• This repository has been archived on 05/Apr/2022
  • Stars
    star
    523
  • Rank 84,684 (Top 2 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created about 10 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Security concerns for distributed applications implemented in Spring

spring-cloud-security is no longer actively maintained by VMware, Inc.

Gitter

Spring Cloud Security offers a set of primitives for building secure applications and services with minimum fuss. A declarative model which can be heavily configured externally (or centrally) lends itself to the implementation of large systems of co-operating, remote components, usually with a central indentity management service. It is also extremely easy to use in a service platform like Cloud Foundry. Building on Spring Boot and Spring Security OAuth2 we can quickly create systems that implement common patterns like single sign on, token relay and token exchange.

Warning
In a future major release, the functionality contained in this project will move to the respective projects.

Upgrading to 1.1.0

Most of the OAuth2 features moved from this project to Spring Boot 1.3, so from version 1.1 things are a little different here. Here is a guide to the available features as they were in 1.0, but with new names and slightly new APIs.

As in 1.0, an app will activate @EnableOAuth2Sso if you bind provide some following properties in the Environment.

You can still customize the access rules in an SSO application, but instead of a specific callback (the old OAuth2SsoConfigurer) all you do now is add @EnableOAuth2Sso to a WebSecurityConfigurerAdapter. For example if you want the resources under "/ui/**" to be protected with OAuth2:

@Configuration
@EnableOAuth2Sso
@EnableAutoConfiguration
protected static class TestConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    public void match(RequestMatchers matchers) {
        matchers.antMatchers("/ui/**")
            .authorizeRequests().anyRequest().authenticated();
    }
}

In this case the rest of the application will default to the normal Spring Boot access control for other paths (Basic authentication, or whatever custom filters you put in place).

There is no @EnableOAuth2Resource annotation in Spring Cloud 1.1. You just use the regular @EnableResourceServer from Spring OAuth.

Building

Basic Compile and Test

To build the source you will need to install JDK 1.8.

Spring Cloud uses Maven for most build-related activities, and you should be able to get off the ground quite quickly by cloning the project you are interested in and typing

$ ./mvnw install
Note
You can also install Maven (>=3.3.3) yourself and run the mvn command in place of ./mvnw in the examples below. If you do that you also might need to add -P spring if your local Maven settings do not contain repository declarations for spring pre-release artifacts.
Note
Be aware that you might need to increase the amount of memory available to Maven by setting a MAVEN_OPTS environment variable with a value like -Xmx512m -XX:MaxPermSize=128m. We try to cover this in the .mvn configuration, so if you find you have to do it to make a build succeed, please raise a ticket to get the settings added to source control.

For hints on how to build the project look in .travis.yml if there is one. There should be a "script" and maybe "install" command. Also look at the "services" section to see if any services need to be running locally (e.g. mongo or rabbit). Ignore the git-related bits that you might find in "before_install" since they’re related to setting git credentials and you already have those.

The projects that require middleware generally include a docker-compose.yml, so consider using Docker Compose to run the middeware servers in Docker containers. See the README in the scripts demo repository for specific instructions about the common cases of mongo, rabbit and redis.

Note
If all else fails, build with the command from .travis.yml (usually ./mvnw install).

Documentation

The spring-cloud-build module has a "docs" profile, and if you switch that on it will try to build asciidoc sources from src/main/asciidoc. As part of that process it will look for a README.adoc and process it by loading all the includes, but not parsing or rendering it, just copying it to ${main.basedir} (defaults to ${basedir}, i.e. the root of the project). If there are any changes in the README it will then show up after a Maven build as a modified file in the correct place. Just commit it and push the change.

Working with the code

If you don’t have an IDE preference we would recommend that you use Spring Tools Suite or Eclipse when working with the code. We use the m2eclipse eclipse plugin for maven support. Other IDEs and tools should also work without issue as long as they use Maven 3.3.3 or better.

Activate the Spring Maven profile

Spring Cloud projects require the 'spring' Maven profile to be activated to resolve the spring milestone and snapshot repositories. Use your preferred IDE to set this profile to be active, or you may experience build errors.

Importing into eclipse with m2eclipse

We recommend the m2eclipse eclipse plugin when working with eclipse. If you don’t already have m2eclipse installed it is available from the "eclipse marketplace".

Note
Older versions of m2e do not support Maven 3.3, so once the projects are imported into Eclipse you will also need to tell m2eclipse to use the right profile for the projects. If you see many different errors related to the POMs in the projects, check that you have an up to date installation. If you can’t upgrade m2e, add the "spring" profile to your settings.xml. Alternatively you can copy the repository settings from the "spring" profile of the parent pom into your settings.xml.

Importing into eclipse without m2eclipse

If you prefer not to use m2eclipse you can generate eclipse project metadata using the following command:

$ ./mvnw eclipse:eclipse

The generated eclipse projects can be imported by selecting import existing projects from the file menu.

Contributing

Spring Cloud is released under the non-restrictive Apache 2.0 license, and follows a very standard Github development process, using Github tracker for issues and merging pull requests into master. If you want to contribute even something trivial please do not hesitate, but follow the guidelines below.

Sign the Contributor License Agreement

Before we accept a non-trivial patch or pull request we will need you to sign the Contributor License Agreement. Signing the contributor’s agreement does not grant anyone commit rights to the main repository, but it does mean that we can accept your contributions, and you will get an author credit if we do. Active contributors might be asked to join the core team, and given the ability to merge pull requests.

Code of Conduct

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to [email protected].

Code Conventions and Housekeeping

None of these is essential for a pull request, but they will all help. They can also be added after the original pull request but before a merge.

  • Use the Spring Framework code format conventions. If you use Eclipse you can import formatter settings using the eclipse-code-formatter.xml file from the Spring Cloud Build project. If using IntelliJ, you can use the Eclipse Code Formatter Plugin to import the same file.

  • Make sure all new .java files to have a simple Javadoc class comment with at least an @author tag identifying you, and preferably at least a paragraph on what the class is for.

  • Add the ASF license header comment to all new .java files (copy from existing files in the project)

  • Add yourself as an @author to the .java files that you modify substantially (more than cosmetic changes).

  • Add some Javadocs and, if you change the namespace, some XSD doc elements.

  • A few unit tests would help a lot as well — someone has to do it.

  • If no-one else is using your branch, please rebase it against the current master (or other target branch in the main project).

  • When writing a commit message please follow these conventions, if you are fixing an existing issue please add Fixes gh-XXXX at the end of the commit message (where XXXX is the issue number).

Checkstyle

Spring Cloud Build comes with a set of checkstyle rules. You can find them in the spring-cloud-build-tools module. The most notable files under the module are:

spring-cloud-build-tools/
└── src
 Β Β  β”œβ”€β”€ checkstyle
 Β Β  β”‚Β Β  └── checkstyle-suppressions.xml (3)
 Β Β  └── main
 Β Β      └── resources
 Β Β          β”œβ”€β”€ checkstyle-header.txt (2)
 Β Β          └── checkstyle.xml (1)
  1. Default Checkstyle rules

  2. File header setup

  3. Default suppression rules

Checkstyle configuration

Checkstyle rules are disabled by default. To add checkstyle to your project just define the following properties and plugins.

pom.xml
<properties>
<maven-checkstyle-plugin.failsOnError>true</maven-checkstyle-plugin.failsOnError> (1)
        <maven-checkstyle-plugin.failsOnViolation>true
        </maven-checkstyle-plugin.failsOnViolation> (2)
        <maven-checkstyle-plugin.includeTestSourceDirectory>true
        </maven-checkstyle-plugin.includeTestSourceDirectory> (3)
</properties>

<build>
        <plugins>
            <plugin> (4)
                <groupId>io.spring.javaformat</groupId>
                <artifactId>spring-javaformat-maven-plugin</artifactId>
            </plugin>
            <plugin> (5)
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-checkstyle-plugin</artifactId>
            </plugin>
        </plugins>

    <reporting>
        <plugins>
            <plugin> (5)
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-checkstyle-plugin</artifactId>
            </plugin>
        </plugins>
    </reporting>
</build>
  1. Fails the build upon Checkstyle errors

  2. Fails the build upon Checkstyle violations

  3. Checkstyle analyzes also the test sources

  4. Add the Spring Java Format plugin that will reformat your code to pass most of the Checkstyle formatting rules

  5. Add checkstyle plugin to your build and reporting phases

If you need to suppress some rules (e.g. line length needs to be longer), then it’s enough for you to define a file under ${project.root}/src/checkstyle/checkstyle-suppressions.xml with your suppressions. Example:

projectRoot/src/checkstyle/checkstyle-suppresions.xml
<?xml version="1.0"?>
<!DOCTYPE suppressions PUBLIC
		"-//Puppy Crawl//DTD Suppressions 1.1//EN"
		"https://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
<suppressions>
	<suppress files=".*ConfigServerApplication\.java" checks="HideUtilityClassConstructor"/>
	<suppress files=".*ConfigClientWatch\.java" checks="LineLengthCheck"/>
</suppressions>

It’s advisable to copy the ${spring-cloud-build.rootFolder}/.editorconfig and ${spring-cloud-build.rootFolder}/.springformat to your project. That way, some default formatting rules will be applied. You can do so by running this script:

$ curl https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/.editorconfig -o .editorconfig
$ touch .springformat

IDE setup

Intellij IDEA

In order to setup Intellij you should import our coding conventions, inspection profiles and set up the checkstyle plugin. The following files can be found in the Spring Cloud Build project.

spring-cloud-build-tools/
└── src
 Β Β  β”œβ”€β”€ checkstyle
 Β Β  β”‚Β Β  └── checkstyle-suppressions.xml (3)
 Β Β  └── main
 Β Β      └── resources
 Β Β          β”œβ”€β”€ checkstyle-header.txt (2)
 Β Β          β”œβ”€β”€ checkstyle.xml (1)
 Β Β          └── intellij
 Β Β           Β Β  β”œβ”€β”€ Intellij_Project_Defaults.xml (4)
 Β Β           Β Β  └── Intellij_Spring_Boot_Java_Conventions.xml (5)
  1. Default Checkstyle rules

  2. File header setup

  3. Default suppression rules

  4. Project defaults for Intellij that apply most of Checkstyle rules

  5. Project style conventions for Intellij that apply most of Checkstyle rules

Code style
Figure 1. Code style

Go to File β†’ Settings β†’ Editor β†’ Code style. There click on the icon next to the Scheme section. There, click on the Import Scheme value and pick the Intellij IDEA code style XML option. Import the spring-cloud-build-tools/src/main/resources/intellij/Intellij_Spring_Boot_Java_Conventions.xml file.

Code style
Figure 2. Inspection profiles

Go to File β†’ Settings β†’ Editor β†’ Inspections. There click on the icon next to the Profile section. There, click on the Import Profile and import the spring-cloud-build-tools/src/main/resources/intellij/Intellij_Project_Defaults.xml file.

Checkstyle

To have Intellij work with Checkstyle, you have to install the Checkstyle plugin. It’s advisable to also install the Assertions2Assertj to automatically convert the JUnit assertions

Checkstyle

Go to File β†’ Settings β†’ Other settings β†’ Checkstyle. There click on the + icon in the Configuration file section. There, you’ll have to define where the checkstyle rules should be picked from. In the image above, we’ve picked the rules from the cloned Spring Cloud Build repository. However, you can point to the Spring Cloud Build’s GitHub repository (e.g. for the checkstyle.xml : https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/spring-cloud-build-tools/src/main/resources/checkstyle.xml). We need to provide the following variables:

Important
Remember to set the Scan Scope to All sources since we apply checkstyle rules for production and test sources.

More Repositories

1

spring-mvc-showcase

Demonstrates the features of the Spring MVC web framework
Java
4,994
star
2

spring-security-oauth

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
Java
4,683
star
3

sagan

The spring.io site and reference application
HTML
3,127
star
4

spring-native

Spring Native is now superseded by Spring Boot 3 official native support
Java
2,738
star
5

spring-data-book

Spring Data - The Definitive Guide - Modern Data Access for Enterprise Java Developers
Java
1,379
star
6

greenhouse

Reference web application for Spring technologies and social destination for Spring developers.
Java
1,320
star
7

spring-android-samples

Spring for Android Sample Applications
Java
761
star
8

spring-cloud-gcp

Integration for Google Cloud Platform APIs with Spring
Java
704
star
9

spring-android

Support for Spring's RestTemplate within native Android applications
Java
704
star
10

spring-roo

Spring Roo is a next-generation rapid application development tool for Java developers. It focuses on higher productivity, stock-standard Java APIs, high usability, avoiding engineering trade-offs and facilitating easy Roo removal.
Java
695
star
11

spring-hadoop

Spring for Apache Hadoop is a framework for application developers to take advantage of the features of both Hadoop and Spring.
Java
624
star
12

spring-social

Allows you to connect your applications with SaaS providers such as Facebook and Twitter.
Java
615
star
13

spring-cloud-aws

All development has moved to https://github.com/awspring/spring-cloud-aws Integration for Amazon Web Services APIs with Spring
Java
586
star
14

spring-social-samples

Samples of using Spring Social
Java
532
star
15

spring-hadoop-samples

Spring Hadoop Samples
Java
490
star
16

spring-xd

Spring XD makes it easy to solve common big data problems such as data ingestion and export, real-time analytics, and batch workflow orchestration
Java
481
star
17

spring-scala

Scala
462
star
18

rest-shell

Command-line shell for interacting with Spring HATEOAS-compliant REST resources
Java
455
star
19

spring-data-keyvalue-examples

Examples using Spring Data Key Values features
XSLT
434
star
20

spring-security-saml

SAML extension for the Spring Security project
Java
417
star
21

spring-data-solr

Spring Data - Apache Solr integration
Java
385
star
22

reactive-streams-commons

A joint research effort for building highly optimized Reactive-Streams compliant operators.
Java
353
star
23

spring-integration-kafka

Java
325
star
24

authserver

Java
319
star
25

spring-security-oauth2-boot

Provides spring-security-oauth2 & Boot 2 integration (i.e. autoconfig)
Java
316
star
26

spring-ide

Spring Development Environment for Eclipse
Java
304
star
27

eclipse-integration-gradle

Gradle Tooling for Eclipse
Java
300
star
28

spring-batch-admin

Spring Batch Admin: runtime application and utilities for running Jobs with Spring Batch
Java
271
star
29

spring-social-facebook

Facebook API binding and connect support.
Java
244
star
30

sso

Java
238
star
31

spring-cloud-pipelines

[DEPRECATED] Codebase containing Concourse and Jenkins opinionated pipelines. Moved to https://github.com/CloudPipelines/
Shell
235
star
32

aws-maven

Java
215
star
33

platform

The lean and modular platform for modern applications
Groovy
215
star
34

sample-zuul-filters

Samples of custom Zuul 1 filters for use in Spring Cloud Netflix
Java
209
star
35

spring-integration-java-dsl

Java
193
star
36

top-spring-boot-docker

Spring Boot Docker:: Topical guide to using Docker and how to create container images for Spring Boot applications :: spring-boot
182
star
37

spring-mobile

Extensions to Spring MVC for developing mobile web applications.
Java
181
star
38

spring-xd-samples

Sample starter applications and code for use with the Spring XD project
Java
180
star
39

spring-security-javaconfig

Spring Security Java Configuration Support (to be merged with spring-security-config)
Java
176
star
40

spring-cloud-cluster

This project is now superseded by code in Spring Integration.
Java
155
star
41

head-first-reactive-with-spring-and-reactor

Java
153
star
42

grails-data-mapping

Grails Data Mapping Project
151
star
43

spring-data-document-examples

Examples using Spring Data Document features
Java
148
star
44

spring-cloud-etcd

Java
144
star
45

spring-mobile-samples

Spring Mobile Sample Applications
JavaScript
144
star
46

Spring-Integration-in-Action

Source code to accompany the book
Java
134
star
47

aws-refapp

Refernce app for spring-cloud-aws
Java
132
star
48

spring-social-twitter

Twitter API binding and connect support.
Java
120
star
49

toolsuite-distribution

the distribution build for the Spring Tool Suite and the Groovy/Grails Tool Suite
Shell
109
star
50

spring-sync

Enables efficient communication and data synchronization between clients and Spring server applications.
Java
107
star
51

springbox-cloud

Spring Cloud Reference Application
Java
107
star
52

understanding

105
star
53

zero-downtime-deployment

Code backing up the article about zero downtime deployment
Java
101
star
54

hystrix-dashboard

Java
99
star
55

spring-cloud-stream-app-starters

Starters for Spring Cloud Stream Apps
Java
93
star
56

reactor-samples

Sample code of how to do simple things in Reactor
Java
92
star
57

tensorflow

Java
91
star
58

spring-data-jdbc-ext

Spring Data JDBC Extensions. Support for database specific extensions to standard JDBC including support for Oracle RAC fast connection failover, AQ JMS support and support for using advanced data types.
Java
88
star
59

spring-social-github

Github API binding and connect support.
Java
87
star
60

reactor-spring

Reactor 2.0 Spring Components
Java
87
star
61

spring-data-rest-webmvc

Spring Data REST Exporter starter web application
Java
86
star
62

spring-boot-r2dbc

Experimental Spring Boot support for R2DBC
83
star
63

spring-init

Java
82
star
64

reactor-ipc

Crossing IO boundaries on the JVM with Reactive Streams
CSS
78
star
65

spring-framework-issues

User-contributed projects reproducing issues logged against Spring Framework GitHub issues. Note: this is not the Spring Framework issue tracker -->
Java
78
star
66

spring-cloud-loadbalancer

Exploratory repo for a load balancer implementation. Now part of spring-cloud-commons
Java
74
star
67

spring-social-linkedin

LinkedIn API binding and connect support.
Java
72
star
68

spring-test-htmlunit

Provides integration with Spring Test MVC and HtmlUnit
Java
71
star
69

html5expense

Expense reporting reference app demonstrating HTML5 and cross-platform mobile
JavaScript
71
star
70

scripts

Shell
68
star
71

spring-integration-dsl-scala

Spring Integration Scala DSL
Scala
67
star
72

gs-routing-and-filtering

Routing and Filtering :: Learn how to route and filter requests to a microservice using Netflix Zuul
Java
67
star
73

spring-cloud-dataflow-server-kubernetes

Spring Cloud Data Flow Implementation for Kubernetes
XSLT
65
star
74

spring-data-graph

Provides support to increase developer productivity in Java when using a graph database like Neo4j. Uses familiar Spring concepts such as a template classes for core API usage and provides an annotation based programming model using AspectJ.
Java
65
star
75

spring-gemfire-examples

Sample projects to get started with Spring Gemfire
Java
64
star
76

fortune-teller

Yet another great Spring Cloud sample app...
Java
60
star
77

zuul-server

Java
60
star
78

reactor-core-dotnet

Fluent reactive programming library for C# on top of Reactive-Streams, mirroring the Reactor-Core for JVM
C#
58
star
79

spring-flex

Spring BlazeDS Integration
Java
57
star
80

spring-data-solr-examples

Spring Data Solr - Examples
Java
57
star
81

spring-cloud-config-server-mongodb

Java
57
star
82

spring-integration-dsl-groovy

Groovy DSL for Spring Integration
Groovy
56
star
83

messaging-application

Sample application used for the presentation showing different test types for an event driven application
Java
56
star
84

spring-insight-plugins

Public Repository of Plugins for Spring Insight
Java
55
star
85

propdeps-plugin

New "provided" and "optiona;
Groovy
52
star
86

reactor-scala-extensions

A scala extension for Project Reactor's Flux and Mono
Scala
52
star
87

cdc-debezium

Change Data Capture (CDC) source that captures and streams change events from various databases. Leverages on Debezium and supports MySQL, PostgreSQL, MongoDB, Oracle and SQL Server databases.
Java
52
star
88

reactor-core-js

The Reactive-Streams based implementation of Reactor-Core in Javascript
JavaScript
51
star
89

spring-python

This project has moved to https://github.com/springpython/springpython. This repo is an archived fork and will not see more updates.
Python
49
star
90

spring-data-graph-examples

Examples using Spring Data Graph features
Java
49
star
91

spring-cloud-rsocket

This repository is now inactive. Please see https://github.com/rsocket-routing/
Java
49
star
92

flight627

prototype work towards cloud-based developer tooling
JavaScript
48
star
93

greenhouse-android

Greenhouse native Android client
Java
48
star
94

spring-tenancy

Spring Tenancy
Java
47
star
95

cloudpipelines-scripts

https://cloud.spring.io/cloudpipelines-scripts/
Shell
45
star
96

spring-security-saml-dsl

Spring security okta dsl.
Java
43
star
97

spring-hadoop-samples-old

Sample Applications for getting started with Spring for Apache Hadoop
Java
43
star
98

reactor-tools

A set of tools to improve Project Reactor's debugging and development experience.
Java
43
star
99

spring-cloud-stream-modules

Spring Boot based enterprise integration applications that provide integration with external systems
Java
42
star
100

spring-net-rest

Simplifies communication with HTTP servers, and enforces RESTful principles. It handles HTTP connections, leaving application code to provide URLs (with possible template variables) and extract results.
C#
42
star