Set up local profile for backend to support oauth2 flow for running l…

…ocally
KamyMantha · Feb 21, 2020 · f5fbee7 · f5fbee7
1 parent 56f70e2
commit f5fbee7
Show file tree

Hide file tree

Showing 19 changed files with 370 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -60,7 +60,7 @@ Click on the `Edit Adoption Request` again, you can view, edit (`PUT`), and dele
 Start backend app:
 ```bash
 cd backend
-./gradlew bootRun
+./gradlew -Plocal bootRun
 ```
 Start frontend app:
 ```bash

diff --git a/auth/Dockerfile b/auth/Dockerfile
@@ -0,0 +1,18 @@
+FROM openjdk:8-alpine AS build
+ENV UAA_VERSION 4.28.0
+RUN apk add --no-cache git
+RUN git clone https://github.com/cloudfoundry/uaa.git /opt/app
+#Pin to UAA v4.28.0
+WORKDIR /opt/app
+RUN git checkout $UAA_VERSION
+RUN ./gradlew assemble -x :cloudfoundry-identity-samples:assemble -x javadoc
+
+FROM tomcat:8-alpine
+ENV UAA_VERSION 4.28.0
+ENV CATALINA_OPTS "-DLOGIN_CONFIG_URL=file:///opt/app/uaa/src/main/resources/required_configuration.yml \
+ -Dlogging.config=/opt/app/uaa/src/main/resources/log4j.properties \
+ -Djava.util.logging.config.file=/opt/app/uaa/src/main/resources/java-util-logging.properties"
+COPY required_configuration.yml /opt/app/uaa/src/main/resources/required_configuration.yml
+COPY java-util-logging.properties /opt/app/uaa/src/main/resources/java-util-logging.properties
+COPY log4j.properties /opt/app/uaa/src/main/resources/log4j.properties
+COPY --from=build /opt/app/uaa/build/libs/cloudfoundry-identity-uaa-$UAA_VERSION.war /usr/local/tomcat/webapps/uaa.war
diff --git a/auth/java-util-logging.properties b/auth/java-util-logging.properties
@@ -0,0 +1 @@
+.level=WARN
diff --git a/auth/log4j.properties b/auth/log4j.properties
@@ -0,0 +1,38 @@
+###############################################################################
+#     Cloud Foundry
+#     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
+#
+#     This product is licensed to you under the Apache License, Version 2.0 (the "License").
+#     You may not use this product except in compliance with the License.
+#
+#     This product includes a number of subcomponents with
+#     separate copyright notices and license terms. Your use of these
+#     subcomponents is subject to the terms and conditions of the
+#     subcomponent's license, as noted in the LICENSE file.
+###############################################################################
+log4j.rootCategory=WARN, CONSOLE, FILE
+PID=????
+catalina.base=/tmp
+LOG_PATH=${catalina.base}/logs
+LOG_FILE=${LOG_PATH}/uaa.log
+LOG_PATTERN=%d{dd-MM-yyyy HH:mm:ss} %5p [%C] - %m%n
+log4j.appender.stdout.layout=org.apache.log4j.EnhancedPatternLayout
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=${LOG_PATTERN}
+log4j.appender.FILE=org.apache.log4j.RollingFileAppender
+log4j.appender.FILE.File=${LOG_FILE}
+log4j.appender.FILE.MaxFileSize=10MB
+log4j.appender.FILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.FILE.layout.ConversionPattern=${LOG_PATTERN}
+log4j.category.org.cloudfoundry.identity=DEBUG
+log4j.category.org.springframework.security=WARN
+log4j.category.org.springframework.web=WARN
+log4j.category.org.springframework.jdbc=WARN
+log4j.category.org.flywaydb=INFO
+log4j.category.org.thymeleaf=ERROR
+log4j.category.org.springframework.web.servlet=INFO
+log4j.category.org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor=WARN
+log4j.category.org.cloudfoundry.identity.uaa.scim.jdbc=INFO
+log4j.category.org.cloudfoundry.identity.uaa.scim.bootstrap=INFO
+log4j.category.org.cloudfoundry.identity.uaa.client=INFO
diff --git a/auth/required_configuration.yml b/auth/required_configuration.yml
@@ -0,0 +1,142 @@
+issuer:
+  uri: http://localhost:40000/uaa
+oauth:
+  clients:
+    uaa_admin:
+      override: true
+      secret: uaa_admin
+      authorized-grant-types: client_credentials
+      authorities: uaa.admin
+    test:
+      override: true
+      secret: test
+      authorized-grant-types: authorization_code
+      redirect-uri: http://localhost:8080
+      scope: openid,email,profile,roles,adoption.request,user_attributes
+      authorities: openid,email,profile,adoption.request,user_attributes
+scim:
+  user:
+    authorities:
+      - openid
+      - profile
+      - roles
+      - adoption.request
+  users:
+    - test|test|test@example.org|Test|Test|openid,adoption.request,uaa.admin
+encryption:
+  active_key_label: CHANGE-THIS-KEY
+  encryption_keys:
+  - label: CHANGE-THIS-KEY
+    passphrase: CHANGEME
+login:
+  serviceProviderKey: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIG5AIBAAKCAYEAyJHMXnfrDys5P9a7qNj/6k3zGrNu8TcWFr5PUfX+SwxmZKkB
+    PyEFis9MYleCegZXAsy03K7ESnnoytwl1k1TwATBfI9xBVdZfHf98l4u4w5FCJQA
+    H9fH43w7hwDenZUcfyll9+6Z0n7Ey4+tA8tTYtNisECR4p8xzYJU9kJj0b59l2rJ
+    opdOgKLNytJmD/8XySXWpoKCjXUYAgYik+f01FJkcj6kTT+IYRPfRmBl5ziC/Rjg
+    PUHgykWqrzHnffS25nSYY8xcMAwZWV+hXUUVeEEo8oAwv60yXNEjT5KqlTpM8PBU
+    e0sOTFmeK9bZcuW2M4WqnYxWBSCLqbfKstaYzxY/LIy3WuadkGwGjxVUpvuADQGF
+    dPMZEM94qeqa1LUNB4yfy6Q+yK935qogq2oT15LgJi3UW6G/zNGSUs98x7kaiiNv
+    5y3QPsmyyLNNrDiq2463ypMCeGy9g6TPFKtl1OCgE1PCJWv/9IZ0ErrO/6dteDqe
+    ZRob5SGXzdCsrNNDAgMBAAECggGAFrO6CC9Wod7omfs6PoBhZynvjGQm+JKdo3Fj
+    FQndAK2koVwn0fdw4ydXpAH3uMwi6SQ2jIwTl8J4wQ1uEvWptyBSrkCmME6UyGvk
+    iJx0firNUY0+/lu0OmGDc2J70CZilVogOpH9Q0AqEkhu8vD+vT7j+sM0QAx43KQV
+    7dHR7pm7KXpi3E54CkNjO8PY3ZKoJJJt22cGU/CfCQuculUU9ztkNzIz8rJwQ1y2
+    dwbOQf+5g+Be8VAVm4+LJE1nwHAEWGZ8bWb0zYg8EdWxRHqpRm9/QTsNouT2MdIN
+    3WIo47zPNuTum9YYn8XcQMVLCGWnOck9ohIt8G5iShlO5sxnPHH+FgJsLpiA87TZ
+    c+HE+JLkF1wW0uEXouupaTXnILr61vupgMTqx6WPdNmzdWUUfbULrU0onF9uJDuU
+    sNKkxtokFvQtCt5e/ugeBHnkPQ9ImbbFTRiuoieD/Lvh60KCbyH73HV5h8XJg/zR
+    NDpwxKF8cZ3WkpraQ5rCBS7ut5GhAoHBAPGbSKhX2zX+AZFiEMv1tBslmhFxeCyv
+    NtI9TRIGzPMz4a0wymLan/ni+ShMG1Etee2ABQzOmSur9amG2j+H7XxqiguqZWXQ
+    y4X1xOLFw0aNO4TYqzIH4ZTazeqg2L7IVn3PCuioUZGGqNOkFNOAu66UrNkGObee
+    OpupWMAuDbIAdyiSY5Jr6X1E0KDakbQWMSvxtxh9y6lxdMBkB/1g16idYgpL1SIG
+    F22BplFJ4PNcZhxkjM++LyQtAG/qg9v4SwKBwQDUhKmrvVBwHVw/eX0qrYirAYw7
+    ME3wJnXjmzum8OdMp/cLAfR/8mHVcvxN0xV0UIJrI7DonJtsC6YQ6IBbLICjc8gt
+    oq0HxC8TBwXxxejz7xuGSi78c3JtjfOsMWHHcZgIK5WzNPQqyviKvFIjZveSeTe0
+    7xQiY+zfpw3eTQjht26uGh/lp0OLpOCd4E1LmRDO5tIKtPBPFHjcqEmAdwQBLc+5
+    VZM+Fvj2VrDeX5I2dNGNl0C1rk5nMUYhePifJekCgcEAq6hbaBf7zJGqxYN6UZ9B
+    lqQRoeEPtBfNCHS7ZFpmlUjAR8/Ji5CvZtink8T3B6ca4O47KE1FMG0dvpPsToUh
+    62q6p+0p27wMTiI+/6vowSCpMArNH1/QG3WWJeSf+nTWVs6afpDQW2fkXXJPxbHK
+    JxDE+fDdYyNNmrkoMGrIGjcQckgH7Mk0/Ga/H/oK2XuG9iTnpMQDxmCwxdyMfK6o
+    qskfFheo12KilJAv/cNSyzVT60pZbWQ/lCFRFTL2+nufAoHAfhixLAvKfJuPLsKB
+    OB97Ziwm7r+8nu/TJ1fmTynFtEA9XzSrxHcnAaWWev7yTe+vUq78uyihN7y5rnKm
+    JnMDaPi8IAfULzWC0QFrz4cksAiCBm5h7rz5enOtz9AFOnf2Q3LJAmo7LmD8lCUl
+    f4gLAcgW+66X/cfYtuPCYNLIoFVcwMUThAp5E5SjCkoa0u5hgMKIgn3V0LZO+G6K
+    HkWABMsP4+IY2dB7rH7Ht0px0QoDhMXoSWTBdI1SFW5X5uZxAoHBAMuMzE9CTf+l
+    rEc6mB2E2YLlAAsG1vu1vgESiPHVgu33Vdy6VbWzRLi3mSoNBbxs8btkyrCOFxzv
+    SpN1UtCT23u25LUdYfgeNvuujZId46aatt9I3cAkur+08EyUAxzlXs7eBc4MpEP6
+    7eSx3sP3VBF1+5ERnXWI4HpI7N+wCx0/tgepJfB5VersGuaQi61EhVkzhZijF72v
+    mARM1FUmZLzhZIBVf1+J59tuTiXUj0Yesn+obp0cLfWKrFweE6COQw==
+    -----END RSA PRIVATE KEY-----
+  serviceProviderKeyPassword: password
+  serviceProviderCertificate: |
+    -----BEGIN CERTIFICATE-----
+    MIIEgjCCAuqgAwIBAgIQEU3NZqT62INsr0Gu+XFBXjANBgkqhkiG9w0BAQsFADAz
+    MQwwCgYDVQQGEwNVU0ExFjAUBgNVBAoTDUNsb3VkIEZvdW5kcnkxCzAJBgNVBAMT
+    AmNhMB4XDTE5MDIxMTEwMDQwNloXDTIwMDIxMTEwMDQwNlowPTEMMAoGA1UEBhMD
+    VVNBMRYwFAYDVQQKEw1DbG91ZCBGb3VuZHJ5MRUwEwYDVQQDEwwxOTIuMTY4LjUw
+    LjYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDIkcxed+sPKzk/1ruo
+    2P/qTfMas27xNxYWvk9R9f5LDGZkqQE/IQWKz0xiV4J6BlcCzLTcrsRKeejK3CXW
+    TVPABMF8j3EFV1l8d/3yXi7jDkUIlAAf18fjfDuHAN6dlRx/KWX37pnSfsTLj60D
+    y1Ni02KwQJHinzHNglT2QmPRvn2Xasmil06Aos3K0mYP/xfJJdamgoKNdRgCBiKT
+    5/TUUmRyPqRNP4hhE99GYGXnOIL9GOA9QeDKRaqvMed99LbmdJhjzFwwDBlZX6Fd
+    RRV4QSjygDC/rTJc0SNPkqqVOkzw8FR7Sw5MWZ4r1tly5bYzhaqdjFYFIIupt8qy
+    1pjPFj8sjLda5p2QbAaPFVSm+4ANAYV08xkQz3ip6prUtQ0HjJ/LpD7Ir3fmqiCr
+    ahPXkuAmLdRbob/M0ZJSz3zHuRqKI2/nLdA+ybLIs02sOKrbjrfKkwJ4bL2DpM8U
+    q2XU4KATU8Ila//0hnQSus7/p214Op5lGhvlIZfN0Kys00MCAwEAAaOBhzCBhDAO
+    BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw
+    ADAdBgNVHQ4EFgQUlNa+xYoV4WE0des/VC2jtuGnpnkwHwYDVR0jBBgwFoAUjUI4
+    PhkJx1c2lsLVWPMzDyfGiY0wDwYDVR0RBAgwBocEwKgyBjANBgkqhkiG9w0BAQsF
+    AAOCAYEAHkPtP0uNmux5E1IO3fdcGXG8z11PeikRjNtZfRM+Ad5vT7ueYvzOJqQ3
+    XWlg/6DtmqxZAuPoNDuOLS+bs5WWvRTrhzJv0bwhvYtAQUrFIBCpSkh1a5RO2pzn
+    73CPIjFHMTq2KW35YRe8UXxK9fI9x5bkIuzlfuxIqvrKmfPO31KDEKHEaBiU4x6l
+    oGK0mf0cCRJ8Pf59mqdLvsF+qPDSxlpzEA4TTaWHSSuGnbWueFfyiCyOv8dDScku
+    G6Q0iV2U8j7OtOjpJ695SyqsYj1JTo4CM7BgpAIgW9rPe9IjyZuTBilVgFtR+fpP
+    3vdyF2K/BHSSMA4A0R2JxFE8PJO6ly5zYMAkjSdzt2QH8q6GC1SaP21RzA/VFwmh
+    AKE2fKZMBu1yKt8iJs9r2SEufTUKtRf9YC8JrTKSW6dx4Rys+3z1zUU/5bh0CKsn
+    TpklT/B/AHzR6Y+sydCaJEoZZPKJVUlKyyfEX7/pTzqz74QYMjakMyctksKc3LsL
+    ltAybzSQ
+    -----END CERTIFICATE-----
+LOGIN_SECRET: loginsecret
+jwt:
+  token:
+    signing-key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEowIBAAKCAQEAvH0kjNK2q0vlzdJf1M3R6hvUZt+BP41BWZLePw7Suf4+DjRh
+      A3NoR0J5AEN1lZnOtpUdr9XpHFcnNSrWYPJgcGD2RwoHsRJCjeVxcAJhS9jlCR6a
+      2czonp8GKrNvbX0yxrgTxkUEdAEdMf/WAR+H+vs7/LR5chYPr53OzSg/GRD59OV6
+      +LiG6aUZAYsHtXRcMfB4e1FRwNfMwFE5PAYk71HzfM1UyAfrIqoTgAHnUwgiT7d8
+      E03R/xWhBJ6Qx0Q/25S+OrIy/IFy6sezsvJdIpo0E8NIV1QcHLthAesdvbJR/Ly5
+      WemLDApPsmb6IRs+hq2I4qH89wRYH+dNb+ro2QIDAQABAoIBAAJMSEjLPNzjxP54
+      ZSC0Da4b/r/uU6YRs81CxCDirmEEH3+O1evz2T6dKdp9+A4F3QZO1RjSs8/bpCe6
+      yPhPnCtikz4UejmHbnZKaNKjxMnm8Avnap3jKKbea3XT0DT2hMr1bZBKQR6k8NUu
+      OE61MrQ1oeqXzK8+Y5yRgPbxWauViwtCJ/gsVJsA2oyjiMnMJUi8MoscOQN6Z7H7
+      7g1Y1v8r5ASN7N6eU3ClQapQflhHlLXeYbYynxjj3LjwrilMb6WjV0/HEnhYhtlB
+      PrYygI2uiVOUZwUp2M+CFNJCHSILr5I3rkjsDkrpTSiiCkkEfDygZhRDZemnX7kd
+      w5dmwwECgYEA2IvexXL6u1X0YUqfjNMboJRfMFougImZwAJyzH4JtdMhUKs3yjKo
+      66yLrNjMhl4yqIDRsjQhI+LViNIhtw9Yk+Wi9y4A16EXJ4TFLYINgbgFBXa5XT45
+      d3OSwNvFpiT8TzrSSAyDkbFNlT+0Q1RVAoAd410ti2Hk6+J53G1vBmECgYEA3tSd
+      3XeMND2tBCHoI6EBjswxEoYjGRTTTQR6ILfu3fcPQPQ0pQCkgY2a7+wLMe4hF/Em
+      pNcOydJAN/rt61jj/+HDVekBYKuEL0Xwl6vb9zt0f6M2lQymqqJ3BKVdu3homLxj
+      ZJ0Ro9FqXOmAwf7Uki1yQ5ZIfg++ioVcjcrxBXkCgYEAuIP+T5qYoTYtpRUz/IgJ
+      23tx3L6LL0WQd/beIPcoiQEdOyKZyDYAj8iXv7GAHOJ5IfGaPNGEh5KKRypeRiDS
+      Zjte8GYHm7UNCMRuS0etAKJvzOcMLbKOvwUAwErEEL0lLNG/Sls3ZNaCeDEvBcv/
+      H8FRNmI4I7NHn+N72OJ6nyECgYAEtmZoSqDyceN41Oa96ifIR1U6WQ/g9enKFTAo
+      BPvOQe1WqFN8sdjIzJ/cNxe9hJW6leUFU28CoamuBWaGtaiMvs+Mv5LB4p63CTmf
+      W4kZX26FTIRY/p1/ulPeC0lCL7e2kzVe6Vt4JXOkZ2PLtoH0XXWvLDx4Pgj/kPZ2
+      ITabsQKBgFQnpGmHAp87ZkUWJsXsrfv3tG7z+RrBvMyqjWz/n+/I3hWoakycg58t
+      PmWFwUb/RKjMUdHhDujXHjjE8KSbqUCusTtPhIIYL0orWJes29ny0eE9Ng76irMk
+      qKZUNfGDOnpBEsCN2+CwqhQp+th0MLyH37/xB+9z3C1sNBKQhcu9
+      -----END RSA PRIVATE KEY-----
+    verification-key:
+      -----BEGIN PUBLIC KEY-----
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH0kjNK2q0vlzdJf1M3R
+      6hvUZt+BP41BWZLePw7Suf4+DjRhA3NoR0J5AEN1lZnOtpUdr9XpHFcnNSrWYPJg
+      cGD2RwoHsRJCjeVxcAJhS9jlCR6a2czonp8GKrNvbX0yxrgTxkUEdAEdMf/WAR+H
+      +vs7/LR5chYPr53OzSg/GRD59OV6+LiG6aUZAYsHtXRcMfB4e1FRwNfMwFE5PAYk
+      71HzfM1UyAfrIqoTgAHnUwgiT7d8E03R/xWhBJ6Qx0Q/25S+OrIy/IFy6sezsvJd
+      Ipo0E8NIV1QcHLthAesdvbJR/Ly5WemLDApPsmb6IRs+hq2I4qH89wRYH+dNb+ro
+      2QIDAQAB
+      -----END PUBLIC KEY-----
+spring_profiles: hsqldb
diff --git a/auth/test-cer b/auth/test-cer
@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEArKnulILQ55lxVzvqBapFtp4J2vG9O4pxXGx+JyKSZvb0P6DUOzLL
+PXfeET3DBx40iS/keGLMTBuim+YnpyVfNHRtmKKQyO1TkJ7IkaMXBDPrc0mustVWW29F+k
+zhugVpsSSf99ZHiMA/nt26D9sCfYk6J9WHkItHOKX6WV93Rfs3oV13CCEMTqqTiKDVyYKE
+WHC48exHyIVR5yxc1+/k2rF5SvL1JdSwfxDPy5OnA969jsa0RH4TSv4IhuwE4C6lsbJowp
+idZpItiOGXsOhhwp0W9e1z9k0ZE8LO8kXhyPlwHfpIJvMWig1jbqT2Rc4dIz89+pkxP0Hx
+3a6CAXb7/wAAA9Cq3wsEqt8LBAAAAAdzc2gtcnNhAAABAQCsqe6UgtDnmXFXO+oFqkW2ng
+na8b07inFcbH4nIpJm9vQ/oNQ7Mss9d94RPcMHHjSJL+R4YsxMG6Kb5ienJV80dG2YopDI
+7VOQnsiRoxcEM+tzSa6y1VZbb0X6TOG6BWmxJJ/31keIwD+e3boP2wJ9iTon1YeQi0c4pf
+pZX3dF+zehXXcIIQxOqpOIoNXJgoRYcLjx7EfIhVHnLFzX7+TasXlK8vUl1LB/EM/Lk6cD
+3r2OxrREfhNK/giG7ATgLqWxsmjCmJ1mki2I4Zew6GHCnRb17XP2TRkTws7yReHI+XAd+k
+gm8xaKDWNupPZFzh0jPz36mTE/QfHdroIBdvv/AAAAAwEAAQAAAQBhm067tZfS1PM1lTEe
+MrtmGMEJfE61MfYTgWFvTiPlAQXiUlCnhndOMEzhAkEV7QVV6DUHuRI0lArAhsMzwfSn+o
+laF8wxSbhLsPdBHSkNvywC6ExR3DgNSEIO1RdlyVmOQl4MBJ47uDI+5Kkh/XTS8phlnFge
+Zh3E8E8t5sHOVN+OOV1H0pFU2AR4lofdTRHpOCN555cXyV2zAhNgSPC3t272KYP3lzCTHK
+DOcGfqXYdd08qOBHaIjBug2FAuD/8tcFbQNebetSTlBNgVXmLdJxlKebkRxcxACsTiF9fs
+hUOckA7YGFslT4S1w76Z7VhYL8RNnUu/QxVt1R6LdHrBAAAAgFEqpwug4SuR9/RFfbOgOH
+Y4QgPPt8mMTPQ1ZvDAajqXpTGgRWgTgcuOdezF5Cqkf4CiEda4HavBHMA8q2K4mCDWNWtB
+y6NSFX1+rF9HjtJfGUKw1lDPN+ldxKgPxLvC/huzP0Cm/DqpJOCDpeCKls8TaDrndoYjxb
+BOE9SsHawSAAAAgQDcYwya0OBdrKAcZkkaW2Q9UWUlbkBHlhChHbFLAxUE3ZU2g3NKGPUn
+MEHifav2GYJYFXOA/apdTJ8tMDIhKRSLDD9s1O9/zpIqnv6A4r3h61uSEWeZue1c5D4dg9
+C/KquC843WKpdxW1JgGsYig9K/lcsIOVYQXMcoVZOyz7JgowAAAIEAyJCtGQPmIEq+uSJE
+RUVl+wejnjl3JYPhKqX+JhpPyNJu9+RZ8+a1W1rEni2O3jnCmLHo1vJ6IF9QEXqFJUnB87
+9EoWBjeDhy99e+SvlZmJToJIeFjTUHk+bVF0c7TH1826EjkCrai35evMEZjyv7IO2HeLd3
+eAd4RGl2UnrFgPUAAAAYb2h1Z2hlc0BvbGxpZS1pbWFjLmxvY2FsAQID
+-----END OPENSSH PRIVATE KEY-----
diff --git a/auth/test-cer.pub b/auth/test-cer.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsqe6UgtDnmXFXO+oFqkW2ngna8b07inFcbH4nIpJm9vQ/oNQ7Mss9d94RPcMHHjSJL+R4YsxMG6Kb5ienJV80dG2YopDI7VOQnsiRoxcEM+tzSa6y1VZbb0X6TOG6BWmxJJ/31keIwD+e3boP2wJ9iTon1YeQi0c4pfpZX3dF+zehXXcIIQxOqpOIoNXJgoRYcLjx7EfIhVHnLFzX7+TasXlK8vUl1LB/EM/Lk6cD3r2OxrREfhNK/giG7ATgLqWxsmjCmJ1mki2I4Zew6GHCnRb17XP2TRkTws7yReHI+XAd+kgm8xaKDWNupPZFzh0jPz36mTE/QfHdroIBdvv/ ohughes@ollie-imac.local
diff --git a/backend/build-local.gradle b/backend/build-local.gradle
@@ -0,0 +1,3 @@
+dependencies {
+	implementation "org.springframework.security:spring-security-oauth2-client"
+}
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -12,6 +12,19 @@ repositories {
 	mavenCentral()
 }
 
+
+def propertyDrivenProfiles;
+if (project.hasProperty('local')) {
+    propertyDrivenProfiles = 'local'
+    apply from: rootProject.file('build-local.gradle');
+}
+
+bootRun {
+    systemProperties = [
+        'spring.profiles.active': propertyDrivenProfiles
+    ]
+}
+
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
 	implementation 'org.springframework.boot:spring-boot-starter-data-jdbc'
@@ -27,6 +40,7 @@ dependencies {
 
     runtime 'com.h2database:h2'
 
+	testImplementation "org.springframework.security:spring-security-oauth2-client"
 	testImplementation('org.springframework.security:spring-security-test')
 	testImplementation('org.springframework.boot:spring-boot-starter-test') {
 		exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'

diff --git a/backend/src/main/java/io/spring/cloud/samples/animalrescue/backend/AnimalController.java b/backend/src/main/java/io/spring/cloud/samples/animalrescue/backend/AnimalController.java
@@ -130,6 +130,7 @@ public ResponseEntity<String> handleAccessDeniedException(Exception e) {
 	}
 
 	private String getUserName(Principal principal) {
+		LOGGER.info(principal.toString());
 		if (principal instanceof JwtAuthenticationToken) {
 			return ((JwtAuthenticationToken) principal).getTokenAttributes().get("user_name").toString();
 		}

diff --git a/...main/java/io/spring/cloud/samples/animalrescue/backend/LocalRunSecurityConfiguration.java b/...main/java/io/spring/cloud/samples/animalrescue/backend/LocalRunSecurityConfiguration.java
@@ -0,0 +1,51 @@
+package io.spring.cloud.samples.animalrescue.backend;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import reactor.core.publisher.Mono;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
+import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
+import io.pivotal.cfenv.core.CfEnv;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@Profile("local")
+public class LocalRunSecurityConfiguration {
+
+	private static final Logger LOG = LoggerFactory.getLogger(LocalRunSecurityConfiguration.class);
+
+	@Bean
+	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) {
+		// @formatter:off
+		return httpSecurity
+			.httpBasic().disable()
+			.csrf().disable()
+			.authorizeExchange()
+				.pathMatchers("/animals", "/actuators/**").permitAll()
+				.and()
+			.authorizeExchange()
+				.anyExchange().authenticated()
+				.and()
+			.oauth2ResourceServer()
+				.jwt()
+				.and()
+			.and()
+			.oauth2Login()
+				.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("http://localhost:3000/rescue/admin"))
+				.and()
+			.build();
+		// @formatter:on
+	}
+}
diff --git a/...end/src/main/java/io/spring/cloud/samples/animalrescue/backend/SecurityConfiguration.java b/...end/src/main/java/io/spring/cloud/samples/animalrescue/backend/SecurityConfiguration.java
@@ -7,10 +7,12 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
 @Configuration
+@Profile("!local")
 public class SecurityConfiguration {
 
 	private static final Logger LOG = LoggerFactory.getLogger(SecurityConfiguration.class);
@@ -36,14 +38,14 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecu
 			.httpBasic().disable()
 			.csrf().disable()
 			.authorizeExchange()
-			.pathMatchers("/animals", "/actuators/**").permitAll()
-			.and()
+				.pathMatchers("/animals", "/actuators/**").permitAll()
+				.and()
 			.authorizeExchange()
-			.anyExchange().authenticated()
-			.and()
+				.anyExchange().authenticated()
+				.and()
 			.oauth2ResourceServer()
-			.jwt()
-			.and()
+				.jwt()
+				.and()
 			.and()
 			.build();
 		// @formatter:on

diff --git a/backend/src/main/resources/application-local.yml b/backend/src/main/resources/application-local.yml
@@ -0,0 +1,20 @@
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          sso:
+            provider: sso
+            client-id: test
+            client-secret: test
+            authorization-grant-type: authorization_code
+            scope: openid
+        provider:
+          sso:
+            issuer-uri: ${uaa.uri}/oauth/token
+            authorization-uri: ${uaa.uri}/oauth/authorize
+      resourceserver:
+        jwt:
+          jwk-set-uri: ${uaa.uri}/token_keys
+uaa:
+  uri: http://localhost:40000/uaa