example.helloworld.CubbyholeAuthenticationTests.java Source code

Java tutorial

  1. HOME
  2. Java
  3. example.helloworld.CubbyholeAuthenticationTests.java

Introduction

Here is the source code for example.helloworld.CubbyholeAuthenticationTests.java

Source

/*
 * Copyright 2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package example.helloworld;

import java.io.File;
import java.util.Collections;
import java.util.Map;

import lombok.extern.slf4j.Slf4j;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.FileSystemResource;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.vault.annotation.VaultPropertySource;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.CubbyholeAuthentication;
import org.springframework.vault.authentication.CubbyholeAuthenticationOptions;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.config.AbstractVaultConfiguration;
import org.springframework.vault.core.RestOperationsCallback;
import org.springframework.vault.core.VaultOperations;
import org.springframework.vault.support.SslConfiguration;
import org.springframework.vault.support.VaultResponse;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestOperations;

import static example.util.WorkDirHelper.*;
import static org.assertj.core.api.Assertions.*;

/**
 * Setup and use Cubbyhole authentication.
 *
 * @author Mark Paluch
 */
@RunWith(SpringRunner.class)
@ContextConfiguration
@Slf4j
public class CubbyholeAuthenticationTests {

    private static VaultToken initialToken;

    @Autowired
    ApplicationContext applicationContext;

    @Autowired
    VaultOperations vaultOperations;

    /**
     * Write some data to Vault before Vault can be used as {@link VaultPropertySource}.
     */
    @BeforeClass
    public static void beforeClass() {

        VaultOperations vaultOperations = new VaultTestConfiguration().vaultTemplate();
        vaultOperations.write("secret/myapp/configuration", Collections.singletonMap("configuration.key", "value"));

        VaultResponse response = vaultOperations.doWithSession(new RestOperationsCallback<VaultResponse>() {

            @Override
            public VaultResponse doWithRestOperations(RestOperations restOperations) {

                HttpHeaders headers = new HttpHeaders();
                headers.add("X-Vault-Wrap-TTL", "10m");

                return restOperations.postForObject("auth/token/create", new HttpEntity<Object>(headers),
                        VaultResponse.class);
            }
        });

        // Response Wrapping requires Vault 0.6.0+
        Map<String, String> wrapInfo = response.getWrapInfo();
        initialToken = VaultToken.of(wrapInfo.get("token"));
    }

    /**
     * {@link org.springframework.vault.core.VaultTemplate},
     * {@link CubbyholeAuthentication} retrieves the wrapped token from
     * {@code cubbyhole/response} and uses the wrapped token to access Vault.
     */
    @Test
    public void environmentShouldExposeVaultPropertySource() {

        vaultOperations.write("secret/key", Collections.singletonMap("key", "value"));
        assertThat(vaultOperations.read("secret/key").getData()).containsEntry("key", "value");
    }

    /**
     * Java Configuration to bootstrap Spring Vault.
     */
    @Configuration
    static class VaultConfiguration extends AbstractVaultConfiguration {

        @Override
        public VaultEndpoint vaultEndpoint() {
            return new VaultEndpoint();
        }

        @Override
        public ClientAuthentication clientAuthentication() {

            CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
                    .wrapped() //
                    .initialToken(initialToken) //
                    .build();

            return new CubbyholeAuthentication(options, restOperations());
        }

        @Override
        public SslConfiguration sslConfiguration() {

            return SslConfiguration.forTrustStore(new FileSystemResource(new File(findWorkDir(), "keystore.jks")),
                    "changeit");
        }
    }
}