├── .gitignore ├── README.md ├── pom.xml └── src └── main ├── java └── com │ └── edurt │ └── sski │ ├── SpringBootSecurityKeyCloakIntegration.java │ ├── config │ ├── KeycloakSecurityConfigurer.java │ └── package-info.java │ ├── controller │ ├── HelloController.java │ └── package-info.java │ └── package-info.java └── resources └── application.properties /.gitignore: -------------------------------------------------------------------------------- 1 | ### JetBrains template 2 | .idea/ 3 | *.iml 4 | 5 | # CMake 6 | cmake-build-debug/ 7 | cmake-build-release/ 8 | 9 | # File-based project format 10 | *.iws 11 | 12 | # IntelliJ 13 | out/ 14 | 15 | # mpeltonen/sbt-idea plugin 16 | .idea_modules/ 17 | 18 | # JIRA plugin 19 | atlassian-ide-plugin.xml 20 | 21 | # Cursive Clojure plugin 22 | .idea/replstate.xml 23 | 24 | # Crashlytics plugin (for Android Studio and IntelliJ) 25 | com_crashlytics_export_strings.xml 26 | crashlytics.properties 27 | crashlytics-build.properties 28 | fabric.properties 29 | 30 | # Editor-based Rest Client 31 | .idea/httpRequests 32 | 33 | ### Example user template 34 | 35 | .metadata 36 | bin/ 37 | tmp/ 38 | *.tmp 39 | *.bak 40 | *.swp 41 | *~.nib 42 | local.properties 43 | .settings/ 44 | .loadpath 45 | .recommenders 46 | 47 | # External tool builders 48 | .externalToolBuilders/ 49 | 50 | # Locally stored "Eclipse launch configurations" 51 | *.launch 52 | 53 | # PyDev specific (Python IDE for Eclipse) 54 | *.pydevproject 55 | 56 | # CDT-specific (C/C++ Development Tooling) 57 | .cproject 58 | 59 | # CDT- autotools 60 | .autotools 61 | 62 | # Java annotation processor (APT) 63 | .factorypath 64 | 65 | # PDT-specific (PHP Development Tools) 66 | .buildpath 67 | 68 | # sbteclipse plugin 69 | .target 70 | 71 | # Tern plugin 72 | .tern-project 73 | 74 | # TeXlipse plugin 75 | .texlipse 76 | 77 | # STS (Spring Tool Suite) 78 | .springBeans 79 | 80 | # Code Recommenders 81 | .recommenders/ 82 | 83 | # Scala IDE specific (Scala & Java development for Eclipse) 84 | .cache-main 85 | .scala_dependencies 86 | .worksheet 87 | 88 | ### macOS template 89 | # General 90 | .DS_Store 91 | .AppleDouble 92 | .LSOverride 93 | 94 | # Icon must end with two \r 95 | Icon 96 | 97 | # Thumbnails 98 | ._* 99 | 100 | # Files that might appear in the root of a volume 101 | .DocumentRevisions-V100 102 | .fseventsd 103 | .Spotlight-V100 104 | .TemporaryItems 105 | .Trashes 106 | .VolumeIcon.icns 107 | .com.apple.timemachine.donotpresent 108 | 109 | # Directories potentially created on remote AFP share 110 | .AppleDB 111 | .AppleDesktop 112 | Network Trash Folder 113 | Temporary Items 114 | .apdisk 115 | 116 | ### Windows template 117 | # Windows thumbnail cache files 118 | Thumbs.db 119 | ehthumbs.db 120 | ehthumbs_vista.db 121 | 122 | # Dump file 123 | *.stackdump 124 | 125 | # Folder config file 126 | [Dd]esktop.ini 127 | 128 | # Recycle Bin used on file shares 129 | $RECYCLE.BIN/ 130 | 131 | # Windows Installer files 132 | *.cab 133 | *.msi 134 | *.msix 135 | *.msm 136 | *.msp 137 | 138 | # Windows shortcuts 139 | *.lnk 140 | 141 | ### Maven template 142 | target/ 143 | pom.xml.tag 144 | pom.xml.releaseBackup 145 | pom.xml.versionsBackup 146 | pom.xml.next 147 | release.properties 148 | dependency-reduced-pom.xml 149 | buildNumber.properties 150 | .mvn/timing.properties 151 | 152 | # Avoid ignoring Maven wrapper jar file (.jar files are usually ignored) 153 | !/.mvn/wrapper/maven-wrapper.jar 154 | 155 | ### Linux template 156 | *~ 157 | 158 | # temporary files which can be created if a process still has a handle open of a deleted file 159 | .fuse_hidden* 160 | 161 | # KDE directory preferences 162 | .directory 163 | 164 | # Linux trash folder which might appear on any partition or disk 165 | .Trash-* 166 | 167 | # .nfs files are created when an open file is removed but is still being accessed 168 | .nfs* -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SpringBoot Security KeyCloak Integration 2 | 3 | SpringBoot Security KeyCloak Integration is a open source springboot, spring security, keycloak integration example. 4 | 5 | ### Technology distribution 6 | 7 | --- 8 | 9 | |Name|Version| 10 | |:---:|---| 11 | |Java|1.8+| 12 | |SpringBoot|1.5.x| 13 | |Spring Security|-| 14 | |KeyCloak|3.1.0.Final| 15 | 16 | ### Contributors(In no particular order) 17 | 18 | --- 19 | 20 | - [qianmoQ](https://github.com/qianmoQ) 21 | 22 | ### Source Code Mirror 23 | 24 | --- 25 | 26 | - [GitQub](https://gitqub.com/springboot-integration/springboot-security-keycloak-integration.git) 27 | - [GitHub](https://github.com/SpringBootIntegration/springboot-security-keycloak-integration.git) 28 | - [Gitee](https://gitee.com/SpringBootIntegratio/springboot-security-keycloak-integration.git) 29 | 30 | ### Wiki 31 | 32 | --- 33 | 34 | - [Wiki](http://wiki.ttxit.com/display/SpringBootIntegration) 35 | 36 | ### Issues 37 | 38 | --- 39 | 40 | - [JIRA](http://jira.ttxit.com/projects/SPRINATION) 41 | 42 | ### Contact us 43 | 44 | --- 45 | 46 | |Name|Value| 47 | |:---:|---| 48 | |QQ|86613994| 49 | |WeChat|86613994| 50 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4 | 4.0.0 5 | com.edurt.sski 6 | springboot-security-keycloak-integration 7 | jar 8 | 1.0.0 9 | 10 | springboot security keycloak integration 11 | SpringBoot Security KeyCloak Integration is a open source springboot, spring security, keycloak 12 | integration example. 13 | 14 | 15 | 16 | 17 | 1.16.16 18 | 1.5.6.RELEASE 19 | 3.1.0.Final 20 | 21 | 3.3 22 | 2.10.4 23 | 24 | 1.8 25 | 26 | 2.5 27 | 28 | 29 | 30 | 31 | 32 | org.springframework.boot 33 | spring-boot-dependencies 34 | ${dependency.springboot.common.version} 35 | pom 36 | import 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | org.projectlombok 45 | lombok 46 | ${dependency.lombox.version} 47 | 48 | 49 | 50 | org.springframework.boot 51 | spring-boot-starter-web 52 | 53 | 54 | org.springframework.boot 55 | spring-boot-starter-security 56 | 57 | 58 | 59 | org.keycloak 60 | keycloak-spring-boot-starter 61 | ${dependency.keycloak.version} 62 | 63 | 64 | org.keycloak 65 | keycloak-spring-security-adapter 66 | ${dependency.keycloak.version} 67 | 68 | 69 | 70 | 71 | 72 | 73 | org.apache.maven.plugins 74 | maven-compiler-plugin 75 | ${plugin.maven.compiler.version} 76 | 77 | ${environment.compile.java.version} 78 | ${environment.compile.java.version} 79 | 80 | 81 | 82 | org.apache.maven.plugins 83 | maven-javadoc-plugin 84 | ${plugin.maven.javadoc.version} 85 | 86 | true 87 | 88 | 89 | 90 | Description 91 | test 92 | description 93 | 94 | 95 | 96 | -Xdoclint:none 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | org.apache.maven.plugins 106 | maven-jxr-plugin 107 | ${reporting.maven.jxr.version} 108 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/SpringBootSecurityKeyCloakIntegration.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | *

10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | *

12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | */ 18 | package com.edurt.sski; 19 | 20 | import org.springframework.boot.SpringApplication; 21 | import org.springframework.boot.autoconfigure.SpringBootApplication; 22 | 23 | /** 24 | *

SpringBootSecurityKeyCloakIntegration

25 | *

Description : SpringBootSecurityKeyCloakIntegration

26 | *

Author : qianmoQ

27 | *

Version : 1.0

28 | *

Create Time : 2019-02-18 14:45

29 | *

Author Email: qianmoQ

30 | */ 31 | @SpringBootApplication 32 | public class SpringBootSecurityKeyCloakIntegration { 33 | 34 | public static void main(String[] args) { 35 | SpringApplication.run(SpringBootSecurityKeyCloakIntegration.class, args); 36 | } 37 | 38 | } -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/config/KeycloakSecurityConfigurer.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | *

10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | *

12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | */ 18 | package com.edurt.sski.config; 19 | 20 | import org.keycloak.adapters.KeycloakConfigResolver; 21 | import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; 22 | import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; 23 | import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; 24 | import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter; 25 | import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter; 26 | import org.springframework.boot.web.servlet.FilterRegistrationBean; 27 | import org.springframework.context.annotation.Bean; 28 | import org.springframework.context.annotation.Configuration; 29 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 30 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 31 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 32 | import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; 33 | import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; 34 | import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy; 35 | import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; 36 | 37 | /** 38 | *

KeycloakSecurityConfigurer

39 | *

Description : KeycloakSecurityConfigurer

40 | *

Author : qianmoQ

41 | *

Version : 1.0

42 | *

Create Time : 2019-02-18 14:51

43 | *

Author Email: qianmoQ

44 | */ 45 | @Configuration 46 | @EnableWebSecurity 47 | public class KeycloakSecurityConfigurer extends KeycloakWebSecurityConfigurerAdapter { 48 | 49 | @Bean 50 | public GrantedAuthoritiesMapper grantedAuthoritiesMapper() { 51 | SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); 52 | mapper.setConvertToUpperCase(true); 53 | return mapper; 54 | } 55 | 56 | @Override 57 | protected KeycloakAuthenticationProvider keycloakAuthenticationProvider() { 58 | final KeycloakAuthenticationProvider provider = super.keycloakAuthenticationProvider(); 59 | provider.setGrantedAuthoritiesMapper(grantedAuthoritiesMapper()); 60 | return provider; 61 | } 62 | 63 | @Override 64 | protected void configure(final AuthenticationManagerBuilder auth) throws Exception { 65 | auth.authenticationProvider(keycloakAuthenticationProvider()); 66 | } 67 | 68 | @Override 69 | protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { 70 | return new NullAuthenticatedSessionStrategy(); 71 | } 72 | 73 | @Override 74 | protected void configure(final HttpSecurity http) throws Exception { 75 | super.configure(http); 76 | http 77 | .authorizeRequests() 78 | .antMatchers("/admin").hasRole("ADMIN") 79 | .antMatchers("/user").hasRole("USER") 80 | .anyRequest().permitAll(); 81 | } 82 | 83 | @Bean 84 | KeycloakConfigResolver keycloakConfigResolver() { 85 | return new KeycloakSpringBootConfigResolver(); 86 | } 87 | 88 | @Bean 89 | public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean( 90 | final KeycloakAuthenticationProcessingFilter filter) { 91 | final FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); 92 | registrationBean.setEnabled(false); 93 | return registrationBean; 94 | } 95 | 96 | @Bean 97 | public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean( 98 | final KeycloakPreAuthActionsFilter filter) { 99 | final FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); 100 | registrationBean.setEnabled(false); 101 | return registrationBean; 102 | } 103 | 104 | } -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/config/package-info.java: -------------------------------------------------------------------------------- 1 | package com.edurt.sski.config; -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/controller/HelloController.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | *

10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | *

12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | */ 18 | package com.edurt.sski.controller; 19 | 20 | import org.springframework.security.access.annotation.Secured; 21 | import org.springframework.web.bind.annotation.GetMapping; 22 | import org.springframework.web.bind.annotation.RestController; 23 | 24 | /** 25 | *

HelloController

26 | *

Description : HelloController

27 | *

Author : qianmoQ

28 | *

Version : 1.0

29 | *

Create Time : 2019-02-18 14:50

30 | *

Author Email: qianmoQ

31 | */ 32 | @RestController 33 | public class HelloController { 34 | 35 | @GetMapping(value = "/admin") 36 | @Secured("ROLE_ADMIN") 37 | public String admin() { 38 | return "Admin"; 39 | } 40 | 41 | @GetMapping("/user") 42 | @Secured("ROLE_USER") 43 | public String user() { 44 | return "User"; 45 | } 46 | 47 | } -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/controller/package-info.java: -------------------------------------------------------------------------------- 1 | package com.edurt.sski.controller; -------------------------------------------------------------------------------- /src/main/java/com/edurt/sski/package-info.java: -------------------------------------------------------------------------------- 1 | package com.edurt.sski; -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port=9002 2 | keycloak.realm=springboot-security-keycloak-integration 3 | keycloak.bearer-only=true 4 | keycloak.auth-server-url=http://localhost:9001/auth 5 | keycloak.ssl-required=external 6 | keycloak.resource=springboot-security-keycloak-integration-client 7 | keycloak.use-resource-role-mappings=true 8 | keycloak.principal-attribute=preferred_username --------------------------------------------------------------------------------