EUShare is a file exchange tool from the European Commission. Its source code is published as open source software under the terms of the EUPL public license. The project distributes a servlet-based spring boot application server and an angular front end application.
The application consists in three main artifacts the developper must maintain:
The application also communicates with two external servers, which should be maintained by the operation teams:
Finally, one more server is used for distributing EUSHARE. That is a load balancer a user is redirected to when accessing the application's URL. In order to differenciate the HTTP queries from the user to the back-end or to the front-end, all queries to the back-end start by /webservice.
<img src="architecture.png" alt="Markdown Monster icon" style="float: left; margin: 10px;" />
The project contains three main folders.
To start developping:
Run Ecas/EuLogin_ locally from /user_projects/domains/base_domain folder (https://localhost:7002/cas)
startWebLogic.cmd
Setup Open Id Connect locally in EULogin:
Authenticate as the basic user created by ECAS jason.bourne@ec.europa.eu the development password is Password123. The development token (if needed) is 0123456789.
Register the back-end Open Id connect configuration at https://localhost:7002/cas/admin/tools/openidconnect/load. Prefer using the application for it, do not copy paste the JSON. The values to enter are the following, for each field:
{
"application_type" : "web",
"client_name" : "EUSHARE_SERVER",
"contacts" : [ "your.email@ext.ec.europa.eu" ],
"default_acr_values" : [ "https://ecas.ec.europa.eu/loa/basic" ],
"default_id_token_max_age" : 46800,
"grant_types" : [ "authorization_code", "urn:ietf:params:oauth:grant-type:token-exchange" ],
"id_token_signed_response_alg" : "PS512",
"redirect_uris" : [ "http://localhost:8888/callback" ],
"response_types" : [ "code" ],
"scope" : "openid email profile phone hr authentication_factors",
"subject_type" : "public",
"tls_client_certificate_bound_access_tokens" : false,
"token_endpoint_auth_method" : "client_secret_basic"
}
EuLogin should now display the secret between EULogin and the backend which needs to be copy/pasted into server/src/main/resources/application.yaml for the value of spring-security-oauth2-resourceserver-opaquetokenclient-secret.
Now register the front-end Open Id connect configuration at https://localhost:7002/cas/admin/tools/openidconnect/load. Prefer using the application for it, do not copy paste the JSON. The values to enter are the following, for each field:
{
"application_type" : "native",
"client_name" : "EUSHARE_CLIENT",
"contacts" : [ "your.email@ext.ec.europa.eu" ],
"default_acr_values" : [ "https://ecas.ec.europa.eu/loa/basic" ],
"default_id_token_max_age" : 46800,
"grant_types" : [ "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],
"id_token_signed_response_alg" : "PS512",
"redirect_uris" : [ "http://localhost:8080/callback" ],
"response_types" : [ "id_token" ],
"scope" : "openid email profile phone hr authentication_factors",
"subject_type" : "public",
"tls_client_certificate_bound_access_tokens" : false,
"token_endpoint_auth_method" : "none"
}
Go to https://localhost:7002/cas/admin/tools/showOpenIdConnectConfiguration.cgi this displays a similar JSON with additional values.
From the EUSHARE_CLIENT configuration, copy the "client_id" token value and paste it into client/angular/src/environments/environment.ts for the value of OIDC_CLIENTID.
From the EUSHARE_SERVER configuration, copy the __"client_id" token value and paste it into server/src/main/resources/application.yaml for the value of spring-security-oauth2-resourceserver-opaquetoken-client-id__
Run Maildev locally (http://localhost:1080/#/)
maildev
Run and setup Mysql locally (mysql://localhost:3306)
CREATE DATABASE eushare DEFAULT CHARACTER SET utf8;
CREATE USER 'eushare'@'%' IDENTIFIED BY 'eushare';
GRANT ALL PRIVILEGES ON eushare.* TO 'eushare'@'%';
Run the front-end application from /client/angular folder (http://localhost:8080/)
npm start
Build the back-end application from /server folder
mvn clean package
Run the back-end application from /server folder (http://localhost:8888)
java -jar target/eushareserver.war
You can now start using the application from http://localhost:8080/. Login using the existing user Jason Bourne. If you want to add more users, please refer to the Eulogin configuration files user_projects/domains/base_domain/classes/userDataBase.xml