import ballerina/http;
import ballerina/config;
import ballerina/jwt;
import ballerina/log;
jwt:OutboundJwtAuthProvider outboundJwtAuthProvider = new ({
username: "ballerina",
issuer: "ballerina",
audience: ["ballerina", "ballerina.org", "ballerina.io"],
customClaims: {"scope": "hello"},
keyStoreConfig: {
keyAlias: "ballerina",
keyPassword: "ballerina",
keyStore: {
path: config:getAsString("b7a.home") +
"/bre/security/ballerinaKeystore.p12",
password: "ballerina"
}
}
});
http:BearerAuthHandler outboundJwtAuthHandler = new (outboundJwtAuthProvider);http:Client httpEndpoint = new ("https://localhost:9090", {
auth: {
authHandler: outboundJwtAuthHandler
},
secureSocket: {
trustStore: {
path: config:getAsString("b7a.home") +
"/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
}
});public function main() {
var response = httpEndpoint->get("/hello/sayHello");
if (response is http:Response) {
var result = response.getTextPayload();
log:printInfo((result is error) ? "Failed to retrieve payload."
: result);
} else {
log:printError("Failed to call the endpoint.", response);
}
}# To test the client, first start the sample service by executing the below
# command by passing Ballerina home path as a system property.
ballerina run secured_service_with_jwt_auth.bal --b7a.home=<ballerina_home_path>
[ballerina/http] started HTTPS/WSS listener 0.0.0.0:9090# Then start the client by executing the below command by passing Ballerina home
# path as a system property.
ballerina run secured_client_with_jwt_auth.bal --b7a.home=<ballerina_home_path>
INFO [ballerina/log] - Hello, World!!!import ballerina/http;
import ballerina/config;
import ballerina/jwt;
import ballerina/log;
jwt:InboundJwtAuthProvider inboundJwtAuthProvider = new ({
issuer: "ballerina",
audience: "ballerina.io",
trustStoreConfig: {
certificateAlias: "ballerina",
trustStore: {
path: config:getAsString("b7a.home") +
"/bre/security/ballerinaTruststore.p12",
password: "ballerina"
}
}
});
http:BearerAuthHandler inboundJwtAuthHandler = new (inboundJwtAuthProvider);
listener http:Listener ep = new (9090, config = {
auth: {
authHandlers: [inboundJwtAuthHandler],
scopes: ["hello"]
},
secureSocket: {
keyStore: {
path: config:getAsString("b7a.home") +
"/bre/security/ballerinaKeystore.p12",
password: "ballerina"
}
}
});service hello on ep {
resource function sayHello(http:Caller caller, http:Request req) {
error? result = caller->respond("Hello, World!!!");
if (result is error) {
log:printError("Error in responding to caller", result);
}
}
}
Secured Client with JWT AuthA secured client, which is secured with JWT authentication should be used
to connect to a service, which is secured with JWT authentication.
The |
|
|
|
Defines the JWT auth client endpoint to call the backend services.
JWT authentication is enabled by creating a |
|
Create a Bearer Auth handler with the created JWT Auth provider. |
|
|
|
|
|
Sends a |
|
|
|
|
|
|
Defines the sample backend service, which is secured with JWT Auth authentication. |
|