You would need to copy and paste the same information into several modules/apps when you want to re-use it (=> Antipattern)
Closely related to the re-usability aspect, you need to come up with a standardized format (e.g. do you prefer the properties ‘protocol’, ‘hostname’, ‘port’ or would you rather combine them to ‘URL’?). It’s crucial to enforce this format across all destinations
Never ever (ever!) add sensitive information, such as passwords, to your code! I think I don’t need to explain this one
Authentication strategies vary access different destinations types and you need to implement each single one
Dev tools (like code generators) have virtually no use if they cannot access supporting information
I recommend that you enter them on the subaccount level in the Cloud Foundry environment (it’s also possible to add them on the service instance level).
This service is able to read and transmit the information you stored in the previous step it securely.
This service issues a JWT token to authenticate to the destinations service instance.
Same as the previous step, just filter the marketplace for “trust” instead.
const request = require('request');
const cfenv = require('cfenv');
/*********************************************************************
*************** Step 1: Read the environment variables ***************
*********************************************************************/
const oServices = cfenv.getAppEnv().getServices();
const uaa_service = cfenv.getAppEnv().getService('uaa_service');
const dest_service = cfenv.getAppEnv().getService('destination_service');
const sUaaCredentials = dest_service.credentials.clientid + ':' + dest_service.credentials.clientsecret;
const sDestinationName = 'scp';
const sEndpoint = '/secure/';
/*********************************************************************
**** Step 2: Request a JWT token to access the destination service ***
*********************************************************************/
const post_options = {
url: uaa_service.credentials.url + '/oauth/token',
method: 'POST',
headers: {
'Authorization': 'Basic ' + Buffer.from(sUaaCredentials).toString('base64'),
'Content-type': 'application/x-www-form-urlencoded'
},
form: {
'client_id': dest_service.credentials.clientid,
'grant_type': 'client_credentials'
}
}
request(post_options, (err, res, data) => {
if (res.statusCode === 200) {
/*************************************************************
*** Step 3: Search your destination in the destination service ***
*************************************************************/
const token = JSON.parse(data).access_token;
const get_options = {
url: dest_service.credentials.uri + '/destination-configuration/v1/destinations/' + sDestinationName,
headers: {
'Authorization': 'Bearer ' + token
}
}
request(get_options, (err, res, data) => {
/*********************************************************
********* Step 4: Access the destination securely *******
*********************************************************/
const oDestination = JSON.parse(data);
const token = oDestination.authTokens[0];
const options = {
method: 'GET',
url: oDestination.destinationConfiguration.URL + sEndpoint,
headers: {
'Authorization': `${token.type} ${token.value}`
}
};
request(options).on('data', (s) => {
console.log(s.toString())
});
});
}
});
from cfenv import AppEnv
import requests
import base64
######################################################################
############### Step 1: Read the environment variables ###############
######################################################################
env = AppEnv()
uaa_service = env.get_service(name='uaa_service')
dest_service = env.get_service(name='destination_service')
sUaaCredentials = dest_service.credentials["clientid"] + ':' + dest_service.credentials["clientsecret"]
sDestinationName = 'scp'
######################################################################
#### Step 2: Request a JWT token to access the destination service ###
######################################################################
headers = {'Authorization': 'Basic '+base64.b64encode(sUaaCredentials), 'content-type': 'application/x-www-form-urlencoded'}
form = [('client_id', dest_service.credentials["clientid"] ), ('grant_type', 'client_credentials')]
r = requests.post(uaa_service.credentials["url"] + '/oauth/token', data=form, headers=headers)
######################################################################
####### Step 3: Search your destination in the destination service #######
######################################################################
token = r.json()["access_token"]
headers= { 'Authorization': 'Bearer ' + token }
r = requests.get(dest_service.credentials["uri"] + '/destination-configuration/v1/destinations/'+sDestinationName, headers=headers)
######################################################################
############### Step 4: Access the destination securely ###############
######################################################################
destination = r.json()
token = destination["authTokens"][0]
headers= { 'Authorization': token["type"] + ' ' + token["value"] }
r = requests.get(destination["destinationConfiguration"]["URL"] + '/secure/', headers=headers)
print(r.text)
I recommend that you enter them on the subaccount level in the Cloud Foundry environment (it’s also possible to add them on the service instance level).
resources:
- name: uaa_service
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
- name: destination_service
parameters:
service-plan: lite
service: destination
type: org.cloudfoundry.managed-service
"routes": [{
"source": "^/scp/(.*)",
"target": "/$1",
"destination": "scp"
}...
$.get('/scp/secure').then((sMsg)=>{alert(sMsg)});
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
26 | |
22 | |
19 | |
13 | |
10 | |
9 | |
9 | |
8 | |
7 | |
7 |