Java SpringBoot example that uses Server Side Java SDK

Author: bprokopc

java/flex-sdk-spring-boot/.gitignore

@@ -0,0 +1,42 @@
+# Covers all spring-boot ignore files
+# Reference: https://github.com/spring-projects/spring-boot/blob/master/.gitignore
+
+.gradle
+*.sw?
+.#*
+*#
+*~
+/build
+/code
+.classpath
+.project
+.settings
+.metadata
+.factorypath
+.recommenders
+bin
+build
+lib/
+target
+.factorypath
+.springBeans
+interpolated*.xml
+dependency-reduced-pom.xml
+build.log
+_site/
+.*.md.html
+manifest.yml
+MANIFEST.MF
+settings.xml
+activemq-data
+overridedb.*
+*.iml
+*.ipr
+*.iws
+.idea
+*.jar
+.DS_Store
+.factorypath
+dump.rdb
+
+nbactions.xml

java/flex-sdk-spring-boot/README.md

@@ -0,0 +1,45 @@
+# Flex Java Example
+
+A minimalist java/spring-boot example integration using Flex-API tokenization.
+
+## Prerequisites
+
+- [Java 8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
+- [JCE unlimited policy files](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
+- [Maven](https://maven.apache.org/install.html)
+
+## Setup Instructions
+
+1. Modify `./src/main/resources/application.properties` with the credentials created through [VISA Developer Portal](https://developer.visa.com/).
+
+  ```properties
+  vdp.api-key=_YOUR_APPLICATION_SPECIFIC_API_KEY_
+  vdp.shared-secret=_YOUR_APPLICATION_SPECIFIC_SHARED_SECRET_
+  ```
+
+2. Build and run the application using maven
+  ```bash
+  mvn clean spring-boot:run
+  ```
+  This will serve the application from [https://localhost:8443](https://localhost:8443).
+
+## Tips
+
+- If you are having issues, checkout the full [FLEX documentation](https://developer.visa.com/products/cybersource/reference#cybersource__cybersource_flex_api).
+
+- To change the port the application is served on, update `server.port=8443` in `application.properties`, replacing `8443` with your desired port number.
+
+- If the application throws `java.security.InvalidKeyException: Illegal key size` you have probably not installed the [JCE unlimited policy files](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html).
+
+## Browser Support
+
+- Chrome 37+
+- Firefox 34+
+- Edge 12+
+- Opera 24+
+
+*NB: IE11 and Safari support could be achieved through the use of polyfills for promises and Web Crypto API such as [webcrypto-shim](https://github.com/vibornoff/webcrypto-shim) and [promiz](https://github.com/Zolmeister/promiz). However, these are not included in the examples.*
+
+## Disclaimer
+
+This respository is provided as a learning aid for merchants wishing to integrate with the Flex API.  The code samples are not production ready and are intended for illustrative purposes only. As such, any use of these code samples in a production setting is strongly discouraged. Any usage of these code samples must comply with the license agreement as defined in `LICENSE.md` at the root level of this repository.

java/flex-sdk-spring-boot/pom.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.cybersource.flex.application</groupId>
+    <artifactId>spring-boot</artifactId>
+    <version>1.0-BETA</version> <!-- This example relates to Flex-API BETA v1 -->
+    <packaging>jar</packaging>
+    
+    <name>Flex-API Spring-Boot Demo</name>
+    <description>A mocked merchant checkout and payment pages using Flex-API tokenization</description>
+    <url>https://github.com/CyberSource/cybersource-flex-samples/spring-boot</url>
+
+    <parent> <!-- infer reasonable defaults for dependency versions -->
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.2.5.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin> <!-- To facilitate jar/war packaging -->
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <!-- Spring Boot dependencies: Tomcat and Thymeleaf -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>        
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <!-- Flex-API server side Java SDK -->        
+        <dependency>
+            <groupId>com.cybersource</groupId>
+            <artifactId>flex-server-sdk</artifactId>
+            <version>0.1.0</version>
+        </dependency>
+    </dependencies>
+</project>

java/flex-sdk-spring-boot/src/main/java/com/cybersource/flex/application/CheckoutController.java

@@ -0,0 +1,62 @@
+/**
+ * Copyright (c) 2017 by CyberSource
+ * Governing licence: https://github.com/CyberSource/cybersource-flex-samples/blob/master/LICENSE.md
+ */
+package com.cybersource.flex.application;
+
+import com.cybersource.flex.sdk.FlexService;
+import com.cybersource.flex.sdk.exception.FlexException;
+import com.cybersource.flex.sdk.model.FlexPublicKey;
+import java.util.Map;
+import javax.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+public class CheckoutController {
+
+    @Autowired
+    private FlexService flexService;
+
+    @RequestMapping("/")
+    String redirect() {
+        return "redirect:checkout";
+    }
+
+    @RequestMapping("/checkout")
+    String checkout(final HttpSession session, final Model model) throws FlexException {
+        // retrieve one time use public RSA key from Flex to facilitate PAN encryption
+        final FlexPublicKey key = flexService.createKey();
+        session.setAttribute("flexPublicKey", key);
+
+        // Add JSON Web Keystore to the view model and return rendered "checkout" page
+        model.addAttribute("jwk", key.getJwk());
+        return "checkout";
+    }
+
+    @RequestMapping(value = "/receipt", method = RequestMethod.POST)
+    String receipt(@RequestParam final Map<String, Object> postParams, final HttpSession session, final Model model) throws FlexException {
+        // Read in the public key to be used and remove it from the session
+        final FlexPublicKey key = (FlexPublicKey) session.getAttribute("flexPublicKey");
+        session.removeAttribute("flexPublicKey"); // no longer needed
+
+        // verify the token signiture using SDK
+        postParams.put("verifyResult", flexService.verify(key, postParams));
+
+        /**
+         *
+         * The payment may now be completed using the received & validated
+         * token.
+         *
+         * For demonstration purposes, all post parameters are added to the view
+         * model to display data received from cardholder's browser.
+         */
+        model.addAttribute("postParams", postParams);
+        return "receipt";
+    }
+
+}

java/flex-sdk-spring-boot/src/main/java/com/cybersource/flex/application/EntryPoint.java

@@ -0,0 +1,17 @@
+/**
+ * Copyright (c) 2016 by CyberSource
+ * Governing licence: https://github.com/CyberSource/cybersource-flex-samples/blob/master/LICENSE.md
+ */
+package com.cybersource.flex.application;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class EntryPoint {
+
+    public static void main(String... args) throws Exception {
+        SpringApplication.run(EntryPoint.class, args);
+    }
+
+}

java/flex-sdk-spring-boot/src/main/java/com/cybersource/flex/application/FlexConfiguration.java

@@ -0,0 +1,28 @@
+/**
+ * Copyright (c) 2017 by CyberSource
+ * Governing licence: https://github.com/CyberSource/cybersource-flex-samples/blob/master/LICENSE.md
+ */
+package com.cybersource.flex.application;
+
+import com.cybersource.flex.sdk.FlexService;
+import com.cybersource.flex.sdk.authentication.VDPCredentials;
+import com.cybersource.flex.sdk.impl.FlexKeyServiceImpl;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class FlexConfiguration {
+
+    @Value("${vdp.api-key}")
+    private String apiKey;
+    @Value("${vdp.shared-secret}")
+    private char[] sharedSecret;
+
+    @Bean
+    public FlexService flexService() {
+        VDPCredentials vdpCredentials = new VDPCredentials(VDPCredentials.Environment.SANDBOX, apiKey, sharedSecret);
+        return new FlexKeyServiceImpl(vdpCredentials);
+    }
+
+}

java/flex-sdk-spring-boot/src/main/resources/.gitignore

@@ -0,0 +1 @@
+*.p12

java/flex-sdk-spring-boot/src/main/resources/README.md

@@ -0,0 +1,9 @@
+# Folder contents
+
+| Folder / Filename      | Purpose        |
+|------------------------|----------------|
+| /public                | Assets placed here are served publicly from the root of the webserver. In our example this contains all the scripts and css used. |
+| /templates             | All [Thymeleaf templates](http://www.thymeleaf.org/) used by the application in rendering html pages. |
+| application.properties | The Spring-Boot application configuration. In our example this is used to enable HTTPS via embedded Tomcat as the WebCryptoAPI requires pages to be served via secure protocol only. Additionally, this is where all merchant credentials and configuration is stored (as per setup instructions step 1). |
+| embedded-tomcat.jks    | Self signed X.509 certificate keystore generated with keytool command. This certificate is used to mock “merchant site” being served over HTTPS. In a real production environment the SSL certificate should not be part of source code and would typically be provisioned directly to production servers. |
+| .gitignore             | Prevents any accidental commit of p12 keystore to the git repository. |

java/flex-sdk-spring-boot/src/main/resources/application.properties

@@ -0,0 +1,20 @@
+# VISA Developer Platform credentials - https://developer.visa.com/
+#
+# This property file is for demonstartion purposes only.
+# You MUST take proper precautions to protect your credentials, such as
+# NEVER storing your credentials unencrypted with application code.
+#
+vdp.api-key=_YOUR_APPLICATION_SPECIFIC_API_KEY_
+vdp.shared-secret=_YOUR_APPLICATION_SPECIFIC_SHARED_SECRET_
+
+# Embedded Tomcat configuration properties
+#
+# The properties below enable HTTPS on TCP port 8443.
+server.port=8443
+# Please note that this example uses self-signed X.509 certificate with CN=localhost.
+# Keystore and private key passwords provided below are not encrypted.
+# While it is acceptable for demonstration and example purposes,
+# it must not be treated as production grade configuration.
+server.ssl.key-store=classpath:embedded-tomcat.jks
+server.ssl.key-store-password=changeit
+server.ssl.key-password=changeit