Challenge Overview
In this challenge series we’ll be developing a SSO solution that will be a reverse proxy to a target application. It will authenticate users via LDAP, then authorise logged in user to perform requested action. Authorization will use a set of rules and policies, and will set additional HTTP headers to the proxied request. Application will have a separate management interface to manage policies, rules, headers and users.
In a previous challenge, we have implemented a sample proxy server using Zuul library that demonstrates how to proxy the requests, add headers to the request, or deny proxying the request by redirecting to login page.
In this challenge we'll build on the sample proxy server and add the features to authorize users and set necessary HTTP headers. The entire flow should go like this:
Deployment guide (environment, configuration, build, run - local and heroku)
Verification guide for testing the server
In a previous challenge, we have implemented a sample proxy server using Zuul library that demonstrates how to proxy the requests, add headers to the request, or deny proxying the request by redirecting to login page.
In this challenge we'll build on the sample proxy server and add the features to authorize users and set necessary HTTP headers. The entire flow should go like this:
- When a new request is received, get the 'token' parameter from query string (sample request url is https://example.net/PWebNG/Modules/PWebEntry/DispatcherView.aspx?token=u8Y3Oq6w5xRxkYWb4JMAjRRw6zKBdvsr )
- Use the roken to call a SOAP service called LandingPageDealer to get user request context. Sample request body can be found in the Functional spec. Url of the service should be configurable
- Response will contain frontEndSystem field that can have two values 'PartnerCenter' or 'BWEB' (it determines if the request is coming from Partner Center of Business Web). In case of BWEB, the request needs to be authenticated before being actually proxied. To authenticate the user, first we need to serialize the original request and save it to user session. Then we will redirect the user to a login page with username and password. Login page should be a part of the proxy server project, not an external page. On form submit, call LDAPService.login(username,password). In case of failed login, show the login page again, otherwise retrieve the original request, remove it from the session and proceed to the next step. For LDAP operations, we have developed a separate service that you should integrate with the proxy server. LDAP service should still be a separate project that is included as a dependency in pom.xml. The provided LDAP_service project is a full spring boot application and you should refactor it to include only the service layer - application and controller classes can be removed. Change the package name to com.sm.engine
- The original request needs to be proxied to the target server but first we need to add HTTP headers to the request. To get the list of headers call out backend API (use a mock server for now). The format should be GET {api_path}/headers/evaluate/{username}, Authorization: Bearer {api_token}. api_path and api_token should be configurable values, and username should be the username of the current user (in case of Partner Center, use a1Login field from the LandingPageDealer response ). Response will contain a list of objects {"name":"header_name","value":"header_value"}. Add all the returned headers to the request
- Forward the request to the target server and return the response to the client
Final Submission Guidelines
Submit the full source code for the appDeployment guide (environment, configuration, build, run - local and heroku)
Verification guide for testing the server