Skip to content

Setup for OAG development

Jump to bottom
Padi Steger (OWASP Switzerland) edited this page Dec 30, 2023 · 14 revisions

Preparation

  • Install Java 17 or higher
  • Install Maven
  • Install Git
  • Install IntelliJ (Community Version is fine)
  • git clone the OAG repository:
    • create a new folder for OAG:
    mkdir oag
    • jump into the folder:
    cd oag
    • clone the repository:
    git clone https://github.com/gianlucafrei/Application-Gateway.git

Import project

  • Start IntelliJ.
  • Open project: ../oag/Application-Gateway/oag
    • This should trigger maven and download dependencies
  • Build of the whole project (select Build -> Build Project in the menu).
    • You will have to select a project JDK (IntelliJ prompts for this in the upper right corner.). OAG requires a SDK/JDK >= 17 and runs on Java 17 or higher.

Run project

  • Verify tests are green: Right click on the top level of the project ("oag" in the Project window) and select "Run All Tests"
  • Run the gateway:
    • Open class OWASPApplicationGatewayApplication
    • Click the green triangle (Line 7) to run OWASPApplicationGatewayApplication.main().
      • note that you need 3 client secrets (i.e. registered OAG as an application in Google, GitHub and oAuth0) to be fully functional with the default sample configuration.
      • For GitHub, this means you will have to register an oAuth App in GitHub. Not that the app needs to reflect your local OAG that runs in IntelliJ.
      • If you do not have these 3 client secrets you will see the following in the logs:
WARN  - Environment variable 'GOOGLE_CLIENT_SECRET' does not exist
WARN  - Environment variable 'GITHUB_CLIENT_SECRET' does not exist
WARN  - Environment variable 'AUTH0_CLIENT_SECRET' does not exist
  • these 3 clientID's can be set as environment variables in the operating system or directly in IntelliJ as follows:
    • Menu: Run -> Edit Configuration
    • "+" (Add new Configuration) -> Application (or edit the existing entry)
    • select "org.owasp.oag.OWASPApplicationGatewayApplication" as Main Class
    • in the text field for "environment variables:" add the 3 Secrets: "GOOGLE_CLIENT_SECRET=xxxxx;GITHUB_CLIENT_SECRET=xxxxxx;AUTH0_CLIENT_SECRET=xxxxxx"
  • Point your browser to: http://localhost:8080/echo/ -> Note "X-Oag-Status: anonymous" in the returned page
    • Click on "Login with Github"
    • Enter your GitHub credentials
    • If all works fine you will end up on localhost:8080 which displays "httpbin.org"
  • Point your browser again to: http://localhost:8080/echo/ -> Note "X-Oag-Status: authenticated" in the returned page

Now you are ready to develop new features in OAG. With this you are ready to develop.

This Wiki contains the documentation of the OWASP Application Gateway (OAG). If you think that we missed something please add an issue on GitHub.

Table of Contents
Table of Contents
Table of Contents

There is also a Swagger documentation of all OAG endpoint available online: https://app.swaggerhub.com/apis-docs/gianlucafrei/OAG/0.4#/

Clone this wiki locally