From eb4996272bbc2cac7f502cf550815cd36b8ef569 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Fri, 19 Apr 2024 23:09:30 -1000 Subject: [PATCH] BAEL-7704 : (CONFIGURATION) BAEL-7704 : Update to latest spring-addons. Fix conf: authentication converter was no used by the security filter-chain. Add docker compose file for a Keycloak instance with an imported realm. --- .../spring-security-oauth2-testing/.env | 1 + .../compose.yml | 23 + .../keycloak/import/baeldung-realm.json | 1827 +++++++++++++++++ .../keycloak/import/baeldung-users-0.json | 50 + .../spring-security-oauth2-testing/pom.xml | 60 +- .../reactive-resource-server/pom.xml | 1 + .../ReactiveResourceServerApplication.java | 61 +- .../src/main/resources/application.yaml | 6 - .../src/main/resources/application.yml | 11 + .../src/main/resources/banner.txt | 16 + ...ecurityTestGreetingControllerUnitTest.java | 24 +- .../servlet-resource-server/pom.xml | 1 + .../ServletResourceServerApplication.java | 28 +- .../src/main/resources/application.properties | 1 - .../src/main/resources/application.yml | 11 + .../src/main/resources/banner.txt | 16 + ...pringAddonsGreetingControllerUnitTest.java | 4 +- ...ecurityTestGreetingControllerUnitTest.java | 24 +- 18 files changed, 2065 insertions(+), 100 deletions(-) create mode 100644 spring-security-modules/spring-security-oauth2-testing/.env create mode 100644 spring-security-modules/spring-security-oauth2-testing/compose.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json create mode 100644 spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json delete mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml create mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt delete mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties create mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml create mode 100644 spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt diff --git a/spring-security-modules/spring-security-oauth2-testing/.env b/spring-security-modules/spring-security-oauth2-testing/.env new file mode 100644 index 0000000000..c4c692acb6 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/.env @@ -0,0 +1 @@ +KEYCLOAK_ADMIN_PASSWORD=admin \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/compose.yml b/spring-security-modules/spring-security-oauth2-testing/compose.yml new file mode 100644 index 0000000000..aa6b019360 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/compose.yml @@ -0,0 +1,23 @@ +name: baeldung-testing-oauth2 +services: + + keycloak: + image: quay.io/keycloak/keycloak:24.0.0 + volumes: + - ./keycloak/import/:/opt/keycloak/data/import/ + command: + - start-dev + - --import-realm + ports: + - 8080:8080 + environment: + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} + KC_HTTP_PORT: 8080 + KC_HOSTNAME_URL: http://localhost:8080 + KC_HOSTNAME_ADMIN_URL: http://localhost:8080 + KC_HTTP_RELATIVE_PATH: / + #KC_LOG_LEVEL: DEBUG + container_name: baeldung-testing-oauth2 + extra_hosts: + - "host.docker.internal:host-gateway" \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json new file mode 100644 index 0000000000..616f0c1f74 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-realm.json @@ -0,0 +1,1827 @@ +{ + "id" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "realm" : "baeldung", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxTemporaryLockouts" : 0, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "4ad869c1-56f3-45fd-b345-f107f2834de1", + "name" : "AUTHORIZED_PERSONNEL", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name" : "default-roles-baeldung", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "96fbbf77-c81e-472b-bb2e-184713dfffde", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + }, { + "id" : "cec72467-237c-4ae9-ae1d-ca84ff51b404", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "955d707a-3baa-4462-a53c-83ff73b30a12", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "81cbcb10-8e84-431e-8da8-07219be8d93d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "fa1adc6d-7b86-4dc6-a120-57eee9a4fe93", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "be5a19cb-fa00-486a-abfa-eb0dc86680fb", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "d76de5c9-10f2-4b68-9850-a16d9b2dd35a", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "6339f747-4f89-4e67-9c77-420524135d96", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "c9d5af42-6742-49cf-bd01-a730f4c3cc2e", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "56dccfed-9379-4cfb-a720-b9b9e1745048", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "e10c568f-c50f-4ee4-88cf-43f0c4a1dc2c", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "d12dcfc2-b649-4c11-ac55-41d6ab10f5c6", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "57977d45-f810-400a-81ca-63a9bdddd3b9", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "e14dfabc-3f03-42cf-a716-5261b7002914", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "800d272c-1327-485c-9d2f-576f3d9a0178", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "fdc10176-42c0-4b58-968a-35bfd5dbce20", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "23393ccd-3b70-4de8-9e00-0adbb11851ce", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "01a3847f-7602-400d-bedd-7545618559f3", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "7d8ac9c4-6d1b-4861-a0b9-0479cbd55b14", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "788677b0-3fbf-457d-8b62-25f305b86bcf", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + }, { + "id" : "642d82d5-1071-47a9-aca9-d0fbd28d0328", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-realm", "view-clients", "create-client", "view-users", "manage-identity-providers", "manage-authorization", "impersonation", "view-identity-providers", "manage-realm", "query-users", "query-realms", "view-authorization", "query-groups", "view-events", "manage-users", "manage-clients", "query-clients", "manage-events" ] + } + }, + "clientRole" : true, + "containerId" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "baeldung-confidential" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "9043c535-f6d3-44dc-8c48-d3983e04a93b", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "attributes" : { } + } ], + "account" : [ { + "id" : "4a188a41-39d9-47e6-b8de-6d9b42c7a414", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "da24f251-0c13-4035-84f1-16c5a3301ea6", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "26edbb7d-dd9f-4dd4-a282-a6e886e38302", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "b2c98d1e-4a85-4e11-901d-0207e9793acf", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "f244eb36-cf20-4e96-8233-fee1ee8da72e", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "a5ca4c2f-d8ad-4c8c-bfd4-1173dd7c1338", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "83f4a43c-07cd-43d5-af99-7825ea603ca9", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + }, { + "id" : "18642f4e-1e2a-4023-9947-7a425d8ed76e", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "bfdf00fe-5111-404b-858c-50dcb8a63e61", + "name" : "default-roles-baeldung", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "7a046c8d-77b1-4851-b4a9-e3a25a17e431" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "1b64b350-3ef8-4be6-b9ab-c53463b2fd1b", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/baeldung/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/baeldung/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4beaa749-404c-4a6a-9b04-72df4f9066a4", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/baeldung/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/baeldung/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "84f0fe2c-8381-4cd1-afa7-508c5cd6c83c", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d2a180a9-6ed6-42fd-a476-2ba0948cae8f", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "3172d7e0-ac9f-4728-ba8c-e1d35c6e14a4", + "clientId" : "baeldung-confidential", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "secret", + "redirectUris" : ["https://oauth.pstmn.io/v1/callback", "http://localhost:8080/*", "https://localhost:8080/*", "http://localhost:8081/*", "https://localhost:8081/*", "http://localhost:8082/*", "https://localhost:8082/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1713615347", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "cb2ee74f-fb36-4f21-82bb-4928966ea449", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "4720b673-8d8b-4709-b695-88d6c17e8edf", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8c99b1f8-439f-4c01-ac62-bf4b852a3585", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/baeldung/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/baeldung/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "4a39a186-0bc6-46c8-9605-940ab6af0ec4", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "98fd7e67-c4fc-4e6a-bb9c-6e27d99bbbb2", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1cdb5d11-fcc5-48ee-9acc-b8d980b607a5", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "f3258684-171e-47f9-a9d0-96434e91ee6a", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "20843100-3f9b-4c50-8dc6-86e6d64fbc3d", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "fabf3bec-72b8-4035-84a7-f368417446ef", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "3a0949bd-8a64-44b3-8f21-0b8c41cf44d8", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "38838b81-804d-47d1-9aad-92d5107b1653", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "4bc0f7a9-7009-48f4-aeee-198c705d4e90", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "ed2fc2c9-d27e-4d2c-b877-4bc817fd54bf", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "c1278964-7ee9-4619-a8a4-461ef8fce69b", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "bf7b6bfb-0c2a-4826-8ee2-52cc409534f2", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "85bdea58-50c5-4d63-952d-ab0e1e861244", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "c945557c-e480-4f09-b9fa-62c05a26cb05", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "184fc94a-c750-4bc0-be3f-0501365bc1fd", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "40162254-ac26-4b36-a5d5-538d33612c80", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "a85df9ca-5a7f-4035-96a1-bd55dcdbe5be", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8d02d6e1-89b1-4777-8ce6-5bc6a1fb9f30", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "bf65a00b-5112-4bd4-b540-de0fa4912c65", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "5eddbe1e-e274-4543-8606-a8fd3d5f793b", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "54300fc6-0c26-42e0-89bb-844955488008", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "89ccaf97-a0a8-4221-9174-17a7e475ebc7", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "58e90cb8-25c5-4e81-a5ed-a9de481fab17", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2d434173-8b6e-4959-ad8f-c7185bc9b433", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "84dad65d-8413-44c0-95f4-f3d64035e7b6", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "89ac6a7f-9435-41ed-83eb-34a366429a6f", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "51307312-9b48-4ae9-ad92-7cbc0ff4c6c3", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "6f6d1690-df96-4774-ae4a-2d349461f02a", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "3bec9041-170c-4c6d-a35e-be7a51442aef", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "52e647ff-3bb4-47ee-b67d-0cd24bb66c5b", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "027afd1d-3d34-49df-bf43-00adddfec15a", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "159dc3dc-a659-4cb8-9271-809834a42d8e", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "5dbfb5d7-c181-4e47-85e8-13ad0610c43b", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + }, { + "id" : "46c52714-3bb6-4db9-a360-0839703c1f8e", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0b274bf6-89f0-4d3c-a635-eb3943d062ee", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + }, { + "id" : "e70cd96f-6d15-4c46-978a-359f1832b7c2", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "6a19a6ab-4035-4c43-b9e5-253339bb491b", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "4d1dfa4a-c1cc-45ad-ade5-7ac2fabfc5d3", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : true, + "eventsExpiration" : 900, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "OAUTH2_EXTENSION_GRANT", "USER_DISABLED_BY_PERMANENT_LOCKOUT", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "USER_DISABLED_BY_TEMPORARY_LOCKOUT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "OAUTH2_EXTENSION_GRANT_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ], + "adminEventsEnabled" : true, + "adminEventsDetailsEnabled" : true, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "c07dff7f-77fc-4381-a458-9c56515c5c98", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "d9662eb8-e8bb-4ae5-a625-c8c616d8967a", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "03f2b651-fdea-4a7a-88e8-f169f5a7f892", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "0c7278cb-1e59-407e-9187-fa147ce96f82", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "a3c48cf1-67be-41fb-a852-6efe25560fcf", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "b0f72ad6-c65d-4132-912f-6e5ba9c48466", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "717bea7a-bc0a-4d2a-9ea2-cbe670f1833e", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "b1fa36d7-8ef0-4501-a495-215b90bd0699", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "04a18d35-45bd-458d-9bc8-939db56e337d", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "3eaa2cde-31c2-409e-9e0e-b8f9ecf76704" ], + "secret" : [ "7BdqNadvG1OQs7Z4qJfvaQ" ], + "priority" : [ "100" ] + } + }, { + "id" : "ce00dbf1-1d6d-44da-84c0-1ed88d712801", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABAoIBAAxcY/swNQB1AfNNsotn6KPQ3ZQffSRA6SSnbJD/Ih08EvGBcXEijKDArQXsRnOmQ6YsFiMYclcWLdVY/xdjyUctYiAz+Fbeww1JGmuqU+ziFdgIVJdVfDzWxvd815VtzQZqpOAUC3x08Ap8yYQQOWxgkewgocI4LZelhseDMjx/TIScOmuUWmFRwQ7HUP93OKV1oWC4lMAC4LTnqCqlnsk2L563+Q7T2jXUpznlJ6UoTSpu1Msllh+AxqkvZXvAwbFeYoDksWVUaY+gHAQkihgWMGIEmiBun9TsP4NUkpQuWXq1OHE6KBldaJPP3OProN2Z/gDgXDmKVVEf718m+YkCgYEA5KoroazEAIAjZ1L+t39DYNhv87eDnz/y2lRboD3InMFtE36rBPBIOTGiK3GKaIXh6b8VPOXXA5By2SnERIMfzdusmdknTREbC9Ca/ix5RyE/MqflGjqhcsEu1vWe/L7LYNrmTeOryR8E3rLSsrfmIFRKC+9ufsWlahttzW3D5ksCgYEAu0SLIqTmLfcwmIEngU044o5OZw7QtHaDJmNEv5n4cKXJHmCa3mK+IIIb7f3YIw4nyRQVKjbppAM1bLKT5RpqvHCxVIwjGbvhJ7l7QlBXmcx6x9n18ZPFdA8exUwm56sgixlrfUIHUMH1TFbGSFqIm5bAJwjFwqz3gXzSVU0rTF0CgYAjrCiCYGFzcooTZG84UTJBuYI9kzOFdIR+awqgRQM28TYDBI/JhXK++W9DN8NP6xMDVDwL9A9HDxHbrxhfV9VuWAblOWtYKoL9pN2JKYcCAb3KOUcUgHEPZfPYtRjIdTtlMMEdBZeXGK+5zkvwdaABCyVCF2g1fr//fafzlFwrYQKBgHtJcvhJ66hTVtDwJpv/xPWSjpdWr5w/cbRyIi6qJV+0JaY0H4FNLLKmNdEHD6Z0iUjeSdjS8hqiaie3oZpxO9f3sSdiYzFr+Z13hWhxEFsWvbaZDkwO5y2zTqTBr9NRXEl3YMbEE6DdMKsjbcLwp4MXSkXohpnV2dSL4sV52omZAoGAFY1w9JGkTwJ0rG/R+Yx3qcRhoHY7YA2PMSYIyB9E5d923L6bi1GRSwhNLO+lW0eWA8ekHiQLnqDmNJl708oJBGUwo/Zr7U9jowsqQIaSE8VgU6dfdhbScMI5vpmSrlQRyV0UveLvCsEAx/Rvl4y+dQneaEoNqEKSd7Hml2tjx7g=" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnzCCAYcCBgGO+25VozANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTVaFw0zNDA0MjAxMjE0NTVaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0WHWge6QpqVZfKr2kg1esRlHsSZfcGX8uu2pyB2NsXPjuaE0HqEN+OMsQsRR/rjbQkpPYG9sGur0nqNXhV/ErHIlMCmV2Hx8RoLWkVvpqrhnKH+0cBwm8dS83ZN0u5Q4xF1i6a/6FdZx0W45UrE/MZzlqB58I/EyaqZ4H6Id8MXp7W2Fuzw+Q2cKc1MxKx6MzhLJZShIXt8PTjueX5rRfYerdPbixq0E1vWA9Xcatt2mn/xIMo8illBk7fSPvzYv7YKsLtg1Cn43fU/mi63oBckb55D1uYzs2SgnzvRUX8eR6ndq/7CvZaGO3e3WN6FbowpE+wAbMZoXjlKRiHtPwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB091NLrtrT+JSmLfyv+LvFIPIaOu07kWHbueqjKbOinQ2ouBfMnOA9Ojm/17w8CIt/h6VIBzoi3H9Huq15dnGoiIcQIzvAiq8XSewnVfnyvFeq830LVAiTEEDRQLqKVT1PiRZEj64XGyRM3lX0Xp+CXG8z3Qc4OVFrHdb/nUIbfDAmxsWRymTm5p2E5GTJPlr/gON/AHPAHIzmgk5HD9PqBPpMQRHN9/y8vkeIPh9gEj8oUYsM6MPEKrbQIDBqnr8UaxPaMtJF+cjg36VB0SJ9c1w0DBWeND/UNFq47aNWMSND5O9qX0eJxVTqxFAFia0V2WUZk17Pd6pzLKkZQb94" ], + "priority" : [ "100" ] + } + }, { + "id" : "fa8ee6a3-d95e-4ec9-856a-0962208b6bcc", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABAoIBADhe57ovZdzP+TT+Y9P12Hy3nkDRPYV1OjdeM5NhqIzQLqLk0UMTATnLhC+dMHQA+4fdQqqyMgIYCGJXS1J7s8Rqg4JC3aJjYm+lrPLz5iwmf9u4hmzhSaCqv1GJRnUbGBfdbguiSfHUSaSmDtQyIMThK+8lwc8A05EgUIxbNvgYnEOEdavlyCq4HdMiDPSjpdHSdC8NpaQkAVULB3QXofm5SQm4ioED/trVjHyjl80i9ysDKSPPzqpye4lFCqmclni1U78V2w4E/uVOG8+MczZkS4otPG99QoELGuqLaVmq9rAx624owUAY3r7ecCL2lSHyjzJwBkrBFLenlSI4A6sCgYEA7tPcbOYPt2a7ih1nase6aC5rwTk62lpe9cuNpVCRmKKlX9glLLcFjNz+75LSyj4TXvg52vcZv3JmsULUeE30rPVr9hgIeuEnsPCc4HLJ40aVaEyhVVwg5ofy3++/8Ys0PR2blZ674/jFgxbB537t81QxQd5WtD9Zh+w7Tiiw40sCgYEAvlf4qvjKW6kaOpmIe4S7wWY9/FhbgHq3sKLltfzOGY0GTWGFZtJ7uzgDvOkEVAIyopEDKfkBL3Sok5ic8MpQOARCa1HXjm8+dtQ1SkNxDsGC//DpouHefkvwUNeKYPV2n4CckirUMmvSqWz4oWAA5u0C2eg0pwvlavMpRKN1mVMCgYB7Klt09biJNrvk4IEi+lnRvI7pmSAW16A9Vnp4FPLhKo/qu8eAJesA2D/JQYjfr9/BjHYZzHFE4DTBmduFJ37Va8P/qClHZbJYd94PimM/iHkozsws/1QgT2AbyMLOSKHqGsjQAoqXaQZDMotRXY5NfM/iTk2cq0b66AM1rZp7vQKBgQCpBc1XZV2sT1lvN+8uYAuqDXR1pLB8QnzjaYO6Oyd5IPW7uSGQ0M/2zCLlmbWyM9Fq8oJwvyECVwFrL1YNrFnXpFCmpCJZ5Qb+1ioMLB81DzmYtQGDFjdQx3Y7E2tZ9h7EPJzMXyPXMk/7Cz0tb+bdKRIjFkPLIpEyi4LV5KEE6QKBgF7Hs1jnR+/3wVK2NG+Ek5bOwOn7wNtwpfhHpj+Auwk7B9mzoor01L6UTw+LDMtQoohfqOJhM1xZcn2MJdhZhkWvSpavEyuY886A8RVtL44rh/kCHy/M4d9AQoiSz5mIYOdiiskbepG+jaIoweUvWxLmcWLWgV3H8syyqJR/vf30" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnzCCAYcCBgGO+25WEDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhiYWVsZHVuZzAeFw0yNDA0MjAxMjEzMTZaFw0zNDA0MjAxMjE0NTZaMBMxETAPBgNVBAMMCGJhZWxkdW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZNPlXoVvt4RsbkFu3giJB3W3qDxEGsAIvOQqLFKP4o1oFJY4L4K5ljUbGABMiq0fQEVTj1mAZAwqJ/J+mnv5OhkUfTDpAt0LactZRPqz7RyfRwmSTL3r/kCtFZn5WQZA//Z6q3zdm7ARxH3Dq9+cMARIe1k7dblWlX+8A5Qk8Ka9Ie6SfwqlTsv4EMTmIhUjj/UyEAWLhSLrk/gA3PQyw/OUEWJTM946AWmPcMtWJRFDbMsj00G1sgrmRuIa0zmXpLj+Zr1Kby9GBU/x60EKtONtXiX8IvIKFm8mKI40q8va6jI71wqUB7OtDZ1a+iF1h8TJ+X5Q2ARPo0li3iEUQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCT9Jua67qgsClibdgvEfX3BKLl+JXVbFjyYKfBhP85DIk/tzfeYi1UZilWGPWlnprhp5GnwZXPeqVsLCNM+ypdYN8RGBs6K48wVQoetf92GPh9eCQMq2FSAVKShsgkolKifyuZo8oQu6Na92V5EsjUV7hEB4G3jXOisrO/MjN+Ja9eRXru1L2n7bOrKtYRlYeNI8CZvc63jRPkq1fRutcmpqMRPDjMYuM9wUvkZwewqo8WSf51DDKBah5W83XLbTp5jX0bH1NZc3BNHnNerR3iMGPSa6rcKPsC3lL1mZluNVhQExyli1S1f7QmUc1BYxr3zi2uVCKkci5gRenDywws" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "0866f9d1-3c22-432c-95d4-65378e739b89", + "name" : "hmac-generated-hs512", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "749eb77a-a3d7-45b2-bc40-3bf80faf2fc7" ], + "secret" : [ "YmaVXh3blZqVaqpgeLyGI5JUzV8Vc41XFb7RcUaChNmAN-f61pqz7nE6edgQj_NS-TVVsvlq9qouKcd-5_oGugmvCXZ-Dp5gzcKe4EA-voOEV4pvJ7VXRWuH6QBDCaXyDiknEVtIx20ycjC4F8Ch10_n8so87mwMuVA6zD8Y-oM" ], + "priority" : [ "100" ], + "algorithm" : [ "HS512" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "92fc572a-6443-4d62-989d-dc6147aed6a6", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "17dce980-92a5-4dab-84b6-29f0ffe91e2f", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9fdb023c-7959-4e7c-b745-d0bcfc6e1f87", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "336dbe24-c5ec-44c0-bf56-1b811b451fdf", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "3a87da1e-2fdf-4d15-8c93-8e8d69fc2774", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "77bd3109-c34e-4165-b9f7-cb6d19aa7fe3", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "ee4b2165-c1be-43ca-96c8-b2302d78b38a", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "0116eec2-8a17-4de9-b75f-caa26e52bdf0", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "de8794bd-3ad0-42e9-861f-85fcb6cb1db6", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "9f6aa9f1-134b-4efe-84c4-ba9b7f4e8368", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "692ddf3c-2813-46ef-b364-fcba9d70f5a4", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "257e18b2-be1c-4ab2-8dd7-68a83817ca8a", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "fe879ee4-eec5-4034-9b78-82636f614123", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "2e6f09af-a3f6-415a-8d38-dfc1708e82ff", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "cac2a81c-7933-4e1c-a91b-1a5e4d8ba873", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "76b893b1-6b16-4e7c-a945-b86b63c983fb", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-terms-and-conditions", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 70, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "8c1ba21b-218d-406d-a936-c935f41e7bef", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6df47204-9532-4b3e-821f-9a5255b9c305", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "793b40f2-0912-40f4-b570-a75015fb9eb0", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "3ff115f7-7108-4b17-8868-1d390ec3a480", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "VERIFY_PROFILE", + "name" : "Verify Profile", + "providerId" : "VERIFY_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 90, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "firstBrokerLoginFlow" : "first broker login", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DevicePollingInterval" : "5", + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "adminEventsExpiration" : "900" + }, + "keycloakVersion" : "24.0.0", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json new file mode 100644 index 0000000000..20a78548df --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/keycloak/import/baeldung-users-0.json @@ -0,0 +1,50 @@ +{ + "realm" : "baeldung", + "users" : [ { + "id" : "bb83bd5b-b895-49aa-b62e-fde8ff8d5e64", + "username" : "authorized", + "firstName" : "authorized", + "lastName" : "user", + "email" : "authorized@baeldung.gg", + "emailVerified" : true, + "createdTimestamp" : 1713615702990, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "23d3b6ce-fa3c-4f6e-9b09-e7b3cefa00f6", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713615715678, + "secretData" : "{\"value\":\"lCZEOiVbCynSkCWiWe67/5/PybB+Om5mhi6SynpGFPB+r2b+QEKNYsB7ibO2f1ur9UB2aMO7jfoBYQdTJMcHbQ==\",\"salt\":\"hrIbqMOt0L7PPEYh/PsLNQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "AUTHORIZED_PERSONNEL", "default-roles-baeldung" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "d205d854-547c-43cf-a02d-fd6c385b128b", + "username" : "forbidden", + "firstName" : "forbidden", + "lastName" : "user", + "email" : "forbidden@baeldung.gg", + "emailVerified" : true, + "createdTimestamp" : 1713615781285, + "enabled" : true, + "totp" : false, + "credentials" : [ { + "id" : "2fa8244c-fba9-43d9-ab4d-80804ca26f6f", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1713615795357, + "secretData" : "{\"value\":\"sOUpOdi8yf31YbMEub+tAF7N55QHjrPjg48mO3/C1zGaAxLUYdLodf4upuy6w7eBuRrFaVa1m4mRe6wkWtmLIw==\",\"salt\":\"OMbZn6ojNyZdp6/k/72B/A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-baeldung" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/pom.xml b/spring-security-modules/spring-security-oauth2-testing/pom.xml index 1f1c441cf5..b2c59d5a98 100644 --- a/spring-security-modules/spring-security-oauth2-testing/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/pom.xml @@ -1,38 +1,38 @@ - 4.0.0 - spring-security-oauth2-testing - spring-security-oauth2-testing - pom - spring-security 6 oauth testing sample project + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 + spring-security-oauth2-testing + spring-security-oauth2-testing + pom + spring-security 6 oauth testing sample project - - com.baeldung - parent-boot-3 - 0.0.1-SNAPSHOT - ../../parent-boot-3 - + + com.baeldung + parent-boot-3 + 0.0.1-SNAPSHOT + ../../parent-boot-3 + - - - - com.c4-soft.springaddons - spring-addons-oauth2-test - ${spring-addons.version} - - - + + + + com.c4-soft.springaddons + spring-addons-oauth2-test + ${spring-addons.version} + + + - - reactive-resource-server - servlet-resource-server - + + reactive-resource-server + servlet-resource-server + - - 7.1.10 - 17 - + + 7.6.12 + 17 + \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml index c4badf9caa..f22ebd1bd7 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/pom.xml @@ -12,6 +12,7 @@ com.baeldung spring-security-oauth2-testing 0.0.1-SNAPSHOT + .. diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java index 5dd9268092..185cdb9f15 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/java/com/baeldung/ReactiveResourceServerApplication.java @@ -1,7 +1,5 @@ package com.baeldung; -import static org.springframework.security.config.Customizer.withDefaults; - import java.nio.charset.Charset; import java.util.List; import java.util.Map; @@ -17,6 +15,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; @@ -52,22 +51,22 @@ public class ReactiveResourceServerApplication { @EnableReactiveMethodSecurity static class SecurityConfig { @Bean - SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { - http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); + SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, Converter> authenticationConverter) { + http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter))); http.securityContextRepository(NoOpServerSecurityContextRepository.getInstance()); http.csrf(CsrfSpec::disable); - http.exceptionHandling(eh -> eh - .accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal().flatMap(principal -> { - final var response = exchange.getResponse(); - response.setStatusCode( - principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED - : HttpStatus.FORBIDDEN); - response.getHeaders().setContentType(MediaType.TEXT_PLAIN); - final var dataBufferFactory = response.bufferFactory(); - final var buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset())); - return response.writeWith(Mono.just(buffer)) - .doOnError(error -> DataBufferUtils.release(buffer)); - }))); + http.exceptionHandling(eh -> eh.accessDeniedHandler((var exchange, var ex) -> exchange.getPrincipal() + .flatMap(principal -> { + final var response = exchange.getResponse(); + response.setStatusCode(principal instanceof AnonymousAuthenticationToken ? HttpStatus.UNAUTHORIZED : HttpStatus.FORBIDDEN); + response.getHeaders() + .setContentType(MediaType.TEXT_PLAIN); + final var dataBufferFactory = response.bufferFactory(); + final var buffer = dataBufferFactory.wrap(ex.getMessage() + .getBytes(Charset.defaultCharset())); + return response.writeWith(Mono.just(buffer)) + .doOnError(error -> DataBufferUtils.release(buffer)); + }))); // @formatter:off http.authorizeExchange(req -> req @@ -84,17 +83,18 @@ public class ReactiveResourceServerApplication { @Bean ReactiveJwtAuthoritiesConverter realmRoles2AuthoritiesConverter() { return (Jwt jwt) -> { - final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of()); + final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")) + .orElse(Map.of()); @SuppressWarnings("unchecked") final var roles = (List) realmRoles.getOrDefault("roles", List.of()); - return Flux.fromStream(roles.stream()).map(SimpleGrantedAuthority::new) - .map(GrantedAuthority.class::cast); + return Flux.fromStream(roles.stream()) + .map(SimpleGrantedAuthority::new) + .map(GrantedAuthority.class::cast); }; } @Bean - ReactiveJwtAuthenticationConverter authenticationConverter( - Converter> authoritiesConverter) { + ReactiveJwtAuthenticationConverter authenticationConverter(Converter> authoritiesConverter) { final var authenticationConverter = new ReactiveJwtAuthenticationConverter(); authenticationConverter.setPrincipalClaimName(StandardClaimNames.PREFERRED_USERNAME); authenticationConverter.setJwtGrantedAuthoritiesConverter(authoritiesConverter); @@ -106,10 +106,12 @@ public class ReactiveResourceServerApplication { public static class MessageService { public Mono greet() { - return ReactiveSecurityContextHolder.getContext().map(ctx -> { - final var who = (JwtAuthenticationToken) ctx.getAuthentication(); - return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); - }).switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty"))); + return ReactiveSecurityContextHolder.getContext() + .map(ctx -> { + final var who = (JwtAuthenticationToken) ctx.getAuthentication(); + return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); + }) + .switchIfEmpty(Mono.error(new AuthenticationCredentialsNotFoundException("Security context is empty"))); } @PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')") @@ -125,18 +127,21 @@ public class ReactiveResourceServerApplication { @GetMapping("/greet") public Mono> greet() { - return messageService.greet().map(ResponseEntity::ok); + return messageService.greet() + .map(ResponseEntity::ok); } @GetMapping("/secured-route") public Mono> securedRoute() { - return messageService.getSecret().map(ResponseEntity::ok); + return messageService.getSecret() + .map(ResponseEntity::ok); } @GetMapping("/secured-method") @PreAuthorize("hasRole('AUTHORIZED_PERSONNEL')") public Mono> securedMethod() { - return messageService.getSecret().map(ResponseEntity::ok); + return messageService.getSecret() + .map(ResponseEntity::ok); } } diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml deleted file mode 100644 index 01e655e1b3..0000000000 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yaml +++ /dev/null @@ -1,6 +0,0 @@ -spring: - security: - oauth2: - resourceserver: - jwt: - issuer-uri: https://localhost:8443/realms/master diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml new file mode 100644 index 0000000000..dcda50e07d --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/application.yml @@ -0,0 +1,11 @@ +server: + port: 8082 + +spring: + application: + name: reactive-resource-server + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost:8080/realms/baeldung diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt new file mode 100644 index 0000000000..cdecee35fb --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/main/resources/banner.txt @@ -0,0 +1,16 @@ +${AnsiColor.GREEN} _____ _ _ +${AnsiColor.GREEN} | __ \ | | (_) +${AnsiColor.GREEN} | |__) |___ __ _ ___| |_ ___ _____ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __ +${AnsiColor.GREEN} | _ // _ \/ _` |/ __| __| \ \ / / _ \ | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__| +${AnsiColor.GREEN} | | \ \ __/ (_| | (__| |_| |\ V / __/ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ | +${AnsiColor.GREEN} |_| \_\___|\__,_|\___|\__|_| \_/ \___| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_| +${AnsiColor.GREEN} +${AnsiColor.GREEN} +${AnsiColor.BLUE} __ __ __ ______ __ __ ______ +${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___ +${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \ +${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / / +${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/ +${AnsiColor.BLUE} /_/ \____/ +${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version} +${AnsiColor.BLACK} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java index c7a0659cf1..3c1185b826 100644 --- a/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/reactive-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java @@ -3,8 +3,6 @@ package com.baeldung; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockAuthentication; -import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockJwt; import java.util.List; @@ -16,6 +14,7 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers; import org.springframework.test.web.reactive.server.WebTestClient; import com.baeldung.ReactiveResourceServerApplication.GreetingController; @@ -40,7 +39,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/greet") .exchange() @@ -53,7 +52,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(Mono.just(greeting)); - api.mutateWith(mockJwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy"))) .get() .uri("/greet") @@ -73,7 +73,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-route") .exchange() @@ -86,7 +86,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .get() .uri("/secured-route") .exchange() @@ -98,7 +99,8 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() { - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-route") .exchange() @@ -113,7 +115,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() { - api.mutateWith(mockAuthentication(ANONYMOUS_AUTHENTICATION)) + api.mutateWith(SecurityMockServerConfigurers.mockAuthentication(ANONYMOUS_AUTHENTICATION)) .get() .uri("/secured-method") .exchange() @@ -126,7 +128,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(Mono.just(secret)); - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .get() .uri("/secured-method") .exchange() @@ -138,7 +141,8 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() { - api.mutateWith(mockJwt().authorities(new SimpleGrantedAuthority("admin"))) + api.mutateWith(SecurityMockServerConfigurers.mockJwt() + .authorities(new SimpleGrantedAuthority("admin"))) .get() .uri("/secured-method") .exchange() diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml index 25bd8a396c..ddd6c1d313 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/pom.xml @@ -12,6 +12,7 @@ com.baeldung spring-security-oauth2-testing 0.0.1-SNAPSHOT + .. diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java index 7887089458..a0928e9149 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/java/com/baeldung/ServletResourceServerApplication.java @@ -1,7 +1,5 @@ package com.baeldung; -import static org.springframework.security.config.Customizer.withDefaults; - import java.util.Collection; import java.util.List; import java.util.Map; @@ -16,6 +14,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -48,8 +47,8 @@ public class ServletResourceServerApplication { @EnableWebSecurity static class SecurityConf { @Bean - SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults())); + SecurityFilterChain filterChain(HttpSecurity http, Converter authenticationConverter) throws Exception { + http.oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwtResourceServer -> jwtResourceServer.jwtAuthenticationConverter(authenticationConverter))); http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); http.csrf(AbstractHttpConfigurer::disable); http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> { @@ -57,11 +56,11 @@ public class ServletResourceServerApplication { response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase()); })); - // @formatter:off - http.authorizeHttpRequests(req -> req - .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL") - .anyRequest().authenticated()); - // @formatter:on + // @formatter:off + http.authorizeHttpRequests(req -> req + .requestMatchers(new AntPathRequestMatcher("/secured-route")).hasRole("AUTHORIZED_PERSONNEL") + .anyRequest().authenticated()); + // @formatter:on return http.build(); } @@ -72,10 +71,14 @@ public class ServletResourceServerApplication { @Bean JwtAuthoritiesConverter realmRoles2AuthoritiesConverter() { return (Jwt jwt) -> { - final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")).orElse(Map.of()); + final var realmRoles = Optional.of(jwt.getClaimAsMap("realm_access")) + .orElse(Map.of()); @SuppressWarnings("unchecked") final var roles = (List) realmRoles.getOrDefault("roles", List.of()); - return roles.stream().map(SimpleGrantedAuthority::new).map(GrantedAuthority.class::cast).toList(); + return roles.stream() + .map(SimpleGrantedAuthority::new) + .map(GrantedAuthority.class::cast) + .toList(); }; } @@ -92,7 +95,8 @@ public class ServletResourceServerApplication { public static class MessageService { public String greet() { - final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + final var who = (JwtAuthenticationToken) SecurityContextHolder.getContext() + .getAuthentication(); return "Hello %s! You are granted with %s.".formatted(who.getName(), who.getAuthorities()); } diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties deleted file mode 100644 index 998f6303aa..0000000000 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.properties +++ /dev/null @@ -1 +0,0 @@ -spring.security.oauth2.resourceserver.jwt.issuer-uri=https://localhost:8443/realms/master diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml new file mode 100644 index 0000000000..8335931381 --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/application.yml @@ -0,0 +1,11 @@ +server: + port: 8081 + +spring: + application: + name: servlet-resource-server + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost:8080/realms/baeldung diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt new file mode 100644 index 0000000000..23e0e9c9cd --- /dev/null +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/main/resources/banner.txt @@ -0,0 +1,16 @@ +${AnsiColor.GREEN} _____ _ _ +${AnsiColor.GREEN} / ____| | | | | +${AnsiColor.GREEN} | (___ ___ _ ____ _| | ___| |_ _ __ ___ ___ ___ _ _ _ __ ___ ___ ___ ___ _ ____ _____ _ __ +${AnsiColor.GREEN} \___ \ / _ \ '__\ \ / / |/ _ \ __| | '__/ _ \/ __|/ _ \| | | | '__/ __/ _ \ / __|/ _ \ '__\ \ / / _ \ '__| +${AnsiColor.GREEN} ____) | __/ | \ V /| | __/ |_ | | | __/\__ \ (_) | |_| | | | (_| __/ \__ \ __/ | \ V / __/ | +${AnsiColor.GREEN} |_____/ \___|_| \_/ |_|\___|\__| |_| \___||___/\___/ \__,_|_| \___\___| |___/\___|_| \_/ \___|_| +${AnsiColor.GREEN} +${AnsiColor.GREEN} +${AnsiColor.BLUE} __ __ __ ______ __ __ ______ +${AnsiColor.BLUE} _____/ /_ / // / ____ ___ ____ / ____ \_____/ // / _________ / __/ /_ _________ ____ ___ +${AnsiColor.BLUE} / ___/ __ \/ // /_/ __ `__ \/ __ \/ / __ `/ ___/ // /_______/ ___/ __ \/ /_/ __// ___/ __ \/ __ `__ \ +${AnsiColor.BLUE}/ /__/ / / /__ __/ / / / / / /_/ / / /_/ / /__/__ __/_____(__ ) /_/ / __/ /__/ /__/ /_/ / / / / / / +${AnsiColor.BLUE}\___/_/ /_/ /_/ /_/ /_/ /_/ .___/\ \__,_/\___/ /_/ /____/\____/_/ \__(_)___/\____/_/ /_/ /_/ +${AnsiColor.BLUE} /_/ \____/ +${AnsiColor.RED}Spring Boot ${spring-boot.formatted-version} +${AnsiColor.BLACK} \ No newline at end of file diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java index 2534d9919a..2a47a919dd 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringAddonsGreetingControllerUnitTest.java @@ -44,9 +44,7 @@ class SpringAddonsGreetingControllerUnitTest { } @ParameterizedTest - @AuthenticationSource({ - @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), - @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") }) + @AuthenticationSource({ @WithMockAuthentication(authorities = { "admin", "ROLE_AUTHORIZED_PERSONNEL" }, name = "ch4mpy"), @WithMockAuthentication(authorities = { "uncle", "PIRATE" }, name = "tonton-pirate") }) void givenUserIsAuthenticated_whenGetGreet_thenOk(@ParameterizedAuthentication Authentication auth) throws Exception { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(greeting); diff --git a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java index 0e710bcc9f..ce57342ef6 100644 --- a/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java +++ b/spring-security-modules/spring-security-oauth2-testing/servlet-resource-server/src/test/java/com/baeldung/SpringSecurityTestGreetingControllerUnitTest.java @@ -3,8 +3,6 @@ package com.baeldung; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.anonymous; -import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -17,6 +15,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors; import org.springframework.test.web.servlet.MockMvc; import com.baeldung.ServletResourceServerApplication.GreetingController; @@ -38,7 +37,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetGreet_thenUnauthorized() throws Exception { - api.perform(get("/greet").with(anonymous())) + api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -47,7 +46,8 @@ class SpringSecurityTestGreetingControllerUnitTest { final var greeting = "Whatever the service returns"; when(messageService.greet()).thenReturn(greeting); - api.perform(get("/greet").with(jwt().authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) + api.perform(get("/greet").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(List.of(new SimpleGrantedAuthority("admin"), new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL"))) .jwt(jwt -> jwt.claim(StandardClaimNames.PREFERRED_USERNAME, "ch4mpy")))) .andExpect(status().isOk()) .andExpect(content().string(greeting)); @@ -62,7 +62,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredRoute_thenUnauthorized() throws Exception { - api.perform(get("/secured-route").with(anonymous())) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -71,14 +71,16 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(secret); - api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) .andExpect(status().isOk()) .andExpect(content().string(secret)); } @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredRoute_thenForbidden() throws Exception { - api.perform(get("/secured-route").with(jwt().authorities(new SimpleGrantedAuthority("admin")))) + api.perform(get("/secured-route").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("admin")))) .andExpect(status().isForbidden()); } @@ -89,7 +91,7 @@ class SpringSecurityTestGreetingControllerUnitTest { @Test void givenRequestIsAnonymous_whenGetSecuredMethod_thenUnauthorized() throws Exception { - api.perform(get("/secured-method").with(anonymous())) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.anonymous())) .andExpect(status().isUnauthorized()); } @@ -98,14 +100,16 @@ class SpringSecurityTestGreetingControllerUnitTest { final var secret = "Secret!"; when(messageService.getSecret()).thenReturn(secret); - api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("ROLE_AUTHORIZED_PERSONNEL")))) .andExpect(status().isOk()) .andExpect(content().string(secret)); } @Test void givenUserIsNotGrantedWithRoleAuthorizedPersonnel_whenGetSecuredMethod_thenForbidden() throws Exception { - api.perform(get("/secured-method").with(jwt().authorities(new SimpleGrantedAuthority("admin")))) + api.perform(get("/secured-method").with(SecurityMockMvcRequestPostProcessors.jwt() + .authorities(new SimpleGrantedAuthority("admin")))) .andExpect(status().isForbidden()); }