Name: aap-client-java
Owner: EMBL-EBI Technology & Science Integration
Description: Common functionality for consumers of the AAP services
Created: 2017-01-06 14:31:43.0
Updated: 2018-04-10 09:50:02.0
Pushed: 2018-04-10 09:50:00.0
Homepage: null
Size: 231
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This is a library with common functionality to interact with the EBI's Authentication, Authorization and Profile service. It currently (Jan 2017) covers the authentication classes to secure rest API using spring.
Choose which aspect of the client you'd like to use:
security
helps protect your API's endpoint via a token produced by the AAPservice
helps making calls to the AAP APIInclude the jar as dependency to your project (for example service
with gradle):
sitories {
maven { url "https://oss.sonatype.org/content/repositories/snapshots" }
ndencies {
compile( group: 'uk.ac.ebi.tsc.aap.client', name: 'service', version: '1.0.2-SNAPSHOT')
Use the provided classes to secure your API: more to come on this section soon!
By default, the client uses our 'explore' environment, which we use as a sandbox for other parties integrating with us.
To switch to another environment (for example, production https://api.aai.ebi.ac.uk), add the following properties
(for ex, in your main application.properties
):
If you use the security module:
url=https://api.aai.ebi.ac.uk
If you use the service module:
certificate=https://api.aai.ebi.ac.uk/meta/public.der
If you happen to use both, you can re-use the URL property in the definition of the certificate property so they're always in sync:
url=https://api.aai.ebi.ac.uk
certificate=${aap.url}/meta/public.der
If you would rather not read the public key dynamically on startup, you can instead download it
(https://api.aai.ebi.ac.uk/meta/public.der for production), bundle it with your resources and update jwt.certificate
to path/to/the/public/certificate.der
.
We are using this library with a few spring-boot applications, and anything with spring-security/spring-web should be easy to infer.
For building the components, you'll need to have setup a GPG signing key (for example by following the instructions of the good folks of github), and define
a signatory in gradle (typically in ~/.gradle/gradle.properties
):
ing.keyId=1A2B3C4D
ing.password=changeme
ing.secretKeyRingFile=path/to/secring.gpg
Note the long SHA does not seem to work (at least on windows), so use $ gpg --list-secret-keys
instead, and what you need in keyId
is what's in sec
after the /
.
It is also necessary to have defined the following variables (even if you are not using the uploadArchive task):
hUsername=someone
hPassword=secret
To come next: getting a JWT from the AAP, and using it to check which domain a given user is part of.
le test
Package this library along with your application, as best relevant to your chosen dependency management system.
We use SemVer for versioning.