Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 25 additions & 28 deletions distribution/examples/security/api-key/jdbc-api-key-store/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,52 +5,49 @@ A quick guide to setting up a JDBC-based API key store using PostgreSQL.
### Prerequisite

- **Docker installed:**

- If Docker is already installed, skip to the next step.
- Otherwise, install Docker from [https://docs.docker.com/get-started/get-docker/](https://docs.docker.com/get-started/get-docker/).

---

1. **Run Database Container:**
- Start a database container (e.g., PostgreSQL) with:

- Start a database container (e.g., PostgreSQL) with:

```shell
docker run --name postgres -e POSTGRES_USER=user -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres
```
```shell
docker run --rm --name postgres -e POSTGRES_PASSWORD=secret -p 5432:5432 postgres
```

2. **Download JDBC Driver:**

- Download the PostgreSQL JDBC driver from the official
site: [https://jdbc.postgresql.org/download/](https://jdbc.postgresql.org/download/).
- Place it in the `lib` directory of your Membrane installation.
- Download the PostgreSQL JDBC driver from the official
site: [https://jdbc.postgresql.org/download/](https://jdbc.postgresql.org/download/).
- Place it in the `lib` directory of your Membrane installation.

3. **Take a look at the configuration in the [`apis.yaml`](apis.yaml)**

4. **run the membrane.sh script:**
4. **Run the membrane.sh script:**

```shell
./membrane.sh
```
```shell
./membrane.sh
```

5. **Run SQL File in your Docker Container:**
- Make sure that Membrane was running before to create the database tables.
- Run this command:

- Run this command:

```shell
docker exec -i postgres psql -U user -d postgres < ./insert_apikeys.sql
```
```shell
docker exec -i postgres psql -U postgres -d postgres < ./insert_apikeys.sql
```

- test
- test

```shell
docker exec -i postgres psql -U user -d postgres -c "SELECT * FROM key;"
```
```shell
docker exec -i postgres psql -U postgres -d postgres -c "SELECT * FROM key;"
```
Comment thread
christiangoerdes marked this conversation as resolved.

6. **You can test it using curl:**
6. **Test it using curl:**

```shell
curl localhost:2000 -H "x-api-key:unsecure2000"
```
```shell
curl localhost:2000 -H "x-api-key:unsecure2000"
```

- if the API key is valid, you will be redirected to ```https://api.predic8.de```.
- if the API key is valid, you will be forwarded to ```https://api.predic8.de```.
Comment thread
christiangoerdes marked this conversation as resolved.
43 changes: 20 additions & 23 deletions distribution/examples/security/api-key/jdbc-api-key-store/apis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,33 +5,30 @@ components:
bean:
class: org.apache.commons.dbcp2.BasicDataSource
properties:
- property:
name: driverClassName
value: org.postgresql.Driver
- property:
name: url
value: jdbc:postgresql://localhost:5432/postgres
- property:
name: username
value: user
- property:
name: password
value: password
- name: driverClassName
value: org.postgresql.Driver
- name: url
value: jdbc:postgresql://localhost:5432/postgres
- name: username
value: postgres
- name: password
value: secret

---
global:
- apiKey:
stores:
- databaseApiKeyStore:
datasource: '#/components/dataSource'
keyTable:
name: key
scopeTable:
name: scope
extractors:
- headerExtractor: {}

---
api:
port: 2000
flow:
- apiKey:
stores:
- databaseApiKeyStore:
datasource: '#/components/dataSource'
keyTable:
name: key
scopeTable:
name: scope
extractors:
- headerExtractor: {}
target:
url: https://api.predic8.de
32 changes: 19 additions & 13 deletions distribution/examples/security/api-key/rbac/apis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,43 +4,49 @@
# In this instance, we use an `ApiKeyFileStore`, which fetches API keys from a specified file.
# For global access across all API key interceptors, declare the stores as shown here.
# If an interceptor-specific store is needed, embed the store directly within the interceptor.

components:
keys:
apiKeyFileStore:
location: ./demo-keys.txt

---
# API key authorization providing key is optional. Certain scopes allow for additional access rights.
global:
- apiKey:
# API key authorization is optional.
# But certain scopes allow for additional access rights.
required: false
extractors:
- headerExtractor:
name: X-Key

---
api:
port: 2000
flow:
- apiKey:
required: false
extractors:
- headerExtractor:
name: X-Key
- request:
- log:
message: "Scopes: ${scopes()}"
- if:
test: hasScope('admin')
language: spel
flow:
- template:
src: |
Only for admins!
Caller scopes: ${fn.scopes()}
Only admins!
Scopes: ${fn.scopes()}
- return:
status: 200
- if:
test: hasScope({'finance','accounting'})
language: spel
test: hasScope('finance') or hasScope('accounting')
flow:
- template:
src: |
Only for finance or accounting!
Caller scopes: ${fn.scopes()}
Only finance or accounting!
Scopes: ${fn.scopes()}
- return:
status: 200
- template:
src: Normal API
- return:
status: 200

Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ void normalScope() {
.get("http://localhost:2000")
.then().assertThat()
.statusCode(200)
.body(containsString("Caller scopes"))
.body(containsString("Only finance or accounting!"))
.body(containsString("accounting"))
.body(containsString("finance"));
}
Expand All @@ -47,8 +47,7 @@ void conditionalScope() {
.get("http://localhost:2000")
.then().assertThat()
.statusCode(200)
.body(containsString("Caller scopes"))
.body(not(containsString("accounting")))
.body(containsString("admin"));
.body(containsString("Only admins!"))
.body(containsString("[admin]"));
}
}
Loading