Secure Legacy Applications with Spring Cloud Gateway
This repository contains examples of how to secure a "legacy" servlet application Spring Cloud Gateway.
This repository has two examples in it:
cloud-gateway
- A basic Spring Cloud Gateway application that proxies and secures downstream requestslegacy-servlet-app
- A simple servlet application.
- See the Add OAuth 2.0 to Legacy Apps with Spring Cloud Gateway learn more about how these projects were created.
Prerequisites: Java 8.
Spring Cloud Gateway Example
To install this example, run the following commands:
git clone https://github.com/oktadeveloper/okta-legacy-with-cloud-gateway-example.git
cd okta-legacy-with-cloud-gateway-example/cloud-gateway
Create a Web Application in Okta
Log in to your Okta Developer account (or sign up if you don't have an account).
- From the Applications page, choose Add Application.
- On the Create New Application page, select Web.
- Give your app a memorable name, add
http://localhost:8080/login/oauth2/code/okta
as a Login redirect URI, select Refresh Token (in addition to Authorization Code), and click Done.
Copy the issuer (found under API > Authorization Servers), client ID, and client secret into the src/main/resources/application.yml
file of the cloud-gateway
project.
okta:
oauth2:
issuer: https://{yourOktaDomain}/oauth2/default
client-id=$clientId
client-secret=$clientSecret
Then, run the project with: ./mvnw spring-boot:run
Legacy Servlet Application Example
In a seperate terminal window (in the same git repostiory as above) run:
cd legacy-servlet-app
./mvnw jetty:run -Dokta.oauth2.issuer=https://{yourOktaDomain}/oauth2/default
NOTE: the "issuer" must be the same in both projects.
Browse to http://localhost:8080
in an incognito/private window to login and view the user profile data.
Links
These examples uses the following open source libraries:
Help
Please post any questions as comments on the example's blog post, or on the Okta Developer Forums.
License
Apache 2.0, see LICENSE.