Skip to content
This repository has been archived by the owner on Jul 3, 2024. It is now read-only.

Latest commit

 

History

History
100 lines (75 loc) · 7.02 KB

README.md

File metadata and controls

100 lines (75 loc) · 7.02 KB

RAM-GUARDS

🌝 Resource Access Management --- Grant User Authorities-Roles-Details Service 🌚

based on this: http://seanthefish.com/2020/07/24/micro-service-authorization/index.html

Overview

RAM-GUARDS is a service help you manage users' resources easier and more flexible in spring boot framework. And it provides a best practice to manager users' resources under spring cloud micro service framework.

In RAM-GUARDS, each user has a three level authority control: authorities-roles-details, resources are under control by authority level and you can select and customize the other level, which gives system designers a lot flexibility. Also you can imeplent your own authorities-roles-details service by DB, webservice or any other way you want. And for ibmers, you can simply use esw-ram provider to manage your authorities-roles-details which RAM-GUARDS default supports.

Developers can also use RAM-GUARDS easily with just a few configurations by two spring boot starter: ram-guards-authorization-server-spring-boot-starter and ram-guards-resource-server-spring-boot-starter.

For ibmers: For ibmers who use ibm-id to provide authentication and esw-ram to provide users' authorities-roles-details service, we also provide a ibmid-resource-server-spring-boot-starter and a ram-guards-zuul-esw-provider-spring-cloud-starter to help developers configurate easier with spring cloud micro service framework under ibm-id oidc protect.

RAM-GUARDS currently only supports java8+, spring boot 2.1.0+

Features

  • Three level authority, you can select any levels you want
  • Customize details level, give you more flexibility
  • Customize service to get your own users' resources(with restful api, db, etc.)
  • JWE encryption through communication
  • Redis cache to speed up request
  • A ram-guards-authorization-server-spring-boot-starter implements OAuth2 password and refresh token grant type
  • A ram-guards-resource-server-spring-boot-starter implements spring security to protect your endpoints and users' resources
  • For ibmers: A ibmid-resource-server-spring-boot-starter to provide authentication add protect your spring boot application under ibm-id oidc in OAuth2 resource server way.
  • For ibmers: A ibmid-client-spring-boot-starter to provide authentication add protect your spring boot application under ibm-id oidc in OAuth2 client way.
  • For ibmers: A ram-guards-zuul-esw-provider-spring-cloud-starter to help developers configurate easier with spring cloud micro service framework using esw-ram authorities-roles-details service provider.
  • For ibmers: Provide ibm system partner usage with a simple and secure way.(different from ibm users usage)

How to use

  • For authorization server:
    • How to configurate and use your RAM-GUARDS authorization server with ram-guards-authorization-server-spring-boot-starter 👉 🌒
  • For resource server:
    • How to configurate and use your RAM-GUARDS resource server with ram-guards-resource-server-spring-boot-starter 👉 🌓
  • For spring cloud:
    • What is the best practice to manage users' resources with spring cloud micro service framework using RAM-GUARDS 👉 🌔
  • For using ibm-id authentication:
    • How to configurate and use your spring boot application under ibm-id oidc protection in OAuth2 resource server way with ibmid-resource-server-spring-boot-starter 👉 🌕
    • How to configurate and use your spring boot application under ibm-id oidc protection in OAuth2 client way with ibmid-client-spring-boot-starter 👉 🌖
  • For using esw-ram provider:
    • How to configurate and use your spring cloud zuul using esw-ram authorities-roles-details service provider with RAM-GUARDS zuul esw provider spring cloud starter 👉 🌗
  • For using system partner call:
    • How to use system partner call in RAM-GUARDS 👉 🌘
  • A PPT of RAM-GUARDS sharing:
    • RAM-GUARDS sharing 👉 🌑

How to run sample

  • First read the documentation above to do some requisite configuration

  • Run eureka server

    • run ./gradlew bootJar -p ram-guards-sample-eureka-server
    • run java -jar ram-guards-sample-eureka-server/build/libs/ram-guards-sample-eureka-server-0.0.1-SNAPSHOT-boot.jar
  • Run RAM-GUARDS authorization server

    • run ./gradlew bootJar -p ram-guards-sample-authorization-server
    • run java -jar ram-guards-sample-authorization-server/build/libs/ram-guards-sample-authorization-server-0.0.1-SNAPSHOT-boot.jar
  • Run RAM-GUARDS resource server

    • run ./gradlew bootJar -p ram-guards-sample-resource-server
    • run java -jar ram-guards-sample-resource-server/build/libs/ram-guards-sample-resource-server-0.0.1-SNAPSHOT-boot.jar
  • Run RAM-GUARDS esw-ram provider zuul

    • run ./gradlew bootJar -p ram-guards-sample-zuul
    • run java -jar ram-guards-sample-zuul/build/libs/ram-guards-sample-zuul-0.0.1-SNAPSHOT-boot.jar

How to test sample

  • Send request to get RAM-GUARDS access_token and refresh_token:
POST /authorize/oauth/token HTTP/1.1
Host: localhost:8769
Header: Authorization: Bearer {ibm_id_id_token_here}

Params: grant_type=password
  • Send request to refresh RAM-GUARDS access_token and refresh_token:
POST /authorize/oauth/token HTTP/1.1
Host: localhost:8769
Header: Authorization: Bearer {ibm_id_id_token_here}

Params: grant_type=refresh_token
&refresh_token={RAM_GUARDS_refresh_token_here}
  • Send request to access RAM-GUARDS resource server and get authorities-roles-details:
GET /client/hi HTTP/1.1
Host: localhost:8769
Header: Authorization: Bearer {ibm_id_id_token_here}
        Ram-Guards: {RAM_GUARDS_access_token_here}

see the ppt inside to get more info