BAEL-5717 - Removing deprecated Keycloak Adapter and use Spring OAuth2 resource server instead (#12665)

2022-09-05 08:27:12 +02:00 · 2022-09-05 08:27:12 +02:00 · 39acb99790
parent f56135fa93
commit 39acb99790
7 changed files with 50 additions and 95 deletions
--- a/spring-boot-modules/spring-boot-testing-2/pom.xml
+++ b/spring-boot-modules/spring-boot-testing-2/pom.xml
@ -47,8 +47,8 @@
            <scope>test</scope>
        </dependency>
        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-spring-boot-starter</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -68,18 +68,6 @@
        </dependency>
    </dependencies>

-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.keycloak.bom</groupId>
-                <artifactId>keycloak-adapter-bom</artifactId>
-                <version>${keycloak-adapter.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
    <build>
        <plugins>
            <plugin>
@ -109,7 +97,6 @@
        <start-class>com.baeldung.boot.Application</start-class>
        <testcontainers.version>1.17.2</testcontainers.version>
        <testcontainers-keycloak.version>1.10.0</testcontainers-keycloak.version>
-        <keycloak-adapter.version>13.0.1</keycloak-adapter.version>
    </properties>

 </project>
--- a/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/KeycloakConfiguration.java
+++ b/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/KeycloakConfiguration.java
@ -1,14 +0,0 @@
-package com.baeldung.keycloaktestcontainers.configuration;
-
-import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-public class KeycloakConfiguration {
-
-    @Bean
-    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
-        return new KeycloakSpringBootConfigResolver();
-    }
-}
--- a/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/KeycloakSecurityConfiguration.java
+++ b/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/KeycloakSecurityConfiguration.java
@ -1,46 +0,0 @@
-package com.baeldung.keycloaktestcontainers.configuration;
-
-import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
-import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-
-@KeycloakConfiguration
-@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
-public class KeycloakSecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) {
-        auth.authenticationProvider(keycloakAuthenticationProvider());
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Bean
-    @Override
-    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-        return new NullAuthenticatedSessionStrategy();
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        super.configure(http);
-
-        http.csrf()
-            .disable()
-            .cors()
-            .and()
-            .authorizeRequests()
-            .anyRequest()
-            .authenticated();
-    }
-}
--- a/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/WebSecurityConfiguration.java
+++ b/spring-boot-modules/spring-boot-testing-2/src/main/java/com/baeldung/keycloaktestcontainers/configuration/WebSecurityConfiguration.java
@ -0,0 +1,34 @@
+package com.baeldung.keycloaktestcontainers.configuration;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+@Configuration
+@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
+public class WebSecurityConfiguration {
+
+    @Bean
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new NullAuthenticatedSessionStrategy();
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+        return http.csrf()
+            .disable()
+            .cors()
+            .and()
+            .authorizeHttpRequests(auth -> auth.anyRequest()
+                .authenticated())
+            .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
+            .build();
+
+    }
+}
--- a/spring-boot-modules/spring-boot-testing-2/src/main/resources/application.properties
+++ b/spring-boot-modules/spring-boot-testing-2/src/main/resources/application.properties
@ -1,4 +1,2 @@
 keycloak.enabled=true
-keycloak.realm=baeldung
-keycloak.resource=baeldung-api
-keycloak.auth-server-url=http://localhost:8081
+spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8180/auth/realms/baeldung-api
--- a/spring-boot-modules/spring-boot-testing-2/src/test/java/com/baeldung/keycloaktestcontainers/KeycloakTestContainers.java
+++ b/spring-boot-modules/spring-boot-testing-2/src/test/java/com/baeldung/keycloaktestcontainers/KeycloakTestContainers.java
@ -12,12 +12,10 @@ import org.slf4j.LoggerFactory;
 import org.springframework.boot.json.JacksonJsonParser;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.boot.test.util.TestPropertyValues;
-import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.context.ApplicationContextInitializer;
-import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.http.MediaType;
-import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.DynamicPropertyRegistry;
+import org.springframework.test.context.DynamicPropertySource;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.reactive.function.BodyInserters;
@ -26,7 +24,6 @@ import org.springframework.web.reactive.function.client.WebClient;
 import dasniko.testcontainers.keycloak.KeycloakContainer;
 import io.restassured.RestAssured;

-@ContextConfiguration(initializers = { KeycloakTestContainers.Initializer.class })
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 public abstract class KeycloakTestContainers {

@ -35,20 +32,21 @@ public abstract class KeycloakTestContainers {
    @LocalServerPort
    private int port;

-    static final KeycloakContainer keycloak = new KeycloakContainer().withRealmImportFile("keycloak/realm-export.json");
+    static final KeycloakContainer keycloak;
+
+    static {
+        keycloak = new KeycloakContainer().withRealmImportFile("keycloak/realm-export.json");
+        keycloak.start();
+    }

    @PostConstruct
    public void init() {
        RestAssured.baseURI = "http://localhost:" + port;
    }

-    static class Initializer implements ApplicationContextInitializer<ConfigurableApplicationContext> {
-
-        public void initialize(ConfigurableApplicationContext configurableApplicationContext) {
-            keycloak.start();
-            TestPropertyValues.of("keycloak.auth-server-url=" + keycloak.getAuthServerUrl())
-                .applyTo(configurableApplicationContext.getEnvironment());
-        }
+    @DynamicPropertySource
+    static void registerResourceServerIssuerProperty(DynamicPropertyRegistry registry) {
+        registry.add("spring.security.oauth2.resourceserver.jwt.issuer-uri", () -> keycloak.getAuthServerUrl() + "/realms/baeldung");
    }

    protected String getJaneDoeBearer() {
--- a/spring-boot-modules/spring-boot-testing-2/src/test/resources/application.properties
+++ b/spring-boot-modules/spring-boot-testing-2/src/test/resources/application.properties
@ -1,4 +1,2 @@
 keycloak.enabled=true
-keycloak.realm=baeldung
-keycloak.resource=baeldung-api
-keycloak.auth-server-url=http://localhost:8081
+spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8180/auth/realms/baeldung