From 8422a655ac9a3fec52fb7953cfdaf13ec1537f83 Mon Sep 17 00:00:00 2001
From: Christian German <64325154+christian-german@users.noreply.github.com>
Date: Tue, 7 Jun 2022 06:12:52 +0200
Subject: [PATCH] BAEL-5252-Disable-Keycloak-Security-in-Spring-Boot (#12218)

---
 .../com/baeldung/disablingkeycloak/App.java   | 13 ++++++
 .../DisableSecurityConfiguration.java         | 20 ++++++++++
 .../KeycloakConfiguration.java                | 14 +++++++
 .../KeycloakSecurityConfig.java               | 38 ++++++++++++++++++
 .../com/baeldung/disablingkeycloak/User.java  | 40 +++++++++++++++++++
 .../disablingkeycloak/UserController.java     | 17 ++++++++
 .../application-disabling-keycloak.properties |  7 ++++
 .../DisablingKeycloakIntegrationTest.java     | 33 +++++++++++++++
 .../application-disablingkeycloak.properties  |  1 +
 9 files changed, 183 insertions(+)
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/App.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/DisableSecurityConfiguration.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakConfiguration.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakSecurityConfig.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/User.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/UserController.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/resources/application-disabling-keycloak.properties
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/disablingkeycloak/DisablingKeycloakIntegrationTest.java
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/test/resources/application-disablingkeycloak.properties

diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/App.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/App.java
new file mode 100644
index 0000000000..9655c80cc0
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/App.java
@@ -0,0 +1,13 @@
+package com.baeldung.disablingkeycloak;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = { "com.baeldung.disablingkeycloak" })
+public class App {
+
+    public static void main(String[] args) {
+        SpringApplication.run(App.class, args);
+    }
+
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/DisableSecurityConfiguration.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/DisableSecurityConfiguration.java
new file mode 100644
index 0000000000..619fd63662
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/DisableSecurityConfiguration.java
@@ -0,0 +1,20 @@
+package com.baeldung.disablingkeycloak;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "false")
+public class DisableSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .anyRequest()
+            .permitAll();
+    }
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakConfiguration.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakConfiguration.java
new file mode 100644
index 0000000000..a9a2ea6a18
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakConfiguration.java
@@ -0,0 +1,14 @@
+package com.baeldung.disablingkeycloak;
+
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class KeycloakConfiguration {
+
+    @Bean
+    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
+        return new KeycloakSpringBootConfigResolver();
+    }
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakSecurityConfig.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakSecurityConfig.java
new file mode 100644
index 0000000000..d48c99d8fd
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/KeycloakSecurityConfig.java
@@ -0,0 +1,38 @@
+package com.baeldung.disablingkeycloak;
+
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+@KeycloakConfiguration
+@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
+public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        auth.authenticationProvider(keycloakAuthenticationProvider());
+    }
+
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new NullAuthenticatedSessionStrategy();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .anyRequest()
+            .authenticated();
+    }
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/User.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/User.java
new file mode 100644
index 0000000000..78d4a9913a
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/User.java
@@ -0,0 +1,40 @@
+package com.baeldung.disablingkeycloak;
+
+public class User {
+    private Long id;
+    private String firstname;
+    private String lastname;
+
+    public User() {
+    }
+
+    public User(Long id, String firstname, String lastname) {
+        this.id = id;
+        this.firstname = firstname;
+        this.lastname = lastname;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getFirstname() {
+        return firstname;
+    }
+
+    public void setFirstname(String firstname) {
+        this.firstname = firstname;
+    }
+
+    public String getLastname() {
+        return lastname;
+    }
+
+    public void setLastname(String lastname) {
+        this.lastname = lastname;
+    }
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/UserController.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/UserController.java
new file mode 100644
index 0000000000..19b429a78d
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/disablingkeycloak/UserController.java
@@ -0,0 +1,17 @@
+package com.baeldung.disablingkeycloak;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/users")
+public class UserController {
+
+    @GetMapping("/{userId}")
+    public User getCustomer(@PathVariable Long userId) {
+        return new User(userId, "John", "Doe");
+    }
+
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/resources/application-disabling-keycloak.properties b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application-disabling-keycloak.properties
new file mode 100644
index 0000000000..21263cf725
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/resources/application-disabling-keycloak.properties
@@ -0,0 +1,7 @@
+# Keycloak authentication is enabled for production.
+keycloak.enabled=true
+keycloak.realm=SpringBootKeycloak
+keycloak.auth-server-url=http://localhost:8180/auth
+keycloak.resource=login-app
+keycloak.bearer-only=true
+keycloak.ssl-required=external
diff --git a/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/disablingkeycloak/DisablingKeycloakIntegrationTest.java b/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/disablingkeycloak/DisablingKeycloakIntegrationTest.java
new file mode 100644
index 0000000000..cf70f7e7c3
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/test/java/com/baeldung/disablingkeycloak/DisablingKeycloakIntegrationTest.java
@@ -0,0 +1,33 @@
+package com.baeldung.disablingkeycloak;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.apache.http.HttpStatus;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@SpringBootTest(classes = App.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@RunWith(SpringRunner.class)
+@ActiveProfiles("disablingkeycloak")
+public class DisablingKeycloakIntegrationTest {
+
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+    @Test
+    public void givenUnauthenticated_whenGettingUser_shouldReturnUser() {
+        ResponseEntity<User> responseEntity = restTemplate.getForEntity("/users/1", User.class);
+
+        assertEquals(HttpStatus.SC_OK, responseEntity.getStatusCodeValue());
+        assertNotNull(responseEntity.getBody()
+            .getFirstname());
+    }
+
+}
diff --git a/spring-boot-modules/spring-boot-keycloak/src/test/resources/application-disablingkeycloak.properties b/spring-boot-modules/spring-boot-keycloak/src/test/resources/application-disablingkeycloak.properties
new file mode 100644
index 0000000000..db2c8fc59a
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/test/resources/application-disablingkeycloak.properties
@@ -0,0 +1 @@
+keycloak.enabled=false