Fork me on GitHub


The UAA (User Authentication & Administration) Service is built to fulfill two different requirements regarding the handling of Users of the system.

First the service is capable to act as OpenID Connect authentication endpoint and can authenticate users against a persistent database.

The second part deals with administration of Users like creating new Users, updating properties of existing ones or deleting them. Most application permissions were not directly assigned to Users explicitly, but to Roles instead. Users are assigned to Roles and application permissions were granted to particular Roles. Administration of Roles and permissions is especially required for a UI application.


An User has embedded UserDetails, and Emails assigned. However, the password history of the User is managed and compared against new passwords. An User can be assigned to multiple Roles and a Role can consist of several Users. A Role is a SecurityObject in general and has multiple Grants assigned. A Grant is a permission that can be referenced from a client application.


Build status Quality License Maven central Docker pulls Join the chat at


The UAA is an essential component for all kind of applications and requires a high degree of availability. However, it is deployed in a redundant setup in different locations, on different cloud platforms with different ISP.

endpoints billed SLA no Heroku SLA for Europe region depends on AWS Europe region no no SLA


Build a runnable fat jar with execution of all unit and in-memory database integrations:

$ mvnw package

Run the Sonar analysis:

$ mvnw package -Psonar


After the binary has been built it can be started from command line. No other infrastructure services are required to run this service.

$ java -jar target/openwms-core-uaa-exec.jar

In a distributed Cloud environment the service can itself register on a central discovery service - currently Eureka is supported only. This behavior can be enabled by activating the Spring Profile DISTRIBUTED.

$ java -jar target/openwms-core-uaa-exec.jar

Now the UAA service is registered at the discovery service at startup and can be looked up by other services by its name uaa-service.


$ mvn deploy -Prelease,gpg

Release Documentation

$ mvn package,TEST -Psonar
$ mvn site scm-publish:publish-scm