Skip to content

acciente/oacc-example-securetodo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
walkthrough
walkthrough
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
secure-todo.keystore
secure-todo.keystore
 
 
secure-todo.yml
secure-todo.yml
 
 

Repository files navigation

SecureTodo OACC Example Application

Welcome to the SecureTodo OACC example repository. The SecureTodo application serves as an example on how to integrate the open-source OACC security framework into a sample Java application to address several real-world authorization scenarios.

How to use this repo

The SecureTodo example application is a RESTful Java implementation of a secured todo list. It uses the Dropwizard framework to stand up a RESTful web service, and the OACC framework to provide application security.

While you could simply browse the source code directly from this repo to see how OACC does its magic, there's a better alternative:

Code Walkthrough

The accompanying code walkthrough document is part of this repo and explains the SecureTodo example application and the relevant OACC features, in detail.

What is OACC, anyways?

OACC - pronounced [oak] - is a fully featured API to both enforce and manage your application's authentication and authorization needs.

You can find more information about the OACC Java Security Framework, including the latest Javadocs, releases, and tutorials on the project website: oaccframework.org.

Running the example

Supported Environments

The SecureTodo sample application is compatible with Java™ SE 8 (Java™ version 1.8.0), or higher.

How to start the SecureTodo application

  1. Run mvn clean package to package the application
  2. Start the application with java -jar target/secure-todo-1.0.1-SNAPSHOT.jar server secure-todo.yml

curl API commands

To interact with the SecureTodo API using curl try some of the sample commands below:

  • POST a new user:

    curl -i -k --silent -w "\n" \
-H "Content-Type: application/json" \
-X POST -d '{"email":"[email protected]", "password":"secret"}' \
https://localhost:8443/users

  • POST a new todo for the authenticated user:

    curl -i -k --silent -w "\n" \
-u [email protected]:secret \
-H "Content-Type: application/json" \
-X POST -d '{"title":"wash car"}' \
https://localhost:8443/todos

  • GET todos for the authenticated user:

    curl -i -k -w "\n" \
-u [email protected]:secret \
https://localhost:8443/todos

  • PATCH an existing todo:

    curl -i -k --silent -w "\n" \
-u [email protected]:secret \
-H "Content-Type: application/json" \
-X PATCH -d '{"completed":"true"}' \
https://localhost:8443/todos/1

  • PUT a share-request for an existing todo:

    curl -i -k --silent -w "\n" \
-u [email protected]:secret \
-H "Content-Type: application/json" \
-X PUT https://localhost:8443/todos/1/?[email protected]

License

The SecureTodo sample application is open source software released under the commercial friendly Apache License, Version 2.0. The accompanying document - including the illustrations referenced within it - that walks through and explains the SecureTodo code is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0).

About Acciente

Acciente, LLC is a software company located in Scottsdale, Arizona specializing in systems architecture and software design for medium to large scale software projects.

About

SecureTodo example application for the open-source OACC Java security framework

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages