JAVA-18113 Update spring-boot-swagger-keycloak module (#13506)
* JAVA-18113 Update spring-boot-swagger-keycloak module
This commit is contained in:
parent
5cac883023
commit
f5910afe6f
|
@ -1,75 +1,72 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<artifactId>spring-boot-swagger-keycloak</artifactId>
|
<artifactId>spring-boot-swagger-keycloak</artifactId>
|
||||||
<version>0.1.0-SNAPSHOT</version>
|
<version>0.1.0-SNAPSHOT</version>
|
||||||
<name>spring-boot-swagger-keycloak</name>
|
<name>spring-boot-swagger-keycloak</name>
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
<description>Module For Spring Boot Swagger UI with Keycloak</description>
|
<description>Module For Spring Boot Swagger UI with Keycloak</description>
|
||||||
|
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>com.baeldung.spring-boot-modules</groupId>
|
<groupId>com.baeldung</groupId>
|
||||||
<artifactId>spring-boot-modules</artifactId>
|
<artifactId>parent-boot-3</artifactId>
|
||||||
<version>1.0.0-SNAPSHOT</version>
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
</parent>
|
<relativePath>../../parent-boot-3</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak.bom</groupId>
|
<groupId>org.apache.logging.log4j</groupId>
|
||||||
<artifactId>keycloak-adapter-bom</artifactId>
|
<artifactId>log4j-bom</artifactId>
|
||||||
<version>${keycloak.version}</version>
|
<version>${log4j2.version}</version>
|
||||||
<type>pom</type>
|
<scope>import</scope>
|
||||||
<scope>import</scope>
|
<type>pom</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
</dependencies>
|
||||||
<groupId>org.apache.logging.log4j</groupId>
|
</dependencyManagement>
|
||||||
<artifactId>log4j-bom</artifactId>
|
|
||||||
<version>${log4j2.version}</version>
|
|
||||||
<scope>import</scope>
|
|
||||||
<type>pom</type>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
|
||||||
</dependencyManagement>
|
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-web</artifactId>
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.springfox</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>springfox-boot-starter</artifactId>
|
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||||
<version>${springfox.version}</version>
|
</dependency>
|
||||||
</dependency>
|
<!-- Authorization with MethodSecurity (@Secured) - optional -->
|
||||||
<!-- Authentication with with Keycloak -->
|
<dependency>
|
||||||
<dependency>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<groupId>org.keycloak</groupId>
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
<artifactId>keycloak-spring-boot-starter</artifactId>
|
</dependency>
|
||||||
</dependency>
|
<dependency>
|
||||||
<!-- Authorization with MethodSecurity (@Secured) - optional -->
|
<groupId>org.springdoc</groupId>
|
||||||
<dependency>
|
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<version>${springdoc.version}</version>
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
</dependency>
|
||||||
</dependency>
|
<dependency>
|
||||||
</dependencies>
|
<groupId>javax.annotation</groupId>
|
||||||
|
<artifactId>javax.annotation-api</artifactId>
|
||||||
|
<version>${javax.version}</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<spring-boot.version>2.4.5</spring-boot.version>
|
<springdoc.version>2.1.0</springdoc.version>
|
||||||
<springfox.version>3.0.0</springfox.version>
|
<log4j2.version>2.17.1</log4j2.version>
|
||||||
<keycloak.version>15.0.2</keycloak.version>
|
<javax.version>1.3.2</javax.version>
|
||||||
<log4j2.version>2.17.1</log4j2.version>
|
</properties>
|
||||||
</properties>
|
|
||||||
|
|
||||||
</project>
|
</project>
|
|
@ -1,59 +1,40 @@
|
||||||
package com.baeldung.swaggerkeycloak;
|
package com.baeldung.swaggerkeycloak;
|
||||||
|
|
||||||
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||||
|
|
||||||
@KeycloakConfiguration
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
public class GlobalSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
public class GlobalSecurityConfig {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||||
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
|
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
|
||||||
}
|
}
|
||||||
|
|
||||||
// otherwise, we'll get an error 'permitAll only works with HttpSecurity.authorizeRequests()'
|
@Bean
|
||||||
@Override
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
http.csrf()
|
||||||
super.configure(http);
|
.disable()
|
||||||
http
|
.authorizeRequests()
|
||||||
.csrf().disable()
|
.requestMatchers(HttpMethod.OPTIONS)
|
||||||
.authorizeRequests()
|
.permitAll()
|
||||||
// we can set up authorization here alternatively to @Secured methods
|
.requestMatchers("/api/**")
|
||||||
.antMatchers(HttpMethod.OPTIONS).permitAll()
|
.authenticated()
|
||||||
.antMatchers("/api/**").authenticated()
|
.anyRequest()
|
||||||
// force authentication for all requests (and use global method security)
|
.permitAll();
|
||||||
.anyRequest().permitAll();
|
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
}
|
||||||
* re-configure Spring Security to use
|
|
||||||
* registers the KeycloakAuthenticationProvider with the authentication manager
|
|
||||||
*/
|
|
||||||
@Autowired
|
|
||||||
void configureGlobal(AuthenticationManagerBuilder auth) {
|
|
||||||
KeycloakAuthenticationProvider provider = keycloakAuthenticationProvider();
|
|
||||||
provider.setGrantedAuthoritiesMapper(authoritiesMapper());
|
|
||||||
auth.authenticationProvider(provider);
|
|
||||||
}
|
|
||||||
|
|
||||||
GrantedAuthoritiesMapper authoritiesMapper() {
|
|
||||||
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
|
||||||
mapper.setPrefix("ROLE_"); // Spring Security adds a prefix to the authority/role names (we use the default here)
|
|
||||||
mapper.setConvertToUpperCase(true); // convert names to uppercase
|
|
||||||
mapper.setDefaultAuthority("ROLE_ANONYMOUS"); // set a default authority
|
|
||||||
return mapper;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
package com.baeldung.swaggerkeycloak;
|
|
||||||
|
|
||||||
import org.keycloak.adapters.KeycloakConfigResolver;
|
|
||||||
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class KeycloakConfigResolverConfig {
|
|
||||||
|
|
||||||
/*
|
|
||||||
* re-configure keycloak adapter for Spring Boot environment,
|
|
||||||
* i.e. to read config from application.yml
|
|
||||||
* (otherwise, we need a keycloak.json file)
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public KeycloakConfigResolver configResolver() {
|
|
||||||
return new KeycloakSpringBootConfigResolver();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,22 +1,17 @@
|
||||||
package com.baeldung.swaggerkeycloak;
|
package com.baeldung.swaggerkeycloak;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.http.HttpMethod;
|
|
||||||
import springfox.documentation.builders.OAuth2SchemeBuilder;
|
|
||||||
import springfox.documentation.service.AuthorizationScope;
|
|
||||||
import springfox.documentation.service.SecurityReference;
|
|
||||||
import springfox.documentation.service.SecurityScheme;
|
|
||||||
import springfox.documentation.spi.service.contexts.SecurityContext;
|
|
||||||
import springfox.documentation.spring.web.plugins.Docket;
|
|
||||||
import springfox.documentation.swagger.web.SecurityConfiguration;
|
|
||||||
import springfox.documentation.swagger.web.SecurityConfigurationBuilder;
|
|
||||||
|
|
||||||
import java.util.Arrays;
|
import io.swagger.v3.oas.models.Components;
|
||||||
import java.util.Collections;
|
import io.swagger.v3.oas.models.OpenAPI;
|
||||||
import java.util.List;
|
import io.swagger.v3.oas.models.info.Info;
|
||||||
|
import io.swagger.v3.oas.models.security.OAuthFlow;
|
||||||
|
import io.swagger.v3.oas.models.security.OAuthFlows;
|
||||||
|
import io.swagger.v3.oas.models.security.Scopes;
|
||||||
|
import io.swagger.v3.oas.models.security.SecurityRequirement;
|
||||||
|
import io.swagger.v3.oas.models.security.SecurityScheme;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class OpenAPISecurityConfig {
|
public class OpenAPISecurityConfig {
|
||||||
|
@ -25,59 +20,35 @@ public class OpenAPISecurityConfig {
|
||||||
String authServerUrl;
|
String authServerUrl;
|
||||||
@Value("${keycloak.realm}")
|
@Value("${keycloak.realm}")
|
||||||
String realm;
|
String realm;
|
||||||
@Value("${keycloak.resource}")
|
|
||||||
private String clientId;
|
|
||||||
@Value("${keycloak.credentials.secret}")
|
|
||||||
private String clientSecret;
|
|
||||||
|
|
||||||
@Autowired
|
private static final String OAUTH_SCHEME_NAME = "my_oAuth_security_schema";
|
||||||
void addSecurity(Docket docket) {
|
|
||||||
docket
|
|
||||||
.securitySchemes(Collections.singletonList(authenticationScheme()))
|
|
||||||
.securityContexts(Collections.singletonList(securityContext()));
|
|
||||||
}
|
|
||||||
|
|
||||||
private SecurityScheme authenticationScheme() {
|
|
||||||
return new OAuth2SchemeBuilder("implicit")
|
|
||||||
.name("my_oAuth_security_schema")
|
|
||||||
.authorizationUrl(authServerUrl + "/realms/" + realm)
|
|
||||||
.scopes(authorizationScopes())
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
private List<AuthorizationScope> authorizationScopes() {
|
|
||||||
return Arrays.asList(
|
|
||||||
new AuthorizationScope("read_access", "read data"),
|
|
||||||
new AuthorizationScope("write_access", "modify data")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
private SecurityContext securityContext() {
|
|
||||||
return SecurityContext.
|
|
||||||
builder().
|
|
||||||
securityReferences(readAccessAuth())
|
|
||||||
.operationSelector(operationContext -> HttpMethod.GET.equals(operationContext.httpMethod()))
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
private List<SecurityReference> readAccessAuth() {
|
|
||||||
AuthorizationScope[] authorizationScopes = new AuthorizationScope[] { authorizationScopes().get(0) };
|
|
||||||
return Collections.singletonList(
|
|
||||||
new SecurityReference("my_oAuth_security_schema", authorizationScopes)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SecurityConfiguration security() {
|
public OpenAPI openAPI() {
|
||||||
return SecurityConfigurationBuilder.builder()
|
return new OpenAPI().components(new Components()
|
||||||
.clientId(clientId)
|
.addSecuritySchemes(OAUTH_SCHEME_NAME, createOAuthScheme()))
|
||||||
.clientSecret(clientSecret)
|
.addSecurityItem(new SecurityRequirement().addList(OAUTH_SCHEME_NAME))
|
||||||
.realm(realm)
|
.info(new Info().title("Todos Management Service")
|
||||||
.appName(clientId)
|
.description("A service providing todos.")
|
||||||
.scopeSeparator(",")
|
.version("1.0"));
|
||||||
.additionalQueryStringParams(null)
|
}
|
||||||
.useBasicAuthenticationWithAccessCodeGrant(false)
|
|
||||||
.build();
|
private SecurityScheme createOAuthScheme() {
|
||||||
|
OAuthFlows flows = createOAuthFlows();
|
||||||
|
return new SecurityScheme().type(SecurityScheme.Type.OAUTH2)
|
||||||
|
.flows(flows);
|
||||||
|
}
|
||||||
|
|
||||||
|
private OAuthFlows createOAuthFlows() {
|
||||||
|
OAuthFlow flow = createAuthorizationCodeFlow();
|
||||||
|
return new OAuthFlows().implicit(flow);
|
||||||
|
}
|
||||||
|
|
||||||
|
private OAuthFlow createAuthorizationCodeFlow() {
|
||||||
|
return new OAuthFlow()
|
||||||
|
.authorizationUrl(authServerUrl + "/realms/" + realm + "/protocol/openid-connect/auth")
|
||||||
|
.scopes(new Scopes().addString("read_access", "read data")
|
||||||
|
.addString("write_access", "modify data"));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
package com.baeldung.swaggerkeycloak;
|
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import springfox.documentation.builders.ApiInfoBuilder;
|
|
||||||
import springfox.documentation.builders.PathSelectors;
|
|
||||||
import springfox.documentation.oas.annotations.EnableOpenApi;
|
|
||||||
import springfox.documentation.service.ApiInfo;
|
|
||||||
import springfox.documentation.spi.DocumentationType;
|
|
||||||
import springfox.documentation.spring.web.plugins.Docket;
|
|
||||||
|
|
||||||
import static springfox.documentation.builders.RequestHandlerSelectors.basePackage;
|
|
||||||
|
|
||||||
@EnableOpenApi
|
|
||||||
@Configuration
|
|
||||||
class SwaggerUIConfig {
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
Docket api() {
|
|
||||||
return new Docket(DocumentationType.OAS_30)
|
|
||||||
.useDefaultResponseMessages(false)
|
|
||||||
.select()
|
|
||||||
.apis(basePackage(TodosApplication.class.getPackage().getName()))
|
|
||||||
.paths(PathSelectors.any())
|
|
||||||
.build()
|
|
||||||
.apiInfo(apiInfo());
|
|
||||||
}
|
|
||||||
|
|
||||||
private ApiInfo apiInfo() {
|
|
||||||
return new ApiInfoBuilder().title("Todos Management Service")
|
|
||||||
.description("A service providing todos.")
|
|
||||||
.version("1.0")
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,14 +1,15 @@
|
||||||
package com.baeldung.swaggerkeycloak;
|
package com.baeldung.swaggerkeycloak;
|
||||||
|
|
||||||
import io.swagger.annotations.ApiOperation;
|
|
||||||
import io.swagger.annotations.ApiResponse;
|
|
||||||
import io.swagger.annotations.ApiResponses;
|
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
|
import io.swagger.v3.oas.annotations.responses.ApiResponse;
|
||||||
|
import io.swagger.v3.oas.annotations.responses.ApiResponses;
|
||||||
|
|
||||||
import javax.annotation.PostConstruct;
|
import javax.annotation.PostConstruct;
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
@ -28,13 +29,10 @@ public class TodosController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
|
@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
|
||||||
@ApiOperation("Read all todos")
|
@Operation(description = "Read all todos")
|
||||||
@ApiResponses({
|
@ApiResponses({ @ApiResponse(responseCode = "200", description = "The todos were found and returned.") })
|
||||||
@ApiResponse(code = 200, message = "The todos were found and returned.")
|
|
||||||
})
|
|
||||||
@PreAuthorize("hasAuthority('SCOPE_read_access')")
|
@PreAuthorize("hasAuthority('SCOPE_read_access')")
|
||||||
public Collection<Todo> readAll() {
|
public Collection<Todo> readAll() {
|
||||||
return todos.values();
|
return todos.values();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 665 B |
Binary file not shown.
Before Width: | Height: | Size: 628 B |
|
@ -1,75 +0,0 @@
|
||||||
<!doctype html>
|
|
||||||
<html lang="en-US">
|
|
||||||
<head>
|
|
||||||
<title>Swagger UI: OAuth2 Redirect</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<script>
|
|
||||||
'use strict';
|
|
||||||
function run () {
|
|
||||||
var oauth2 = window.opener.swaggerUIRedirectOauth2;
|
|
||||||
var sentState = oauth2.state;
|
|
||||||
var redirectUrl = oauth2.redirectUrl;
|
|
||||||
var isValid, qp, arr;
|
|
||||||
|
|
||||||
if (/code|token|error/.test(window.location.hash)) {
|
|
||||||
qp = window.location.hash.substring(1);
|
|
||||||
} else {
|
|
||||||
qp = location.search.substring(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
arr = qp.split("&");
|
|
||||||
arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
|
|
||||||
qp = qp ? JSON.parse('{' + arr.join() + '}',
|
|
||||||
function (key, value) {
|
|
||||||
return key === "" ? value : decodeURIComponent(value);
|
|
||||||
}
|
|
||||||
) : {};
|
|
||||||
|
|
||||||
isValid = qp.state === sentState;
|
|
||||||
|
|
||||||
if ((
|
|
||||||
oauth2.auth.schema.get("flow") === "accessCode" ||
|
|
||||||
oauth2.auth.schema.get("flow") === "authorizationCode" ||
|
|
||||||
oauth2.auth.schema.get("flow") === "authorization_code"
|
|
||||||
) && !oauth2.auth.code) {
|
|
||||||
if (!isValid) {
|
|
||||||
oauth2.errCb({
|
|
||||||
authId: oauth2.auth.name,
|
|
||||||
source: "auth",
|
|
||||||
level: "warning",
|
|
||||||
message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
if (qp.code) {
|
|
||||||
delete oauth2.state;
|
|
||||||
oauth2.auth.code = qp.code;
|
|
||||||
oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
|
|
||||||
} else {
|
|
||||||
let oauthErrorMsg;
|
|
||||||
if (qp.error) {
|
|
||||||
oauthErrorMsg = "["+qp.error+"]: " +
|
|
||||||
(qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
|
|
||||||
(qp.error_uri ? "More info: "+qp.error_uri : "");
|
|
||||||
}
|
|
||||||
|
|
||||||
oauth2.errCb({
|
|
||||||
authId: oauth2.auth.name,
|
|
||||||
source: "auth",
|
|
||||||
level: "error",
|
|
||||||
message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
|
|
||||||
});
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
|
|
||||||
}
|
|
||||||
window.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
window.addEventListener('DOMContentLoaded', function () {
|
|
||||||
run();
|
|
||||||
});
|
|
||||||
</script>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
File diff suppressed because one or more lines are too long
|
@ -1,8 +1,19 @@
|
||||||
|
server:
|
||||||
|
port: 8081
|
||||||
|
|
||||||
keycloak:
|
keycloak:
|
||||||
auth-server-url: https://api.example.com/auth # Keycloak server url
|
auth-server-url: http://localhost:8080 # Keycloak server url
|
||||||
realm: todos-service-realm # Keycloak Realm
|
realm: SpringBootKeycloak # Keycloak Realm
|
||||||
resource: todos-service-clients # Keycloak Client
|
|
||||||
principal-attribute: preferred_username
|
spring:
|
||||||
ssl-required: external
|
security:
|
||||||
credentials:
|
oauth2:
|
||||||
secret: 00000000-0000-0000-0000-000000000000
|
resourceserver:
|
||||||
|
jwt.issuer-uri: http://localhost:8080/realms/SpringBootKeycloak
|
||||||
|
|
||||||
|
springdoc:
|
||||||
|
swagger-ui:
|
||||||
|
oauth:
|
||||||
|
client-id: login-app
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue