This is an example application using spring security to expose jolokia as an OAuth2 Resource Server resource.
OAuth2 is provided by AzureAD
This example does not use spring-boot
- Register a new app registration in AzureAD
- Accounts in this organization directory only
- In app registration under Expose an API:
- Set the application ID URI (default is fine). Referred to as $APPLICATION_ID_URI from now
- Add a Scope
- Scope name is
jolokia_access
- Admin consent display name:
Jolokia Access
- Admin consent description:
Jolokia Access
- Scope name is
- Add Authorized client application for az cli:
- Add
04b07795-8ddb-461a-bbee-02f9e1bf7b46
(AZ Cli client application) - With the scope
$APPLICATION_ID_URI/jolokia_access
- Add
- In app registration under 'App roles':
- Create an app role called:
- Display Name:
Jolokia Users
- Allow member types:
Users/Groups
- Value:
JolokiaUsers
- Description:
Allow Jolokia Access
- Display Name:
- Create an app role called:
- Wait a minute or two for AzureAD to catch up. This took me about a minute, your mileage may vary.
- In the enterprise application that is under the same name
- In
Users and Groups
:- Add user/group:
- Select the user that is you, in my case
Nick Cronin
- Role should be
Jolokia Users
and you should be unable to assign it- If it is not
Jolokia Users
you may have tried this too fast, wait for the sync
- If it is not
- Select the user that is you, in my case
- Add user/group:
- In
Assuming you have Terraform installed and setup,
- Go into infra folder and run
terraform apply
- Terraform will output the
get-access-token
request for you.
- In Azure CLI:
az login
again to update your permissionsaz account get-access-token --resource $APPLICATION_ID_URI
- Take the bearer token (
accessToken
in the payload) and run a request like this:n.b.: 'demo_war' was just the name of the war I was using for testing.GET http://localhost:8080/demo_war/jolokia/list Authorization: Bearer $BEARER_TOKEN