diff --git a/spring-security-modules/spring-security-oauth2-testing/.env b/spring-security-modules/spring-security-oauth2-testing/.env
new file mode 100644
index 0000000000..c4c692acb6
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/.env
@@ -0,0 +1 @@
+KEYCLOAK_ADMIN_PASSWORD=admin
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/compose.yml b/spring-security-modules/spring-security-oauth2-testing/compose.yml
new file mode 100644
index 0000000000..aa6b019360
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/compose.yml
@@ -0,0 +1,23 @@
+name: baeldung-testing-oauth2
+services:
+
+ keycloak:
+ image: quay.io/keycloak/keycloak:24.0.0
+ volumes:
+ - ./keycloak/import/:/opt/keycloak/data/import/
+ command:
+ - start-dev
+ - --import-realm
+ ports:
+ - 8080:8080
+ environment:
+ KEYCLOAK_ADMIN: admin
+ KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+ KC_HTTP_PORT: 8080
+ KC_HOSTNAME_URL: http://localhost:8080
+ KC_HOSTNAME_ADMIN_URL: http://localhost:8080
+ KC_HTTP_RELATIVE_PATH: /
+ #KC_LOG_LEVEL: DEBUG
+ container_name: baeldung-testing-oauth2
+ extra_hosts:
+ - "host.docker.internal:host-gateway"
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json
new file mode 100644
index 0000000000..44c4948c7a
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json
@@ -0,0 +1,2335 @@
+{
+ "id": "7a046c8d-77b1-4851-b4a9-e3a25a17e431",
+ "realm": "baeldung",
+ "notBefore": 0,
+ "defaultSignatureAlgorithm": "RS256",
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "oauth2DeviceCodeLifespan": 600,
+ "oauth2DevicePollingInterval": 5,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxTemporaryLockouts": 0,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "4ad869c1-56f3-45fd-b345-f107f2834de1",
+ "name": "AUTHORIZED_PERSONNEL",
+ "description": "",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431",
+ "attributes": {}
+ },
+ {
+ "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61",
+ "name": "default-roles-baeldung",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "client": {
+ "account": [
+ "view-profile",
+ "manage-account"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431",
+ "attributes": {}
+ },
+ {
+ "id": "96fbbf77-c81e-472b-bb2e-184713dfffde",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431",
+ "attributes": {}
+ },
+ {
+ "id": "cec72467-237c-4ae9-ae1d-ca84ff51b404",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "realm-management": [
+ {
+ "id": "955d707a-3baa-4462-a53c-83ff73b30a12",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "81cbcb10-8e84-431e-8da8-07219be8d93d",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "be5a19cb-fa00-486a-abfa-eb0dc86680fb",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "d76de5c9-10f2-4b68-9850-a16d9b2dd35a",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "6339f747-4f89-4e67-9c77-420524135d96",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "c9d5af42-6742-49cf-bd01-a730f4c3cc2e",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "56dccfed-9379-4cfb-a720-b9b9e1745048",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "57977d45-f810-400a-81ca-63a9bdddd3b9",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "e14dfabc-3f03-42cf-a716-5261b7002914",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "800d272c-1327-485c-9d2f-576f3d9a0178",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "fdc10176-42c0-4b58-968a-35bfd5dbce20",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "23393ccd-3b70-4de8-9e00-0adbb11851ce",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "01a3847f-7602-400d-bedd-7545618559f3",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "788677b0-3fbf-457d-8b62-25f305b86bcf",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ },
+ {
+ "id": "642d82d5-1071-47a9-aca9-d0fbd28d0328",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "view-realm",
+ "view-clients",
+ "create-client",
+ "view-users",
+ "manage-identity-providers",
+ "manage-authorization",
+ "impersonation",
+ "view-identity-providers",
+ "manage-realm",
+ "query-users",
+ "query-realms",
+ "view-authorization",
+ "query-groups",
+ "view-events",
+ "manage-users",
+ "manage-clients",
+ "query-clients",
+ "manage-events"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "attributes": {}
+ }
+ ],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "baeldung-confidential": [],
+ "account-console": [],
+ "broker": [
+ {
+ "id": "9043c535-f6d3-44dc-8c48-d3983e04a93b",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "cb2ee74f-fb36-4f21-82bb-4928966ea449",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "4a188a41-39d9-47e6-b8de-6d9b42c7a414",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "da24f251-0c13-4035-84f1-16c5a3301ea6",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "26edbb7d-dd9f-4dd4-a282-a6e886e38302",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "b2c98d1e-4a85-4e11-901d-0207e9793acf",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "f244eb36-cf20-4e96-8233-fee1ee8da72e",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338",
+ "name": "view-groups",
+ "description": "${role_view-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "83f4a43c-07cd-43d5-af99-7825ea603ca9",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ },
+ {
+ "id": "18642f4e-1e2a-4023-9947-7a425d8ed76e",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [],
+ "defaultRole": {
+ "id": "bfdf00fe-5111-404b-858c-50dcb8a63e61",
+ "name": "default-roles-baeldung",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "clientRole": false,
+ "containerId": "7a046c8d-77b1-4851-b4a9-e3a25a17e431"
+ },
+ "requiredCredentials": [
+ "password"
+ ],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpPolicyCodeReusable": false,
+ "otpSupportedApplications": [
+ "totpAppFreeOTPName",
+ "totpAppGoogleName",
+ "totpAppMicrosoftAuthenticatorName"
+ ],
+ "localizationTexts": {},
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyExtraOrigins": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessExtraOrigins": [],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account",
+ "view-groups"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/baeldung/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/baeldung/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "4beaa749-404c-4a6a-9b04-72df4f9066a4",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/baeldung/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/baeldung/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "d2a180a9-6ed6-42fd-a476-2ba0948cae8f",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4",
+ "clientId": "baeldung-confidential",
+ "name": "",
+ "description": "",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "secret",
+ "redirectUris": [
+ "https://oauth.pstmn.io/v1/callback",
+ "http://localhost:8080/*",
+ "https://localhost:8080/*",
+ "http://localhost:8081/*",
+ "https://localhost:8081/*",
+ "http://localhost:8082/*",
+ "https://localhost:8082/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "client.secret.creation.time": "1713615347",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "+",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "cb2ee74f-fb36-4f21-82bb-4928966ea449",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "4720b673-8d8b-4709-b695-88d6c17e8edf",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "8c99b1f8-439f-4c01-ac62-bf4b852a3585",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/baeldung/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/admin/baeldung/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "4a39a186-0bc6-46c8-9605-940ab6af0ec4",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f3258684-171e-47f9-a9d0-96434e91ee6a",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "20843100-3f9b-4c50-8dc6-86e6d64fbc3d",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "fabf3bec-72b8-4035-84a7-f368417446ef",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "38838b81-804d-47d1-9aad-92d5107b1653",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "introspection.token.claim": "true",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "4bc0f7a9-7009-48f4-aeee-198c705d4e90",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c1278964-7ee9-4619-a8a4-461ef8fce69b",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "85bdea58-50c5-4d63-952d-ab0e1e861244",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c945557c-e480-4f09-b9fa-62c05a26cb05",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
+ }
+ },
+ {
+ "id": "184fc94a-c750-4bc0-be3f-0501365bc1fd",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "40162254-ac26-4b36-a5d5-538d33612c80",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "bf65a00b-5112-4bd4-b540-de0fa4912c65",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "5eddbe1e-e274-4543-8606-a8fd3d5f793b",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "54300fc6-0c26-42e0-89bb-844955488008",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "89ccaf97-a0a8-4221-9174-17a7e475ebc7",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "58e90cb8-25c5-4e81-a5ed-a9de481fab17",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "2d434173-8b6e-4959-ad8f-c7185bc9b433",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "84dad65d-8413-44c0-95f4-f3d64035e7b6",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "89ac6a7f-9435-41ed-83eb-34a366429a6f",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "6f6d1690-df96-4774-ae4a-2d349461f02a",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "3bec9041-170c-4c6d-a35e-be7a51442aef",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "027afd1d-3d34-49df-bf43-00adddfec15a",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "159dc3dc-a659-4cb8-9271-809834a42d8e",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "5dbfb5d7-c181-4e47-85e8-13ad0610c43b",
+ "name": "acr loa level",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-acr-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "46c52714-3bb6-4db9-a360-0839703c1f8e",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "0b274bf6-89f0-4d3c-a635-eb3943d062ee",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "e70cd96f-6d15-4c46-978a-359f1832b7c2",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ },
+ {
+ "id": "6a19a6ab-4035-4c43-b9e5-253339bb491b",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "role_list",
+ "profile",
+ "email",
+ "roles",
+ "web-origins",
+ "acr"
+ ],
+ "defaultOptionalClientScopes": [
+ "offline_access",
+ "address",
+ "phone",
+ "microprofile-jwt"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "referrerPolicy": "no-referrer",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "eventsEnabled": true,
+ "eventsExpiration": 900,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [
+ "SEND_RESET_PASSWORD",
+ "UPDATE_CONSENT_ERROR",
+ "GRANT_CONSENT",
+ "VERIFY_PROFILE_ERROR",
+ "REMOVE_TOTP",
+ "REVOKE_GRANT",
+ "UPDATE_TOTP",
+ "LOGIN_ERROR",
+ "CLIENT_LOGIN",
+ "RESET_PASSWORD_ERROR",
+ "IMPERSONATE_ERROR",
+ "CODE_TO_TOKEN_ERROR",
+ "CUSTOM_REQUIRED_ACTION",
+ "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR",
+ "RESTART_AUTHENTICATION",
+ "IMPERSONATE",
+ "UPDATE_PROFILE_ERROR",
+ "LOGIN",
+ "OAUTH2_DEVICE_VERIFY_USER_CODE",
+ "UPDATE_PASSWORD_ERROR",
+ "CLIENT_INITIATED_ACCOUNT_LINKING",
+ "OAUTH2_EXTENSION_GRANT",
+ "USER_DISABLED_BY_PERMANENT_LOCKOUT",
+ "TOKEN_EXCHANGE",
+ "AUTHREQID_TO_TOKEN",
+ "LOGOUT",
+ "REGISTER",
+ "DELETE_ACCOUNT_ERROR",
+ "CLIENT_REGISTER",
+ "IDENTITY_PROVIDER_LINK_ACCOUNT",
+ "USER_DISABLED_BY_TEMPORARY_LOCKOUT",
+ "DELETE_ACCOUNT",
+ "UPDATE_PASSWORD",
+ "CLIENT_DELETE",
+ "FEDERATED_IDENTITY_LINK_ERROR",
+ "IDENTITY_PROVIDER_FIRST_LOGIN",
+ "CLIENT_DELETE_ERROR",
+ "VERIFY_EMAIL",
+ "CLIENT_LOGIN_ERROR",
+ "RESTART_AUTHENTICATION_ERROR",
+ "EXECUTE_ACTIONS",
+ "REMOVE_FEDERATED_IDENTITY_ERROR",
+ "TOKEN_EXCHANGE_ERROR",
+ "PERMISSION_TOKEN",
+ "SEND_IDENTITY_PROVIDER_LINK_ERROR",
+ "EXECUTE_ACTION_TOKEN_ERROR",
+ "OAUTH2_EXTENSION_GRANT_ERROR",
+ "SEND_VERIFY_EMAIL",
+ "OAUTH2_DEVICE_AUTH",
+ "EXECUTE_ACTIONS_ERROR",
+ "REMOVE_FEDERATED_IDENTITY",
+ "OAUTH2_DEVICE_CODE_TO_TOKEN",
+ "IDENTITY_PROVIDER_POST_LOGIN",
+ "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR",
+ "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR",
+ "UPDATE_EMAIL",
+ "REGISTER_ERROR",
+ "REVOKE_GRANT_ERROR",
+ "EXECUTE_ACTION_TOKEN",
+ "LOGOUT_ERROR",
+ "UPDATE_EMAIL_ERROR",
+ "CLIENT_UPDATE_ERROR",
+ "AUTHREQID_TO_TOKEN_ERROR",
+ "UPDATE_PROFILE",
+ "CLIENT_REGISTER_ERROR",
+ "FEDERATED_IDENTITY_LINK",
+ "SEND_IDENTITY_PROVIDER_LINK",
+ "SEND_VERIFY_EMAIL_ERROR",
+ "RESET_PASSWORD",
+ "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR",
+ "OAUTH2_DEVICE_AUTH_ERROR",
+ "UPDATE_CONSENT",
+ "REMOVE_TOTP_ERROR",
+ "VERIFY_EMAIL_ERROR",
+ "SEND_RESET_PASSWORD_ERROR",
+ "CLIENT_UPDATE",
+ "CUSTOM_REQUIRED_ACTION_ERROR",
+ "IDENTITY_PROVIDER_POST_LOGIN_ERROR",
+ "UPDATE_TOTP_ERROR",
+ "CODE_TO_TOKEN",
+ "VERIFY_PROFILE",
+ "GRANT_CONSENT_ERROR",
+ "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR"
+ ],
+ "adminEventsEnabled": true,
+ "adminEventsDetailsEnabled": true,
+ "identityProviders": [],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "c07dff7f-77fc-4381-a458-9c56515c5c98",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "d9662eb8-e8bb-4ae5-a625-c8c616d8967a",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "03f2b651-fdea-4a7a-88e8-f169f5a7f892",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-full-name-mapper",
+ "oidc-address-mapper",
+ "saml-user-attribute-mapper",
+ "saml-user-property-mapper",
+ "saml-role-list-mapper"
+ ]
+ }
+ },
+ {
+ "id": "0c7278cb-1e59-407e-9187-fa147ce96f82",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "a3c48cf1-67be-41fb-a852-6efe25560fcf",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "b0f72ad6-c65d-4132-912f-6e5ba9c48466",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-full-name-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-role-list-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-address-mapper",
+ "saml-user-property-mapper"
+ ]
+ }
+ },
+ {
+ "id": "b1fa36d7-8ef0-4501-a495-215b90bd0699",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "04a18d35-45bd-458d-9bc8-939db56e337d",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "kid": [
+ "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704"
+ ],
+ "secret": [
+ "7BdqNadvG1OQs7Z4qJfvaQ"
+ ],
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "ce00dbf1-1d6d-44da-84c0-1ed88d712801",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "privateKey": [
+ "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g="
+ ],
+ "keyUse": [
+ "SIG"
+ ],
+ "certificate": [
+ "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94"
+ ],
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc",
+ "name": "rsa-enc-generated",
+ "providerId": "rsa-enc-generated",
+ "subComponents": {},
+ "config": {
+ "privateKey": [
+ "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30"
+ ],
+ "keyUse": [
+ "ENC"
+ ],
+ "certificate": [
+ "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws"
+ ],
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "RSA-OAEP"
+ ]
+ }
+ },
+ {
+ "id": "0866f9d1-3c22-432c-95d4-65378e739b89",
+ "name": "hmac-generated-hs512",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "kid": [
+ "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7"
+ ],
+ "secret": [
+ "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM"
+ ],
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS512"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "92fc572a-6443-4d62-989d-dc6147aed6a6",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "17dce980-92a5-4dab-84b6-29f0ffe91e2f",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "336dbe24-c5ec-44c0-bf56-1b811b451fdf",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ee4b2165-c1be-43ca-96c8-b2302d78b38a",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "0116eec2-8a17-4de9-b75f-caa26e52bdf0",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "de8794bd-3ad0-42e9-861f-85fcb6cb1db6",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "forms",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-x509",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "692ddf3c-2813-46ef-b364-fcba9d70f5a4",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "257e18b2-be1c-4ab2-8dd7-68a83817ca8a",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "fe879ee4-eec5-4034-9b78-82636f614123",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "2e6f09af-a3f6-415a-8d38-dfc1708e82ff",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "76b893b1-6b16-4e7c-a945-b86b63c983fb",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 60,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-terms-and-conditions",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 70,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "8c1ba21b-218d-406d-a936-c935f41e7bef",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "autheticatorFlow": true,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "6df47204-9532-4b3e-821f-9a5255b9c305",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "793b40f2-0912-40f4-b570-a75015fb9eb0",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "3ff115f7-7108-4b17-8868-1d390ec3a480",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "TERMS_AND_CONDITIONS",
+ "name": "Terms and Conditions",
+ "providerId": "TERMS_AND_CONDITIONS",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register",
+ "name": "Webauthn Register",
+ "providerId": "webauthn-register",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 70,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register-passwordless",
+ "name": "Webauthn Register Passwordless",
+ "providerId": "webauthn-register-passwordless",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 80,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_PROFILE",
+ "name": "Verify Profile",
+ "providerId": "VERIFY_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 90,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "firstBrokerLoginFlow": "first broker login",
+ "attributes": {
+ "cibaBackchannelTokenDeliveryMode": "poll",
+ "cibaAuthRequestedUserHint": "login_hint",
+ "oauth2DevicePollingInterval": "5",
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "clientOfflineSessionIdleTimeout": "0",
+ "cibaInterval": "5",
+ "realmReusableOtpCode": "false",
+ "cibaExpiresIn": "120",
+ "oauth2DeviceCodeLifespan": "600",
+ "parRequestUriLifespan": "60",
+ "clientSessionMaxLifespan": "0",
+ "adminEventsExpiration": "900"
+ },
+ "keycloakVersion": "24.0.0",
+ "userManagedAccessAllowed": false,
+ "clientProfiles": {
+ "profiles": []
+ },
+ "clientPolicies": {
+ "policies": []
+ }
+}
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json
new file mode 100644
index 0000000000..b013dc6333
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json
@@ -0,0 +1,62 @@
+{
+ "realm": "baeldung",
+ "users": [
+ {
+ "id": "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64",
+ "username": "authorized",
+ "firstName": "authorized",
+ "lastName": "user",
+ "email": "authorized@baeldung.gg",
+ "emailVerified": true,
+ "createdTimestamp": 1713615702990,
+ "enabled": true,
+ "totp": false,
+ "credentials": [
+ {
+ "id": "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6",
+ "type": "password",
+ "userLabel": "My password",
+ "createdDate": 1713615715678,
+ "secretData": "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "AUTHORIZED_PERSONNEL",
+ "default-roles-baeldung"
+ ],
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "d205d854-547c-43cf-a02d-fd6c385b128b",
+ "username": "forbidden",
+ "firstName": "forbidden",
+ "lastName": "user",
+ "email": "forbidden@baeldung.gg",
+ "emailVerified": true,
+ "createdTimestamp": 1713615781285,
+ "enabled": true,
+ "totp": false,
+ "credentials": [
+ {
+ "id": "2fa8244c-fba9-43d9-ab4d-80804ca26f6f",
+ "type": "password",
+ "userLabel": "My password",
+ "createdDate": 1713615795357,
+ "secretData": "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "default-roles-baeldung"
+ ],
+ "notBefore": 0,
+ "groups": []
+ }
+ ]
+}
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/pom.xml b/spring-security-modules/spring-security-oauth2-testing/pom.xml
index 1f1c441cf5..c0241d2d42 100644
--- a/spring-security-modules/spring-security-oauth2-testing/pom.xml
+++ b/spring-security-modules/spring-security-oauth2-testing/pom.xml
@@ -31,7 +31,7 @@
- 7.1.10
+ 7.6.12
17
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml
index c4badf9caa..f22ebd1bd7 100644
--- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml
+++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml
@@ -12,6 +12,7 @@
com.baeldung
spring-security-oauth2-testing
0.0.1-SNAPSHOT
+ ..
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java
index 5dd9268092..185cdb9f15 100644
--- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java
+++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java
@@ -1,7 +1,5 @@
package com.baeldung;
-import static org.springframework.security.config.Customizer.withDefaults;
-
import java.nio.charset.Charset;
import java.util.List;
import java.util.Map;
@@ -17,6 +15,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
@@ -52,22 +51,22 @@ public class ReactiveResourceServerApplication {
@EnableReactiveMethodSecurity
static class SecurityConfig {
@Bean
- SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
- http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()));
+ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, Converter> authenticationConverter) {
+ http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter)));
http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance());
http.csrf(CsrfSpec::disable);
- http.exceptionHandling(eh -> eh
- .accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal().flatMap(principal -> {
- final var response = exchange.getResponse();
- response.setStatusCode(
- principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED
- : HttpStatus.FORBIDDEN);
- response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
- final var dataBufferFactory = response.bufferFactory();
- final var buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
- return response.writeWith(Mono.just(buffer))
- .doOnError(error -> DataBufferUtils.release(buffer));
- })));
+ http.exceptionHandling(eh -> eh.accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal()
+ .flatMap(principal -> {
+ final var response = exchange.getResponse();
+ response.setStatusCode(principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED : HttpStatus.FORBIDDEN);
+ response.getHeaders()
+ .setContentType(MediaType.TEXT_PLAIN);
+ final var dataBufferFactory = response.bufferFactory();
+ final var buffer = dataBufferFactory.wrap(ex.getMessage()
+ .getBytes(Charset.defaultCharset()));
+ return response.writeWith(Mono.just(buffer))
+ .doOnError(error -> DataBufferUtils.release(buffer));
+ })));
// @formatter:off
http.authorizeExchange(req -> req
@@ -84,17 +83,18 @@ public class ReactiveResourceServerApplication {
@Bean
ReactiveJwtAuthoritiesConverter realmRoles2AuthoritiesConverter() {
return (Jwt jwt) -> {
- final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of());
+ final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access"))
+ .orElse(Map.of());
@SuppressWarnings("unchecked")
final var roles = (List) realmRoles.getOrDefault("roles", List.of());
- return Flux.fromStream(roles.stream()).map(SimpleGrantedAuthority::new)
- .map(GrantedAuthority.class::cast);
+ return Flux.fromStream(roles.stream())
+ .map(SimpleGrantedAuthority::new)
+ .map(GrantedAuthority.class::cast);
};
}
@Bean
- ReactiveJwtAuthenticationConverter authenticationConverter(
- Converter> authoritiesConverter) {
+ ReactiveJwtAuthenticationConverter authenticationConverter(Converter> authoritiesConverter) {
final var authenticationConverter = new ReactiveJwtAuthenticationConverter();
authenticationConverter.setPrincipalClaimName(StandardClaimNames.PREFERRED_USERNAME);
authenticationConverter.setJwtGrantedAuthoritiesConverter(authoritiesConverter);
@@ -106,10 +106,12 @@ public class ReactiveResourceServerApplication {
public static class MessageService {
public Mono greet() {
- return ReactiveSecurityContextHolder.getContext().map(ctx -> {
- final var who = (JwtAuthenticationToken) ctx.getAuthentication();
- return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities());
- }).switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty")));
+ return ReactiveSecurityContextHolder.getContext()
+ .map(ctx -> {
+ final var who = (JwtAuthenticationToken) ctx.getAuthentication();
+ return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities());
+ })
+ .switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty")));
}
@PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')")
@@ -125,18 +127,21 @@ public class ReactiveResourceServerApplication {
@GetMapping("/greet")
public Mono> greet() {
- return messageService.greet().map(ResponseEntity::ok);
+ return messageService.greet()
+ .map(ResponseEntity::ok);
}
@GetMapping("/secured-route")
public Mono> securedRoute() {
- return messageService.getSecret().map(ResponseEntity::ok);
+ return messageService.getSecret()
+ .map(ResponseEntity::ok);
}
@GetMapping("/secured-method")
@PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')")
public Mono> securedMethod() {
- return messageService.getSecret().map(ResponseEntity::ok);
+ return messageService.getSecret()
+ .map(ResponseEntity::ok);
}
}
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml
deleted file mode 100644
index 01e655e1b3..0000000000
--- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-spring:
- security:
- oauth2:
- resourceserver:
- jwt:
- issuer-uri: https://localhost:8443/realms/master
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml
new file mode 100644
index 0000000000..dcda50e07d
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml
@@ -0,0 +1,11 @@
+server:
+ port: 8082
+
+spring:
+ application:
+ name: reactive-resource-server
+ security:
+ oauth2:
+ resourceserver:
+ jwt:
+ issuer-uri: http://localhost:8080/realms/baeldung
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt
new file mode 100644
index 0000000000..cdecee35fb
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt
@@ -0,0 +1,16 @@
+${AnsiColor.GREEN} _____ _ _
+${AnsiColor.GREEN} | __ \ | | (_)
+${AnsiColor.GREEN} | |__) |___ __ _ ___| |_ ___ _____ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __
+${AnsiColor.GREEN} | _ // _ \/ _` |/ __| __| \ \ / / _ \ | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__|
+${AnsiColor.GREEN} | | \ \ __/ (_| | (__| |_| |\ V / __/ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ |
+${AnsiColor.GREEN} |_| \_\___|\__,_|\___|\__|_| \_/ \___| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_|
+${AnsiColor.GREEN}
+${AnsiColor.GREEN}
+${AnsiColor.BLUE} __ __ __ ______ __ __ ______
+${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___
+${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \
+${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / /
+${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/
+${AnsiColor.BLUE} /_/ \____/
+${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version}
+${AnsiColor.BLACK}
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
index c7a0659cf1..3c1185b826 100644
--- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
+++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
@@ -3,8 +3,6 @@ package com.baeldung;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication;
-import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockJwt;
import java.util.List;
@@ -16,6 +14,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers;
import org.springframework.test.web.reactive.server.WebTestClient;
import com.baeldung.ReactiveResourceServerApplication.GreetingController;
@@ -40,7 +39,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() {
- api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION))
+ api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION))
.get()
.uri("/greet")
.exchange()
@@ -53,7 +52,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var greeting = "Whatever the service returns";
when(messageService.greet()).thenReturn(Mono.just(greeting));
- api.mutateWith(mockJwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
+ api.mutateWith(SecurityMockServerConfigurers.mockJwt()
+ .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
.jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy")))
.get()
.uri("/greet")
@@ -73,7 +73,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() {
- api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION))
+ api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION))
.get()
.uri("/secured-route")
.exchange()
@@ -86,7 +86,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var secret = "Secret!";
when(messageService.getSecret()).thenReturn(Mono.just(secret));
- api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
+ api.mutateWith(SecurityMockServerConfigurers.mockJwt()
+ .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
.get()
.uri("/secured-route")
.exchange()
@@ -98,7 +99,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() {
- api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin")))
+ api.mutateWith(SecurityMockServerConfigurers.mockJwt()
+ .authorities(new SimpleGrantedAuthority("admin")))
.get()
.uri("/secured-route")
.exchange()
@@ -113,7 +115,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() {
- api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION))
+ api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION))
.get()
.uri("/secured-method")
.exchange()
@@ -126,7 +128,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var secret = "Secret!";
when(messageService.getSecret()).thenReturn(Mono.just(secret));
- api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
+ api.mutateWith(SecurityMockServerConfigurers.mockJwt()
+ .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
.get()
.uri("/secured-method")
.exchange()
@@ -138,7 +141,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() {
- api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin")))
+ api.mutateWith(SecurityMockServerConfigurers.mockJwt()
+ .authorities(new SimpleGrantedAuthority("admin")))
.get()
.uri("/secured-method")
.exchange()
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml
index 25bd8a396c..ddd6c1d313 100644
--- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml
@@ -12,6 +12,7 @@
com.baeldung
spring-security-oauth2-testing
0.0.1-SNAPSHOT
+ ..
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java
index 7887089458..a0928e9149 100644
--- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java
@@ -1,7 +1,5 @@
package com.baeldung;
-import static org.springframework.security.config.Customizer.withDefaults;
-
import java.util.Collection;
import java.util.List;
import java.util.Map;
@@ -16,6 +14,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -48,8 +47,8 @@ public class ServletResourceServerApplication {
@EnableWebSecurity
static class SecurityConf {
@Bean
- SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()));
+ SecurityFilterChain filterChain(HttpSecurity http, Converter authenticationConverter) throws Exception {
+ http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter)));
http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.csrf(AbstractHttpConfigurer::disable);
http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> {
@@ -57,11 +56,11 @@ public class ServletResourceServerApplication {
response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
}));
- // @formatter:off
- http.authorizeHttpRequests(req -> req
- .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL")
- .anyRequest().authenticated());
- // @formatter:on
+ // @formatter:off
+ http.authorizeHttpRequests(req -> req
+ .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL")
+ .anyRequest().authenticated());
+ // @formatter:on
return http.build();
}
@@ -72,10 +71,14 @@ public class ServletResourceServerApplication {
@Bean
JwtAuthoritiesConverter realmRoles2AuthoritiesConverter() {
return (Jwt jwt) -> {
- final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of());
+ final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access"))
+ .orElse(Map.of());
@SuppressWarnings("unchecked")
final var roles = (List) realmRoles.getOrDefault("roles", List.of());
- return roles.stream().map(SimpleGrantedAuthority::new).map(GrantedAuthority.class::cast).toList();
+ return roles.stream()
+ .map(SimpleGrantedAuthority::new)
+ .map(GrantedAuthority.class::cast)
+ .toList();
};
}
@@ -92,7 +95,8 @@ public class ServletResourceServerApplication {
public static class MessageService {
public String greet() {
- final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+ final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext()
+ .getAuthentication();
return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities());
}
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties
deleted file mode 100644
index 998f6303aa..0000000000
--- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties
+++ /dev/null
@@ -1 +0,0 @@
-spring.security.oauth2.resourceserver.jwt.issuer-uri=https://localhost:8443/realms/master
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml
new file mode 100644
index 0000000000..8335931381
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml
@@ -0,0 +1,11 @@
+server:
+ port: 8081
+
+spring:
+ application:
+ name: servlet-resource-server
+ security:
+ oauth2:
+ resourceserver:
+ jwt:
+ issuer-uri: http://localhost:8080/realms/baeldung
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt
new file mode 100644
index 0000000000..23e0e9c9cd
--- /dev/null
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt
@@ -0,0 +1,16 @@
+${AnsiColor.GREEN} _____ _ _
+${AnsiColor.GREEN} / ____| | | | |
+${AnsiColor.GREEN} | (___ ___ _ ____ _| | ___| |_ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __
+${AnsiColor.GREEN} \___ \ / _ \ '__\ \ / / |/ _ \ __| | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__|
+${AnsiColor.GREEN} ____) | __/ | \ V /| | __/ |_ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ |
+${AnsiColor.GREEN} |_____/ \___|_| \_/ |_|\___|\__| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_|
+${AnsiColor.GREEN}
+${AnsiColor.GREEN}
+${AnsiColor.BLUE} __ __ __ ______ __ __ ______
+${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___
+${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \
+${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / /
+${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/
+${AnsiColor.BLUE} /_/ \____/
+${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version}
+${AnsiColor.BLACK}
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java
index 2534d9919a..2a47a919dd 100644
--- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java
@@ -44,9 +44,7 @@ class SpringAddonsGreetingControllerUnitTest {
}
@ParameterizedTest
- @AuthenticationSource({
- @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"),
- @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") })
+ @AuthenticationSource({ @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") })
void givenUserIsAuthenticated_whenGetGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception {
final var greeting = "Whatever the service returns";
when(messageService.greet()).thenReturn(greeting);
diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
index 0e710bcc9f..ce57342ef6 100644
--- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
+++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java
@@ -3,8 +3,6 @@ package com.baeldung;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -17,6 +15,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
import org.springframework.test.web.servlet.MockMvc;
import com.baeldung.ServletResourceServerApplication.GreetingController;
@@ -38,7 +37,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception {
- api.perform(get("/greet").with(anonymous()))
+ api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.anonymous()))
.andExpect(status().isUnauthorized());
}
@@ -47,7 +46,8 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var greeting = "Whatever the service returns";
when(messageService.greet()).thenReturn(greeting);
- api.perform(get("/greet").with(jwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
+ api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.jwt()
+ .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))
.jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy"))))
.andExpect(status().isOk())
.andExpect(content().string(greeting));
@@ -62,7 +62,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception {
- api.perform(get("/secured-route").with(anonymous()))
+ api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.anonymous()))
.andExpect(status().isUnauthorized());
}
@@ -71,14 +71,16 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var secret = "Secret!";
when(messageService.getSecret()).thenReturn(secret);
- api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))))
+ api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt()
+ .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))))
.andExpect(status().isOk())
.andExpect(content().string(secret));
}
@Test
void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception {
- api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("admin"))))
+ api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt()
+ .authorities(new SimpleGrantedAuthority("admin"))))
.andExpect(status().isForbidden());
}
@@ -89,7 +91,7 @@ class SpringSecurityTestGreetingControllerUnitTest {
@Test
void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception {
- api.perform(get("/secured-method").with(anonymous()))
+ api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.anonymous()))
.andExpect(status().isUnauthorized());
}
@@ -98,14 +100,16 @@ class SpringSecurityTestGreetingControllerUnitTest {
final var secret = "Secret!";
when(messageService.getSecret()).thenReturn(secret);
- api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))))
+ api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt()
+ .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))))
.andExpect(status().isOk())
.andExpect(content().string(secret));
}
@Test
void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception {
- api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("admin"))))
+ api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt()
+ .authorities(new SimpleGrantedAuthority("admin"))))
.andExpect(status().isForbidden());
}