Docs

Java EE sample web app with OIDC

# Java EE sample web app with OIDC

By following this guide, you will be able to deploy a Java EE web application locally and secure it with OpenID Connect.

# Prerequisites

# Register the app

Follow the steps given below to register the sample Java EE web application in Asgardeo.

  1. On the Asgardeo Console (opens new window), go to Applications.

  2. Click New Application and select Traditional Web Application:

    Select app type in Asgardeo

  3. Enter the following details:

    Create a new web app
    Name Give a unique name to identify your application.
    Protocol Select OpenID Connect.
    Authorized redirect URLs The URL to which the user is redirected after a successful login. Use the following URL for this sample app:

    http://localhost:8080/oidc-sample-app/oauth2client

  4. Click Register to complete the registration.

  5. Go to the Protocol tab and take note of the Client ID and Client secret. You will need them to configure the application later.

    Client ID and client secret

To provide a better experience for the user, it is recommended to configure an access URL for the application. You can set an access URL for the application from the General tab. (For this sample application, the access URL is https://localhost:8080/oidc-sample-app).

Why do we recommend this?
  • It will be used in the application catalog and discovery flows.
  • We will use it to redirect the user back to the application in the following scenarios.
    • If the login page times out
    • After a password reset
    • After self sign-up verification
  • If the login flow is failed, we will provide an option for the user to re-initiate the login flow using this URL.

# Download the sample

Click the button below to download the sample. You can also choose to view the source before doing so.

Download sample
View source

# Configure the sample

Follow the steps given below to configure the sample app.

  1. Move the war file that you downloaded to the <TOMCAT_HOME>/webapps folder where <TOMCAT_HOME> is the home directory of your Tomcat server.

  2. Open a terminal, navigate to the <TOMCAT_HOME>/bin folder, and start the Tomcat server using the following command:

    This will extract the contents of the war file.
    If your Tomcat server is set to auto-deploy applications, you can skip this step.

    sh catalina.sh start
    1

  3. Go to the <TOMCAT_HOME>/webapps/oidc-sample-app/WEB-INF/classes folder and open the oidc-sample-app.properties file in a text editor.

  4. Update the following in the oidc-sample-app.properties file:

    Replace {organization_name} with the name of your organization and apply the client ID and client secret that was generated when you registered the application in Asgardeo.

    consumerKey=<client ID>
consumerSecret=<client secret>
scope=openid,address,email,profile

callBackURL=http://localhost:8080/oidc-sample-app/oauth2client
trustedAudience=http://localhost:8080/oidc-sample-app      

issuer=https://api.asgardeo.io/t/{organization_name}/oauth2/token
authorizeEndpoint=https://api.asgardeo.io/t/{organization_name}/oauth2/authorize
logoutEndpoint=https://api.asgardeo.io/t/{organization_name}/oidc/logout
tokenEndpoint=https://api.asgardeo.io/t/{organization_name}/oauth2/token
jwksEndpoint=https://api.asgardeo.io/t/{organization_name}/oauth2/jwks
#sessionIFrameEndpoint=https://api.asgardeo.io/t/{organization_name}/oidc/checksession

skipURIs=/oidc-sample-app/index.html
indexPage=index.html
logoutURL=logout 
errorPage=error.jsp
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    Configuration Description
    consumerKey The client id of the registered application.
    consumerSecret The client secret of the registered application.
    scope

    The list of OIDC scopes that are used for requesting user information. You can add OIDC scopes such as profile and email in a comma-separated list as follows:

    scope=openid,address,email,profile
    issuer Issuer endpoint of Asgardeo used for id token validation: https://api.asgardeo.io/t/{organization_name}/oauth2/token
    authorizeEndpoint The authorization endpoint of your Asgardeo organization: https://api.asgardeo.io/t/{organization_name}/oauth2/authorize
    logoutEndpoint The logout endpoint of your Asgardeo organization: https://api.asgardeo.io/t/{organization_name}/oidc/logout
    tokenEndpoint The token endpoint of your Asgardeo organization: https://api.asgardeo.io/t/{organization_name}/oauth2/token
    jwksEndpoint The jwks endpoint of your Asgardeo organization: https://api.asgardeo.io/t/{organization_name}/oauth2/jwks

  5. On your terminal, navigate to the <TOMCAT_HOME>/bin> folder and run the following commands to restart the Tomcat server for the configurations to take effect:

    sh catalina.sh stop
sh catalina.sh start
    1
    2

# Run the sample

Follow the steps given below to run the sample.

  1. Access the application using the following URL: http://localhost:8080/oidc-sample-app/index.html.

    Java OIDC app login

  2. Click Login. You will be redirected to the Asgardeo login page.

    Asgardeo Sign in page

  3. Enter the credentials of your user account and click Sign In.

    Extend your login session

    By default, the user login session is active for only 15 minutes. You can extend the session to 14 days by selecting the Remember me on this computer option provided at the login screen of your application.

© 2024 WSO2 LLC.