First pass at instructions for screencast

Matt Raible · Matt Raible · commit 3fb16887a648 · 2019-08-16T17:06:04.000-06:00
diff --git a/demo.adoc b/demo.adoc
@@ -39,7 +39,117 @@ The brackets at the end of each step indicate the alias's or IntelliJ Live Templ
       <artifactId>jaxb-runtime</artifactId>
   </dependency>
 
-... to be continued ...
+. Add `@EnableEurekaServer` and properties to set port and turn off discovery
+
+  server.port=8761
+  eureka.client.register-with-eureka=false
+
+. Add `@EnableDiscoveryClient` to main classes in `car-service` and `api-gateway`
+
+. Configure `car-service` to run on `8090` and set its name
+
+  server.port=8090
+  spring.application.name=car-service
+
+. Add an application name to the `api-gateway` project
+
+  spring.application.name=api-gateway
+
+. Create an API with Spring Boot and Spring Data [//todo]
+
+. Configure gateway to enable resilient server-to-server communication
+
+  @EnableFeignClients
+  @EnableCircuitBreaker
+  @EnableZuulProxy
+
+  // feign client
+  // cool car controller
+  // hystrix
+
+. Start all servers, view Eureka server, and /cool-cars endpoint
+
+== Secure Java Microservices with OAuth 2.0 and OIDC
+
+. Add Okta Spring Boot starter to `api-gateway` and `car-service`
+
+  <dependency>
+    <groupId>com.okta.spring</groupId>
+    <artifactId>okta-spring-boot-starter</artifactId>
+    <version>1.2.1</version>
+  </dependency>
+
+. Create a web app on Okta, use `http://localhost:8080/login/oauth2/code/okta` for redirect URI
+
+. Populate Okta properties in `application.properties`
+
+  okta.oauth2.issuer=$issuer
+  okta.oauth2.client-id=$clientId
+  okta.oauth2.client-secret=$clientSecret
+
+. Enable OIDC Login and OAuth Resource Server in `ApiGatewayApplication.java`
+
+  @Configuration
+  static class OktaOAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+      @Override
+      protected void configure(HttpSecurity http) throws Exception {
+          // @formatter:off
+          http
+              .authorizeRequests().anyRequest().authenticated()
+                  .and()
+              .oauth2Login()
+                  .and()
+              .oauth2ResourceServer().jwt();
+          // @formatter:on
+      }
+  }
+
+. Enable Resource Server in `CarServiceApplication.java`
+
+  @Configuration
+  static class OktaOAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+      @Override
+      protected void configure(HttpSecurity http) throws Exception {
+          // @formatter:off
+          http
+              .authorizeRequests().anyRequest().authenticated()
+                  .and()
+              .oauth2ResourceServer().jwt();
+          // @formatter:on
+      }
+  }
+
+. Create `UserFeignClientInterceptor` to add `Authorization` header in `api-gateway` and register as a bean
+
+. Make Feign Spring Security-aware
+
+  feign.hystrix.enabled=true
+  hystrix.shareSecurityContext=true
+
+. Restart all apps and show with security enabled
+
+== Use Netflix Zuul for Routing
+
+. Add Zuul as a dependency and `@EnableZuulProxy`
+
+  <dependency>
+    <groupId>org.springframework.cloud</groupId>
+    <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
+  </dependency>
+
+. Create an `AuthorizationHeaderFilter` to pass the access token to proxied routes [//todo]
+
+. Register `AuthorizationHeaderFilter` filter as a bean [//todo]
+
+. Add Zuul routes for `/cars` and `/home` [//todo]
+
+. Add `HomeController` to the `car-service`
+
+. Restart and confirm your Zuul routes work
+
+. Fin! 🏁
 
 == Learn More!
 
