This Approov integration example is from where the code example for the Approov token check quickstart is extracted, and you can use it as a playground to better understand how simple and easy it is to implement Approov in a Java Spring API server.
To lock down your API server to your mobile app. Please read the brief summary in the Approov Overview at the root of this repo or visit our website for more details.
The Java Spring API server is very simple and only replies to the endpoint / with the message:
{"message": "Hello, World!"}You can find the endpoint definition here.
Take a look at the verifyApproovToken() function to see the simple code for the check.
For more background on Approov, see the Approov Overview at the root of this repo.
To run this example you will need to have installed:
- OpenJDK - This server example uses version
11.0.3. It should work with earlier or later versions but was not tested. - Java Spring - Version
2.6.4of the Spring Framework plugin is being used. The code should work with prior versions but wasn't tested.
First, you need to set the dummy secret in the /servers/hello/src/approov-protected-server/token-check/.env file as explained here.
Second, you need to build the server with gradle. From the ./servers/hello/src/approov-protected-server/token-check folder execute:
./gradlew buildNow, you can run this example from the /servers/hello/src/approov-protected-server/token-check folder with:
set -a
source .env && ./gradlew bootRun
set +aNext, you can test that it works with:
curl -iX GET 'http://localhost:8002'
The response will be a 400 bad request:
HTTP/1.1 400
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 11 Mar 2022 19:59:11 GMT
Connection: close
{}
The reason you got a 400 is because no Approoov token isn't provided in the headers of the request.
Finally, you can test that the Approov integration example works as expected with this Postman collection or with some more cURL requests examples.
If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.
If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point: