: We use Node to run a development web server and build the project. Depending on your system, you can install Node either from source or as a pre-packaged bundle.
After installing Node, you should be able to run the following command to install development tools. You will only need to run this command when dependencies change in package.json.
npm install
We use npm scripts and Angular CLI with Webpack as our build system.
Run the following commands in two separate terminals to create a blissful development experience where your browser auto-refreshes when files change on your hard drive.
./mvnw
npm start
Npm is also used to manage CSS and JavaScript dependencies used in this application. You can upgrade dependencies by
specifying a newer version in package.json. You can also run npm update
and npm install
to manage dependencies.
Add the help
flag on any command to see how you can use it. For example, npm help update
.
The npm run
command will list all of the scripts available to run for this project.
Congratulations! You've selected an excellent way to secure your JHipster application. If you're not sure what OAuth and OpenID Connect (OIDC) are, please see What the Heck is OAuth?
To log in to your app, you'll need to have Keycloak up and running. The JHipster Team has created a Docker container for you that has the default users and roles. Start Keycloak using the following command.
docker-compose -f src/main/docker/keycloak.yml up
The security settings in src/main/resources/config/application.yml
are configured for this image.
spring:
...
security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/auth/realms/jhipster
registration:
oidc:
client-id: web_app
client-secret: web_app
JHipster Control Center can help you to manage and control your application(s). You can start a local control center server (accessible on http://localhost:7419) with:
docker-compose -f src/main/docker/jhipster-control-center.yml up
If you'd like to use Okta instead of Keycloak, it's pretty quick using the Okta CLI. After you've installed it, run:
okta register
Then, in your JHipster app's directory, run okta apps create
and select JHipster. This will set up an Okta app for you, create ROLE_ADMIN
and ROLE_USER
groups, create a .okta.env
file with your Okta settings, and configure a groups
claim in your ID token.
Run source .okta.env
and start your app with Maven or Gradle. You should be able to sign in with the credentials you registered with.
If you're on Windows, you should install WSL so the source
command will work.
If you'd like to configure things manually through the Okta developer console, see the instructions below.
First, you'll need to create a free developer account at https://developer.okta.com/signup/. After doing so, you'll get your own Okta domain, that has a name like https://dev-123456.okta.com
.
Modify src/main/resources/config/application.yml
to use your Okta settings.
spring:
...
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://{yourOktaDomain}/oauth2/default
registration:
oidc:
client-id: {clientId}
client-secret: {clientSecret}
security:
Create an OIDC App in Okta to get a {clientId}
and {clientSecret}
. To do this, log in to your Okta Developer account and navigate to Applications > Add Application. Click Web and click the Next button. Give the app a name you’ll remember, specify http://localhost:8080
as a Base URI, and http://localhost:8080/login/oauth2/code/oidc
as a Login Redirect URI. Click Done, then Edit and add http://localhost:8080
as a Logout redirect URI. Copy and paste the client ID and secret into your application.yml
file.
Create a ROLE_ADMIN
and ROLE_USER
group and add users into them. Modify e2e tests to use this account when running integration tests. You'll need to change credentials in src/test/javascript/e2e/account/account.spec.ts
and src/test/javascript/e2e/admin/administration.spec.ts
.
Navigate to API > Authorization Servers, click the Authorization Servers tab and edit the default one. Click the Claims tab and Add Claim. Name it "groups", and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of .*
.
After making these changes, you should be good to go! If you have any issues, please post them to Stack Overflow. Make sure to tag your question with "jhipster" and "okta".
JHipster ships with PWA (Progressive Web App) support, and it's turned off by default. One of the main components of a PWA is a service worker.
The service worker initialization code is disabled by default. To enable it, uncomment the following code in src/main/webapp/app/app.module.ts
:
ServiceWorkerModule.register('ngsw-worker.js', { enabled: false }),
For example, to add Leaflet library as a runtime dependency of your application, you would run following command:
npm install --save --save-exact leaflet
To benefit from TypeScript type definitions from DefinitelyTyped repository in development, you would run following command:
npm install --save-dev --save-exact @types/leaflet
Then you would import the JS and CSS files specified in library's installation instructions so that Webpack knows about them: Edit src/main/webapp/app/app.module.ts file:
import 'leaflet/dist/leaflet.js';
Edit src/main/webapp/content/scss/vendor.scss file:
@import '~leaflet/dist/leaflet.css';
Note: There are still a few other things remaining to do for Leaflet that we won't detail here.
For further instructions on how to develop with JHipster, have a look at Using JHipster in development.
You can also use Angular CLI to generate some custom client code.
For example, the following command:
ng generate component my-component
will generate few files:
create src/main/webapp/app/my-component/my-component.component.html
create src/main/webapp/app/my-component/my-component.component.ts
update src/main/webapp/app/app.module.ts
To build the final jar and optimize the sample application for production, run:
./mvnw -Pprod clean verify
This will concatenate and minify the client CSS and JavaScript files. It will also modify index.html
so it references these new files.
To ensure everything worked, run:
java -jar target/*.jar
Then navigate to http://localhost:8080 in your browser.
Refer to Using JHipster in production for more details.
To package your application as a war in order to deploy it to an application server, run:
./mvnw -Pprod,war clean verify
To launch your application's tests, run:
./mvnw verify
Unit tests are run by Jest. They're located in src/test/javascript/ and can be run with:
npm test
For more information, refer to the Running tests page.
Sonar is used to analyse code quality. You can start a local Sonar server (accessible on http://localhost:9001) with:
docker-compose -f src/main/docker/sonar.yml up -d
Note: we have turned off authentication in src/main/docker/sonar.yml for out of the box experience while trying out SonarQube, for real use cases turn it back on.
You can run a Sonar analysis with using the sonar-scanner or by using the maven plugin.
Then, run a Sonar analysis:
./mvnw -Pprod clean verify sonar:sonar
If you need to re-run the Sonar phase, please be sure to specify at least the initialize
phase since Sonar properties are loaded from the sonar-project.properties file.
./mvnw initialize sonar:sonar
For more information, refer to the Code quality page.
You can use Docker to improve your JHipster development experience. A number of docker-compose configuration are available in the src/main/docker folder to launch required third party services.
For example, to start a postgresql database in a docker container, run:
docker-compose -f src/main/docker/postgresql.yml up -d
To stop it and remove the container, run:
docker-compose -f src/main/docker/postgresql.yml down
You can also fully dockerize your application and all the services that it depends on. To achieve this, first build a docker image of your app by running:
./mvnw -Pprod verify jib:dockerBuild
Then run:
docker-compose -f src/main/docker/app.yml up -d
For more information refer to Using Docker and Docker-Compose, this page also contains information on the docker-compose sub-generator (jhipster docker-compose
), which is able to generate docker configurations for one or several JHipster applications.
To configure CI for your project, run the ci-cd sub-generator (jhipster ci-cd
), this will let you generate configuration files for a number of Continuous Integration systems. Consult the Setting up Continuous Integration page for more information.