From 9ffebf472a3f58d806e617c7132490ebfe71d13a Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Mon, 12 Sep 2022 15:35:56 +0430 Subject: [PATCH 1/9] #BAEL-5443: 1- add http.oauth2Login() 2- remove KeycloakAdpter Beans --- .../com/baeldung/keycloak/SecurityConfig.java | 35 +++++++------------ 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java index 826f475a6e..c3f87627ff 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java +++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java @@ -1,42 +1,31 @@ package com.baeldung.keycloak; -import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; -import org.keycloak.adapters.springsecurity.KeycloakConfiguration; -import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; -import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.session.SessionRegistryImpl; import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; -@KeycloakConfiguration -class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { - // Submits the KeycloakAuthenticationProvider to the AuthenticationManager - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider(); - keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper()); - auth.authenticationProvider(keycloakAuthenticationProvider); - } +@Configuration +@EnableWebSecurity +class SecurityConfig extends WebSecurityConfigurerAdapter { - // Specifies the session authentication strategy @Bean - @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); } @Override protected void configure(HttpSecurity http) throws Exception { - super.configure(http); http.authorizeRequests() - .antMatchers("/customers*", "/users*") - .hasRole("user") - .anyRequest() - .permitAll(); + .antMatchers("/customers*", "/users*") + .hasRole("USER") + .anyRequest() + .permitAll(); + http.oauth2Login(); } + } From 326ce93f676246e0833152b58efc6426d072ff75 Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Mon, 12 Sep 2022 15:36:30 +0430 Subject: [PATCH 2/9] #BAEL-5443: add oauth2-client dependency --- spring-boot-modules/spring-boot-keycloak/pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spring-boot-modules/spring-boot-keycloak/pom.xml b/spring-boot-modules/spring-boot-keycloak/pom.xml index 9e39176765..4f30d32bec 100644 --- a/spring-boot-modules/spring-boot-keycloak/pom.xml +++ b/spring-boot-modules/spring-boot-keycloak/pom.xml @@ -47,6 +47,10 @@ spring-boot-starter-test test + + org.springframework.boot + spring-boot-starter-oauth2-client + org.springframework.boot spring-boot-starter-security From 359a33a2badc0ed477bfd76966566fd36b17d228 Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Mon, 12 Sep 2022 15:39:41 +0430 Subject: [PATCH 3/9] #BAEL-5443: add spring.security.oauth2.client properties --- .../src/main/resources/application.properties | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties index 9dfd3ea720..9d07dbc2e1 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties +++ b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties @@ -2,10 +2,13 @@ server.port=8081 #Keycloak Configuration -keycloak.auth-server-url=http://localhost:8180/auth +keycloak.auth-server-url=http://keycloak.dev.modernisc.com:8180/auth keycloak.realm=SpringBootKeycloak keycloak.resource=login-app keycloak.public-client=true -#keycloak.security-constraints[0].authRoles[0]=user -#keycloak.security-constraints[0].securityCollections[0].patterns[0]=/customers/* -keycloak.principal-attribute=preferred_username \ No newline at end of file +keycloak.principal-attribute=preferred_username + +spring.security.oauth2.client.registration.keycloak.client-id=login-app +spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code +spring.security.oauth2.client.provider.keycloak.issuer-uri=http://keycloak.dev.modernisc.com:8180/auth/realms/SpringBootKeycloak +spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username \ No newline at end of file From bca12a0764b82b389454daa56dc4a38b31b7d892 Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Wed, 14 Sep 2022 11:00:25 +0430 Subject: [PATCH 4/9] #BAEL-5443: add scope to properties --- .../src/main/resources/application.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties index 9d07dbc2e1..2c3e6abdeb 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties +++ b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties @@ -10,5 +10,6 @@ keycloak.principal-attribute=preferred_username spring.security.oauth2.client.registration.keycloak.client-id=login-app spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.keycloak.scope=openid spring.security.oauth2.client.provider.keycloak.issuer-uri=http://keycloak.dev.modernisc.com:8180/auth/realms/SpringBootKeycloak spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username \ No newline at end of file From 898661f1429e6e9639aba9f43b230260579c3d3a Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Wed, 14 Sep 2022 11:02:02 +0430 Subject: [PATCH 5/9] #BAEL-5443: add logout config --- .../java/com/baeldung/keycloak/SecurityConfig.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java index c3f87627ff..88f829e567 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java +++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SecurityConfig.java @@ -13,6 +13,12 @@ import org.springframework.security.web.authentication.session.SessionAuthentica @EnableWebSecurity class SecurityConfig extends WebSecurityConfigurerAdapter { + private final KeycloakLogoutHandler keycloakLogoutHandler; + + SecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) { + this.keycloakLogoutHandler = keycloakLogoutHandler; + } + @Bean protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); @@ -25,7 +31,11 @@ class SecurityConfig extends WebSecurityConfigurerAdapter { .hasRole("USER") .anyRequest() .permitAll(); - http.oauth2Login(); + http.oauth2Login() + .and() + .logout() + .addLogoutHandler(keycloakLogoutHandler) + .logoutSuccessUrl("/"); } } From 61073210eaecfd3a8e3be2dc33ea34ad3e0db698 Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Wed, 14 Sep 2022 11:02:44 +0430 Subject: [PATCH 6/9] #BAEL-5443: add resttemplate for logout --- .../src/main/java/com/baeldung/keycloak/SpringBoot.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SpringBoot.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SpringBoot.java index d67dd05fc7..90d7e774a4 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SpringBoot.java +++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/SpringBoot.java @@ -2,6 +2,8 @@ package com.baeldung.keycloak; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import org.springframework.web.client.RestTemplate; @SpringBootApplication @@ -11,4 +13,8 @@ public class SpringBoot { SpringApplication.run(SpringBoot.class, args); } + @Bean + public RestTemplate restTemplate() { + return new RestTemplate(); + } } From 886d7c1fbf773f0768c821a682c319d461676bff Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Wed, 14 Sep 2022 11:03:04 +0430 Subject: [PATCH 7/9] #BAEL-5443: add logout handler --- .../keycloak/KeycloakLogoutHandler.java | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java new file mode 100644 index 0000000000..06c41e9b1d --- /dev/null +++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java @@ -0,0 +1,45 @@ +package com.baeldung.keycloak; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.core.oidc.user.OidcUser; +import org.springframework.security.web.authentication.logout.LogoutHandler; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@Component +public class KeycloakLogoutHandler implements LogoutHandler { + + private static final Logger logger = LoggerFactory.getLogger(KeycloakLogoutHandler.class); + private final RestTemplate restTemplate; + + public KeycloakLogoutHandler(RestTemplate restTemplate) { + this.restTemplate = restTemplate; + } + + @Override + public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) { + logoutFromKeycloak((OidcUser) auth.getPrincipal()); + } + + private void logoutFromKeycloak(OidcUser user) { + String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout"; + UriComponentsBuilder builder = UriComponentsBuilder + .fromUriString(endSessionEndpoint) + .queryParam("id_token_hint", user.getIdToken().getTokenValue()); + + ResponseEntity logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class); + if (logoutResponse.getStatusCode().is2xxSuccessful()) { + logger.info("Successfulley logged out from Keycloak"); + } else { + logger.error("Could not propagate logout to Keycloak"); + } + } + +} From 1a24c7dccbbf257839b5338149b63527c8ee273a Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Sun, 18 Sep 2022 11:40:59 +0430 Subject: [PATCH 8/9] #BAEL-5443: Fix the keycloak url --- .../src/main/resources/application.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties index 2c3e6abdeb..323617e2ef 100644 --- a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties +++ b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application.properties @@ -2,7 +2,7 @@ server.port=8081 #Keycloak Configuration -keycloak.auth-server-url=http://keycloak.dev.modernisc.com:8180/auth +keycloak.auth-server-url=http://localhost:8180/auth keycloak.realm=SpringBootKeycloak keycloak.resource=login-app keycloak.public-client=true @@ -11,5 +11,5 @@ keycloak.principal-attribute=preferred_username spring.security.oauth2.client.registration.keycloak.client-id=login-app spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code spring.security.oauth2.client.registration.keycloak.scope=openid -spring.security.oauth2.client.provider.keycloak.issuer-uri=http://keycloak.dev.modernisc.com:8180/auth/realms/SpringBootKeycloak +spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8180/auth/realms/SpringBootKeycloak spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username \ No newline at end of file From 7b82660b2e421bc89b2ce1d519f13400e08a12cd Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Mon, 19 Sep 2022 09:03:20 +0430 Subject: [PATCH 9/9] #BAEL-5443: Remove the test --- .../java/com/baeldung/SpringContextTest.java | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/SpringContextTest.java diff --git a/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/SpringContextTest.java b/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/SpringContextTest.java deleted file mode 100644 index 3f3ecd87d0..0000000000 --- a/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/SpringContextTest.java +++ /dev/null @@ -1,17 +0,0 @@ -package com.baeldung; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.context.junit4.SpringRunner; - -import com.baeldung.keycloak.SpringBoot; - -@RunWith(SpringRunner.class) -@SpringBootTest(classes = SpringBoot.class) -public class SpringContextTest { - - @Test - public void whenSpringContextIsBootstrapped_thenNoExceptions() { - } -}