Authentication Component
The CROSSMINER Authentication service:
- Provides a centralized mechanisms to securize CROSSMINER's components and manage authentication for all services of the platform.
- Provides user management services, including user registration process, user profile editing and roles based authorization management.
The Authentication server is a component of The CROSSMINER platform which manages the authentication for all services accessible behind the API Gateway.
| Authenticate User | POST | /api/authentication |
| Login a registered user. | ||
JSON Web Token (JWT) is an open industry standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It consists of three parts separated by dots (.), which are:
- Header
- Payload
- Signature
This solution uses a secure token that holds the information that we want to transmit and other information about our token, basically the user’s login name and authorities. (Find more about JWT: https://jwt.io/).
- Users have to login to the authentication service API using their credentials username and password.
curl -i -X POST -H "Content-Type:application/json" http://localhost:8086/api/authentication -d '{"username":"admin", "password": "admin"}'
- Once, the user authenticate, he will get a JWT token in the HTTP Response Authorization Header.
- The generated token will be used by injecting it inside the HTTP Request Authorization Header to get access to the different CROSSMINER's components behind the API Gateway.
curl -i -X GET -H "Content-Type:application/json" -H "Authorization:Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BST0pFQ1RfTUFOQUdFUiIsIlJPTEVfVVNFUiJdLCJpYXQiOjE1MzE4OTk3NDMsImV4cCI6MTUzMTk4NjE0M30.l-iCJcnae-1mlhMb3_y09HM4HZYFaHxe_JctWi2FRUY" http://localhost:8086/api/users
The Authentication component provides web services for CRUD user account.
| Register User | POST | /api/register |
| Register new user. | ||
| Activate User | GET | /api/activate |
| Activate the registered user. | ||
| Update User | PUT | /api/users |
| Update an existing user. | ||
| Retrieve Users | GET | /api/users |
| Get all registered users. | ||
| Retrieve Login User | GET | /api/users/{login} |
| Get the "login" user. | ||
| Delete User | DELETE | /api/users/{login} |
| Delete the "login" user. | ||
The Authentication server parametrize inside an external property file (application.properties) placed in the same execution directory of the Authentication component.
| id : server.port | default : 8085 | |
| Port of the Authentication API server. Each REST request sent to the gateway must be adressed to this port. | ||
| id : apigateway.security.jwt.secret | default : NA | |
| Private key pair which allow to sign jwt tokens using RSA. | ||
| Property | Description | Default Value |
|---|---|---|
| scava.administration.username | The administrator username | admin |
| scava.administration.password | The administrator password | admin |
| scava.administration.admin-role | The admin role | ADMIN |
| scava.administration.project-manager-role | The project manager role | PROJECT_MANAGER |
| scava.administration.project-user-role | The user role | USER |
| Property | Description | Default Value |
|---|---|---|
| spring.data.mongodb.uri | Url of the MongoDB database server | mongodb://localhost:27017 |
| spring.data.mongodb.database | Name of the MongoDB database | scava |
In order to register new users, you have to configure a mail server.
| Property | Description | Default Value |
|---|---|---|
| spring.mail.host | Url of the mail service | smtp.gmail.com |
| spring.mail.port | Port of the mail service | 587 |
| spring.mail.username | Login of the mail account | |
| spring.mail.password | Password of the mail account | |
| spring.mail.protocol | mail protocole | smtp |
| spring.mail.tls | - | true |
| spring.mail.properties.mail.smtp.auth | - | true |
| spring.mail.properties.mail.smtp.starttls.enable | - | true |
| spring.mail.properties.mail.smtp.ssl.trust= | - | smtp.gmail.com |
| id : scava.administration.base-url | default : http://localhost:4200 | |
| The SCAVA administration base URL to generate the activation account URL. | ||
Maven Packaging
mvn -Pprod install- complete an put the "application.properties" configuration file in the execution directory.
- Execute the scava-auth-service-1.0.0.jar Jar.
java -jar scava-auth-service-1.0.0.jar