JAVA-14471 Update Keycloak articles - deprecated client adapters
This commit is contained in:
parent
e80b67b507
commit
a53ee3f0cb
|
@ -0,0 +1,7 @@
|
||||||
|
## Spring Boot Keycloak
|
||||||
|
|
||||||
|
This module contains articles about Keycloak in Spring Boot projects.
|
||||||
|
|
||||||
|
## Relevant articles:
|
||||||
|
- [Custom User Attributes with Keycloak](https://www.baeldung.com/keycloak-custom-user-attributes)
|
||||||
|
- [Get Keycloak User ID in Spring](https://www.baeldung.com/spring-keycloak-get-user-id)
|
|
@ -0,0 +1,91 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<groupId>com.baeldung.keycloak</groupId>
|
||||||
|
<artifactId>spring-boot-keycloak-adapters</artifactId>
|
||||||
|
<version>0.0.1</version>
|
||||||
|
<name>spring-boot-keycloak-adapters</name>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
<description>This is a simple application demonstrating integration between Keycloak and Spring Boot.</description>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>com.baeldung</groupId>
|
||||||
|
<artifactId>parent-boot-2</artifactId>
|
||||||
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
|
<relativePath>../../parent-boot-2</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<dependencyManagement>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak.bom</groupId>
|
||||||
|
<artifactId>keycloak-adapter-bom</artifactId>
|
||||||
|
<version>${keycloak-adapter-bom.version}</version>
|
||||||
|
<type>pom</type>
|
||||||
|
<scope>import</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</dependencyManagement>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-spring-boot-starter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-data-jpa</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-test</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-oauth2-client</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.hsqldb</groupId>
|
||||||
|
<artifactId>hsqldb</artifactId>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-test</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<keycloak-adapter-bom.version>15.0.2</keycloak-adapter-bom.version>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,49 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import javax.persistence.Entity;
|
||||||
|
import javax.persistence.GeneratedValue;
|
||||||
|
import javax.persistence.GenerationType;
|
||||||
|
import javax.persistence.Id;
|
||||||
|
|
||||||
|
@Entity
|
||||||
|
public class Customer {
|
||||||
|
@Id
|
||||||
|
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||||
|
private long id;
|
||||||
|
private String name;
|
||||||
|
private String serviceRendered;
|
||||||
|
private String address;
|
||||||
|
|
||||||
|
public long getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setId(long id) {
|
||||||
|
this.id = id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getName() {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setName(String name) {
|
||||||
|
this.name = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getServiceRendered() {
|
||||||
|
return serviceRendered;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setServiceRendered(String serviceRendered) {
|
||||||
|
this.serviceRendered = serviceRendered;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAddress() {
|
||||||
|
return address;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAddress(String address) {
|
||||||
|
this.address = address;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.data.repository.CrudRepository;
|
||||||
|
|
||||||
|
public interface CustomerDAO extends CrudRepository<Customer, Long> {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,45 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||||
|
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
import org.springframework.web.util.UriComponentsBuilder;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
@Component
|
||||||
|
public class KeycloakLogoutHandler implements LogoutHandler {
|
||||||
|
|
||||||
|
private static final Logger logger = LoggerFactory.getLogger(KeycloakLogoutHandler.class);
|
||||||
|
private final RestTemplate restTemplate;
|
||||||
|
|
||||||
|
public KeycloakLogoutHandler(RestTemplate restTemplate) {
|
||||||
|
this.restTemplate = restTemplate;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) {
|
||||||
|
logoutFromKeycloak((OidcUser) auth.getPrincipal());
|
||||||
|
}
|
||||||
|
|
||||||
|
private void logoutFromKeycloak(OidcUser user) {
|
||||||
|
String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
|
||||||
|
UriComponentsBuilder builder = UriComponentsBuilder
|
||||||
|
.fromUriString(endSessionEndpoint)
|
||||||
|
.queryParam("id_token_hint", user.getIdToken().getTokenValue());
|
||||||
|
|
||||||
|
ResponseEntity<String> logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class);
|
||||||
|
if (logoutResponse.getStatusCode().is2xxSuccessful()) {
|
||||||
|
logger.info("Successfulley logged out from Keycloak");
|
||||||
|
} else {
|
||||||
|
logger.error("Could not propagate logout to Keycloak");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||||
|
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
class SecurityConfig {
|
||||||
|
|
||||||
|
private final KeycloakLogoutHandler keycloakLogoutHandler;
|
||||||
|
|
||||||
|
SecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) {
|
||||||
|
this.keycloakLogoutHandler = keycloakLogoutHandler;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||||
|
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
|
http.authorizeRequests()
|
||||||
|
.antMatchers("/customers*", "/users*")
|
||||||
|
.hasRole("USER")
|
||||||
|
.anyRequest()
|
||||||
|
.permitAll();
|
||||||
|
http.oauth2Login()
|
||||||
|
.and()
|
||||||
|
.logout()
|
||||||
|
.addLogoutHandler(keycloakLogoutHandler)
|
||||||
|
.logoutSuccessUrl("/");
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,20 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.web.client.RestTemplate;
|
||||||
|
|
||||||
|
@SpringBootApplication
|
||||||
|
|
||||||
|
public class SpringBoot {
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(SpringBoot.class, args);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public RestTemplate restTemplate() {
|
||||||
|
return new RestTemplate();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,60 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.springframework.stereotype.Controller;
|
||||||
|
import org.springframework.ui.Model;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
|
||||||
|
import java.security.Principal;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
@Controller
|
||||||
|
public class WebController {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private CustomerDAO customerDAO;
|
||||||
|
|
||||||
|
@GetMapping(path = "/")
|
||||||
|
public String index() {
|
||||||
|
return "external";
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/logout")
|
||||||
|
public String logout(HttpServletRequest request) throws Exception {
|
||||||
|
request.logout();
|
||||||
|
return "redirect:/";
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping(path = "/customers")
|
||||||
|
public String customers(Principal principal, Model model) {
|
||||||
|
addCustomers();
|
||||||
|
Iterable<Customer> customers = customerDAO.findAll();
|
||||||
|
model.addAttribute("customers", customers);
|
||||||
|
model.addAttribute("username", principal.getName());
|
||||||
|
return "customers";
|
||||||
|
}
|
||||||
|
|
||||||
|
// add customers for demonstration
|
||||||
|
public void addCustomers() {
|
||||||
|
|
||||||
|
Customer customer1 = new Customer();
|
||||||
|
customer1.setAddress("1111 foo blvd");
|
||||||
|
customer1.setName("Foo Industries");
|
||||||
|
customer1.setServiceRendered("Important services");
|
||||||
|
customerDAO.save(customer1);
|
||||||
|
|
||||||
|
Customer customer2 = new Customer();
|
||||||
|
customer2.setAddress("2222 bar street");
|
||||||
|
customer2.setName("Bar LLP");
|
||||||
|
customer2.setServiceRendered("Important services");
|
||||||
|
customerDAO.save(customer2);
|
||||||
|
|
||||||
|
Customer customer3 = new Customer();
|
||||||
|
customer3.setAddress("33 main street");
|
||||||
|
customer3.setName("Big LLC");
|
||||||
|
customer3.setServiceRendered("Important services");
|
||||||
|
customerDAO.save(customer3);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
### server port
|
||||||
|
server.port=8081
|
||||||
|
|
||||||
|
#Keycloak Configuration
|
||||||
|
keycloak.auth-server-url=http://localhost:8180/auth
|
||||||
|
keycloak.realm=SpringBootKeycloak
|
||||||
|
keycloak.resource=login-app
|
||||||
|
keycloak.public-client=true
|
||||||
|
keycloak.principal-attribute=preferred_username
|
||||||
|
|
||||||
|
spring.security.oauth2.client.registration.keycloak.client-id=login-app
|
||||||
|
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
||||||
|
spring.security.oauth2.client.registration.keycloak.scope=openid
|
||||||
|
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8180/auth/realms/SpringBootKeycloak
|
||||||
|
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
|
@ -0,0 +1,13 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<configuration>
|
||||||
|
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
||||||
|
<encoder>
|
||||||
|
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
|
||||||
|
</pattern>
|
||||||
|
</encoder>
|
||||||
|
</appender>
|
||||||
|
|
||||||
|
<root level="INFO">
|
||||||
|
<appender-ref ref="STDOUT" />
|
||||||
|
</root>
|
||||||
|
</configuration>
|
|
@ -0,0 +1,34 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
<head th:include="layout :: headerFragment">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="container">
|
||||||
|
<h1>
|
||||||
|
Hello, <span th:text="${username}">--name--</span>.
|
||||||
|
</h1>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>ID</th>
|
||||||
|
<th>Name</th>
|
||||||
|
<th>Address</th>
|
||||||
|
<th>Service Rendered</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr th:each="customer : ${customers}">
|
||||||
|
<td th:text="${customer.id}">Text ...</td>
|
||||||
|
<td th:text="${customer.name}">Text ...</td>
|
||||||
|
<td th:text="${customer.address}">Text ...</td>
|
||||||
|
<td th:text="${customer.serviceRendered}">Text...</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<div id="pagefoot" th:include="layout :: footerFragment">Footer
|
||||||
|
</div>
|
||||||
|
<a href="/logout">Logout</a>
|
||||||
|
</div>
|
||||||
|
<!-- container -->
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,31 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
<head th:include="layout :: headerFragment">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container">
|
||||||
|
<div class="jumbotron text-center">
|
||||||
|
<h1>Customer Portal</h1>
|
||||||
|
</div>
|
||||||
|
<div>
|
||||||
|
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam
|
||||||
|
erat lectus, vehicula feugiat ultricies at, tempus sed ante. Cras
|
||||||
|
arcu erat, lobortis vitae quam et, mollis pharetra odio. Nullam sit
|
||||||
|
amet congue ipsum. Nunc dapibus odio ut ligula venenatis porta non
|
||||||
|
id dui. Duis nec tempor tellus. Suspendisse id blandit ligula, sit
|
||||||
|
amet varius mauris. Nulla eu eros pharetra, tristique dui quis,
|
||||||
|
vehicula libero. Aenean a neque sit amet tellus porttitor rutrum nec
|
||||||
|
at leo.</p>
|
||||||
|
|
||||||
|
<h2>Existing Customers</h2>
|
||||||
|
<div class="well">
|
||||||
|
<b>Enter the intranet: </b><a th:href="@{/customers}">customers</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div id="pagefoot" th:include="layout :: footerFragment">Footer
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<!-- container -->
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,18 @@
|
||||||
|
|
||||||
|
<head th:fragment="headerFragment">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||||
|
<title>Customer Portal</title>
|
||||||
|
<link
|
||||||
|
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
|
||||||
|
rel="stylesheet"
|
||||||
|
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
|
||||||
|
crossorigin="anonymous"></link>
|
||||||
|
<link
|
||||||
|
href="https://cdn.datatables.net/1.10.16/css/jquery.dataTables.min.css"
|
||||||
|
rel="stylesheet"></link>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<div id="pagefoot" th:fragment="footerFragment">
|
||||||
|
<p>Document last modified 2017/10/23.</p>
|
||||||
|
<p>Copyright: Lorem Ipsum</p>
|
||||||
|
</div>
|
|
@ -4,9 +4,8 @@ This module contains articles about Keycloak in Spring Boot projects.
|
||||||
|
|
||||||
## Relevant articles:
|
## Relevant articles:
|
||||||
- [A Quick Guide to Using Keycloak With Spring Boot](https://www.baeldung.com/spring-boot-keycloak)
|
- [A Quick Guide to Using Keycloak With Spring Boot](https://www.baeldung.com/spring-boot-keycloak)
|
||||||
- [Custom User Attributes with Keycloak](https://www.baeldung.com/keycloak-custom-user-attributes)
|
|
||||||
- [Customizing the Login Page for Keycloak](https://www.baeldung.com/keycloak-custom-login-page)
|
- [Customizing the Login Page for Keycloak](https://www.baeldung.com/keycloak-custom-login-page)
|
||||||
- [Keycloak User Self-Registration](https://www.baeldung.com/keycloak-user-registration)
|
- [Keycloak User Self-Registration](https://www.baeldung.com/keycloak-user-registration)
|
||||||
- [Customizing Themes for Keycloak](https://www.baeldung.com/spring-keycloak-custom-themes)
|
- [Customizing Themes for Keycloak](https://www.baeldung.com/spring-keycloak-custom-themes)
|
||||||
- [Securing SOAP Web Services With Keycloak](https://www.baeldung.com/soap-keycloak)
|
- [Securing SOAP Web Services With Keycloak](https://www.baeldung.com/soap-keycloak)
|
||||||
- [Get Keycloak User ID in Spring](https://www.baeldung.com/spring-keycloak-get-user-id)
|
|
||||||
|
|
|
@ -17,26 +17,14 @@
|
||||||
<relativePath>../../parent-boot-2</relativePath>
|
<relativePath>../../parent-boot-2</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<dependencyManagement>
|
|
||||||
<dependencies>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.keycloak.bom</groupId>
|
|
||||||
<artifactId>keycloak-adapter-bom</artifactId>
|
|
||||||
<version>${keycloak-adapter-bom.version}</version>
|
|
||||||
<type>pom</type>
|
|
||||||
<scope>import</scope>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
|
||||||
</dependencyManagement>
|
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter</artifactId>
|
<artifactId>spring-boot-starter</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>keycloak-spring-boot-starter</artifactId>
|
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
@ -113,8 +101,4 @@
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
<properties>
|
|
||||||
<keycloak-adapter-bom.version>15.0.2</keycloak-adapter-bom.version>
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
</project>
|
</project>
|
|
@ -2,8 +2,11 @@ package com.baeldung.keycloak;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||||
|
@ -36,6 +39,13 @@ class SecurityConfig {
|
||||||
.logout()
|
.logout()
|
||||||
.addLogoutHandler(keycloakLogoutHandler)
|
.addLogoutHandler(keycloakLogoutHandler)
|
||||||
.logoutSuccessUrl("/");
|
.logoutSuccessUrl("/");
|
||||||
|
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
|
||||||
|
return http.getSharedObject(AuthenticationManagerBuilder.class)
|
||||||
|
.build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,54 +1,27 @@
|
||||||
package com.baeldung.keycloaksoap;
|
package com.baeldung.keycloaksoap;
|
||||||
|
|
||||||
import org.keycloak.adapters.KeycloakConfigResolver;
|
|
||||||
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
|
||||||
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
|
|
||||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
|
||||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
|
||||||
|
|
||||||
@KeycloakConfiguration
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true")
|
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true")
|
||||||
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
||||||
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
public class KeycloakSecurityConfig {
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
@Bean
|
||||||
super.configure(http);
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
//@formatter:off
|
http.csrf()
|
||||||
http
|
|
||||||
.csrf()
|
|
||||||
.disable()
|
.disable()
|
||||||
.authorizeRequests()
|
.authorizeHttpRequests(auth -> auth.anyRequest()
|
||||||
.anyRequest()
|
.authenticated())
|
||||||
.permitAll();
|
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||||
//@formatter:on
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
|
||||||
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
|
|
||||||
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
|
||||||
auth.authenticationProvider(keycloakAuthenticationProvider);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
@Override
|
|
||||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
|
||||||
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public KeycloakConfigResolver keycloakSpringBootConfigResolver() {
|
|
||||||
return new KeycloakSpringBootConfigResolver();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,8 @@
|
||||||
server.port=18080
|
server.port=18080
|
||||||
|
|
||||||
keycloak.enabled=true
|
keycloak.enabled=true
|
||||||
keycloak.realm=baeldung-soap-services
|
|
||||||
keycloak.auth-server-url=http://localhost:8080/auth
|
|
||||||
keycloak.bearer-only=true
|
|
||||||
keycloak.credentials.secret=14da6f9e-261f-489a-9bf0-1441e4a9ddc4
|
|
||||||
keycloak.ssl-required=external
|
|
||||||
keycloak.resource=baeldung-soap-services
|
|
||||||
keycloak.use-resource-role-mappings=true
|
|
||||||
|
|
||||||
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/baeldung-soap-services
|
||||||
|
|
||||||
# Custom properties begin here
|
# Custom properties begin here
|
||||||
ws.api.path=/ws/api/v1/*
|
ws.api.path=/ws/api/v1/*
|
||||||
|
|
|
@ -1,15 +1,10 @@
|
||||||
### server port
|
### server port
|
||||||
server.port=8081
|
server.port=8081
|
||||||
|
|
||||||
#Keycloak Configuration
|
|
||||||
keycloak.auth-server-url=http://localhost:8180/auth
|
|
||||||
keycloak.realm=SpringBootKeycloak
|
|
||||||
keycloak.resource=login-app
|
|
||||||
keycloak.public-client=true
|
|
||||||
keycloak.principal-attribute=preferred_username
|
|
||||||
|
|
||||||
spring.security.oauth2.client.registration.keycloak.client-id=login-app
|
spring.security.oauth2.client.registration.keycloak.client-id=login-app
|
||||||
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
||||||
spring.security.oauth2.client.registration.keycloak.scope=openid
|
spring.security.oauth2.client.registration.keycloak.scope=openid
|
||||||
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8180/auth/realms/SpringBootKeycloak
|
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8080/realms/SpringBootKeycloak
|
||||||
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
||||||
|
|
||||||
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/SpringBootKeycloak
|
|
@ -0,0 +1,18 @@
|
||||||
|
package com.baeldung.keycloak;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
|
import org.springframework.boot.test.context.SpringBootTest;
|
||||||
|
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||||
|
import com.baeldung.keycloak.SpringBoot;
|
||||||
|
|
||||||
|
@ExtendWith(SpringExtension.class)
|
||||||
|
@SpringBootTest(classes = { SpringBoot.class })
|
||||||
|
public class KeycloakContextIntegrationTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void whenLoadApplication_thenSuccess() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -105,7 +105,7 @@ class KeycloakSoapLiveTest {
|
||||||
void givenAccessToken_whenDeleteProduct_thenReturnSuccess() {
|
void givenAccessToken_whenDeleteProduct_thenReturnSuccess() {
|
||||||
HttpHeaders headers = new HttpHeaders();
|
HttpHeaders headers = new HttpHeaders();
|
||||||
headers.set("content-type", "text/xml");
|
headers.set("content-type", "text/xml");
|
||||||
headers.set("Authorization", "Bearer " + generateToken("jhondoe", "password"));
|
headers.set("Authorization", "Bearer " + generateToken("johndoe", "password"));
|
||||||
HttpEntity<String> request = new HttpEntity<>(Utility.getDeleteProductsRequest(), headers);
|
HttpEntity<String> request = new HttpEntity<>(Utility.getDeleteProductsRequest(), headers);
|
||||||
ResponseEntity<String> responseEntity = restTemplate.postForEntity("http://localhost:" + port + "/ws/api/v1/", request, String.class);
|
ResponseEntity<String> responseEntity = restTemplate.postForEntity("http://localhost:" + port + "/ws/api/v1/", request, String.class);
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
grant.type=password
|
grant.type=password
|
||||||
client.id=baeldung-soap-services
|
client.id=baeldung-soap-services
|
||||||
client.secret=d2ba7af8-f7d2-4c97-b4a5-3c88b59920ae
|
client.secret=d2ba7af8-f7d2-4c97-b4a5-3c88b59920ae
|
||||||
url=http://localhost:8080/auth/realms/baeldung-soap-services/protocol/openid-connect/token
|
url=http://localhost:8080/realms/baeldung-soap-services/protocol/openid-connect/token
|
||||||
|
|
||||||
|
keycloak.enabled=true
|
||||||
|
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/baeldung-soap-services
|
||||||
|
|
Loading…
Reference in New Issue