├── .github └── workflows │ └── spring.yml ├── .gitignore ├── LICENSE ├── README.md ├── keycloak-spring-boot-first-look ├── .gitignore ├── build.gradle ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── thomasvitale │ │ │ └── keycloak │ │ │ ├── Application.java │ │ │ ├── config │ │ │ └── KeycloakConfig.java │ │ │ ├── controller │ │ │ └── LibraryController.java │ │ │ ├── model │ │ │ └── Book.java │ │ │ └── repository │ │ │ └── BookRepository.java │ └── resources │ │ ├── application.properties │ │ ├── static │ │ ├── css │ │ │ └── style.css │ │ └── images │ │ │ └── public-library-bookshelves-books.jpg │ │ └── templates │ │ ├── books.html │ │ ├── error │ │ └── 403.html │ │ ├── index.html │ │ └── manager.html │ └── test │ └── java │ └── com │ └── thomasvitale │ └── keycloak │ └── ApplicationTests.java └── keycloak-spring-security-first-look ├── .gitignore ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src └── main ├── java └── com │ └── thomasvitale │ └── keycloak │ ├── Application.java │ ├── config │ ├── KeycloakConfig.java │ └── SecurityConfig.java │ ├── controller │ └── LibraryController.java │ ├── model │ └── Book.java │ └── repository │ └── BookRepository.java └── resources ├── application.properties ├── static ├── css │ └── style.css └── images │ └── public-library-bookshelves-books.jpg └── templates ├── books.html ├── error └── 403.html ├── index.html └── manager.html /.github/workflows/spring.yml: -------------------------------------------------------------------------------- 1 | name: Spring CI 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | name: Spring and Keycloak 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout repository 11 | uses: actions/checkout@v1 12 | - name: Set up JDK 1.8 13 | uses: actions/setup-java@v1 14 | with: 15 | java-version: 1.8 16 | - name: Build keycloak-spring-boot-first-look 17 | run: | 18 | cd keycloak-spring-boot-first-look 19 | chmod +x gradlew 20 | ./gradlew build 21 | - name: Build keycloak-spring-security-first-look 22 | run: | 23 | cd keycloak-spring-security-first-look 24 | chmod +x gradlew 25 | ./gradlew build -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.ear 17 | *.zip 18 | *.tar.gz 19 | *.rar 20 | 21 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 22 | hs_err_pid* 23 | 24 | ################################ 25 | ############ MAC ############### 26 | ################################ 27 | 28 | # General 29 | .DS_Store 30 | .AppleDouble 31 | .LSOverride 32 | 33 | # Icon must end with two \r 34 | Icon 35 | 36 | # Thumbnails 37 | ._* 38 | 39 | # Files that might appear in the root of a volume 40 | .DocumentRevisions-V100 41 | .fseventsd 42 | .Spotlight-V100 43 | .TemporaryItems 44 | .Trashes 45 | .VolumeIcon.icns 46 | .com.apple.timemachine.donotpresent 47 | 48 | # Directories potentially created on remote AFP share 49 | .AppleDB 50 | .AppleDesktop 51 | Network Trash Folder 52 | Temporary Items 53 | .apdisk 54 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Keycloak and Spring Tutorials 2 | 3 | ![](https://github.com/ThomasVitale/spring-keycloak-tutorials/workflows/Spring%20CI/badge.svg) 4 | 5 | The repo for my article series about Keycloak and how to use it to secure Spring Boot applications and services. 6 | 7 | ## Keycloak With Spring Series 8 | 9 | ### Securing a Spring Boot Application with Keycloak - A First Look 10 | 11 | * Article: [Securing a Spring Boot Application with Keycloak - A First Look](https://www.thomasvitale.com/spring-boot-keycloak-security/) 12 | * Project: [keycloak-spring-boot-first-look](https://github.com/ThomasVitale/spring-keycloak-tutorials/tree/master/keycloak-spring-boot-first-look) 13 | 14 | ### Spring Security and Keycloak to Secure a Spring Boot Application - A First Look 15 | 16 | * Article: [Spring Security and Keycloak to Secure a Spring Boot Application - A First Look](www.thomasvitale.com/spring-security-keycloak/) 17 | * Project: [keycloak-spring-security-first-look](https://github.com/ThomasVitale/spring-keycloak-tutorials/tree/master/keycloak-spring-security-first-look) 18 | 19 | ## Keycloak Series 20 | 21 | ### Introducing Keycloak for Identity and Access Management 22 | 23 | * Article: [Introducing Keycloak for Identity and Access Management](https://www.thomasvitale.com/introducing-keycloak-identity-access-management/) 24 | 25 | ### Keycloak Basic Configuration for Authentication and Authorisation 26 | 27 | * Article: [Keycloak Basic Configuration for Authentication and Authorization](https://www.thomasvitale.com/keycloak-configuration-authentication-authorisation/) 28 | 29 | ### Keycloak Authentication Flows, SSO Protocols and Client Configuration 30 | 31 | * Article: [Keycloak Authentication Flows, SSO Protocols and Client Configuration](https://www.thomasvitale.com/keycloak-authentication-flow-sso-client/) 32 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/.gitignore: -------------------------------------------------------------------------------- 1 | # Eclipse 2 | .project 3 | .classpath 4 | .settings/ 5 | bin/ 6 | 7 | # STS 8 | .apt_generated 9 | .factorypath 10 | .settings 11 | .springBeans 12 | .sts4-cache 13 | 14 | # IntelliJ 15 | .idea 16 | *.ipr 17 | *.iml 18 | *.iws 19 | /out/ 20 | 21 | # NetBeans 22 | nb-configuration.xml 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | 29 | # Visual Studio Code 30 | .vscode 31 | 32 | # OSX 33 | .DS_Store 34 | 35 | # Vim 36 | *.swp 37 | *.swo 38 | 39 | # patch 40 | *.orig 41 | *.rej 42 | 43 | # Gradle 44 | .gradle/ 45 | build/ 46 | !gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | ext { 3 | springBootVersion = '2.1.9.RELEASE' 4 | } 5 | repositories { 6 | mavenCentral() 7 | } 8 | dependencies { 9 | classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") 10 | } 11 | } 12 | 13 | apply plugin: 'java' 14 | apply plugin: 'org.springframework.boot' 15 | apply plugin: 'io.spring.dependency-management' 16 | 17 | group = 'com.thomasvitale' 18 | version = '0.0.1-SNAPSHOT' 19 | sourceCompatibility = '1.8' 20 | 21 | repositories { 22 | mavenCentral() 23 | } 24 | 25 | ext { 26 | set('keycloakVersion', '7.0.1') 27 | } 28 | 29 | dependencies { 30 | // Spring 31 | implementation 'org.springframework.boot:spring-boot-starter-web' 32 | implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' 33 | implementation 'org.springframework.boot:spring-boot-devtools' 34 | 35 | // Keycloak 36 | implementation 'org.keycloak:keycloak-spring-boot-starter' 37 | 38 | // Test 39 | testImplementation 'org.springframework.boot:spring-boot-starter-test' 40 | } 41 | 42 | dependencyManagement { 43 | imports { 44 | mavenBom "org.keycloak.bom:keycloak-adapter-bom:${keycloakVersion}" 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasVitale/spring-keycloak-tutorials/a4fcec7263197c36bd1fddd77cc81681a08145f9/keycloak-spring-boot-first-look/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> \(.*\)$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | # Determine the Java command to use to start the JVM. 86 | if [ -n "$JAVA_HOME" ] ; then 87 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 88 | # IBM's JDK on AIX uses strange locations for the executables 89 | JAVACMD="$JAVA_HOME/jre/sh/java" 90 | else 91 | JAVACMD="$JAVA_HOME/bin/java" 92 | fi 93 | if [ ! -x "$JAVACMD" ] ; then 94 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 95 | 96 | Please set the JAVA_HOME variable in your environment to match the 97 | location of your Java installation." 98 | fi 99 | else 100 | JAVACMD="java" 101 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 102 | 103 | Please set the JAVA_HOME variable in your environment to match the 104 | location of your Java installation." 105 | fi 106 | 107 | # Increase the maximum file descriptors if we can. 108 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 109 | MAX_FD_LIMIT=`ulimit -H -n` 110 | if [ $? -eq 0 ] ; then 111 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 112 | MAX_FD="$MAX_FD_LIMIT" 113 | fi 114 | ulimit -n $MAX_FD 115 | if [ $? -ne 0 ] ; then 116 | warn "Could not set maximum file descriptor limit: $MAX_FD" 117 | fi 118 | else 119 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 120 | fi 121 | fi 122 | 123 | # For Darwin, add options to specify how the application appears in the dock 124 | if $darwin; then 125 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 126 | fi 127 | 128 | # For Cygwin or MSYS, switch paths to Windows format before running java 129 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 130 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 131 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 132 | JAVACMD=`cygpath --unix "$JAVACMD"` 133 | 134 | # We build the pattern for arguments to be converted via cygpath 135 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 136 | SEP="" 137 | for dir in $ROOTDIRSRAW ; do 138 | ROOTDIRS="$ROOTDIRS$SEP$dir" 139 | SEP="|" 140 | done 141 | OURCYGPATTERN="(^($ROOTDIRS))" 142 | # Add a user-defined pattern to the cygpath arguments 143 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 144 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 145 | fi 146 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 147 | i=0 148 | for arg in "$@" ; do 149 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 150 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 151 | 152 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 153 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 154 | else 155 | eval `echo args$i`="\"$arg\"" 156 | fi 157 | i=$((i+1)) 158 | done 159 | case $i in 160 | (0) set -- ;; 161 | (1) set -- "$args0" ;; 162 | (2) set -- "$args0" "$args1" ;; 163 | (3) set -- "$args0" "$args1" "$args2" ;; 164 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 165 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 166 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 167 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 168 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 169 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 170 | esac 171 | fi 172 | 173 | # Escape application args 174 | save () { 175 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 176 | echo " " 177 | } 178 | APP_ARGS=$(save "$@") 179 | 180 | # Collect all arguments for the java command, following the shell quoting and substitution rules 181 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 182 | 183 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 184 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 185 | cd "$(dirname "$0")" 186 | fi 187 | 188 | exec "$JAVACMD" "$@" 189 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 33 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 34 | 35 | @rem Find java.exe 36 | if defined JAVA_HOME goto findJavaFromJavaHome 37 | 38 | set JAVA_EXE=java.exe 39 | %JAVA_EXE% -version >NUL 2>&1 40 | if "%ERRORLEVEL%" == "0" goto init 41 | 42 | echo. 43 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 44 | echo. 45 | echo Please set the JAVA_HOME variable in your environment to match the 46 | echo location of your Java installation. 47 | 48 | goto fail 49 | 50 | :findJavaFromJavaHome 51 | set JAVA_HOME=%JAVA_HOME:"=% 52 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 53 | 54 | if exist "%JAVA_EXE%" goto init 55 | 56 | echo. 57 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 58 | echo. 59 | echo Please set the JAVA_HOME variable in your environment to match the 60 | echo location of your Java installation. 61 | 62 | goto fail 63 | 64 | :init 65 | @rem Get command-line arguments, handling Windows variants 66 | 67 | if not "%OS%" == "Windows_NT" goto win9xME_args 68 | 69 | :win9xME_args 70 | @rem Slurp the command line arguments. 71 | set CMD_LINE_ARGS= 72 | set _SKIP=2 73 | 74 | :win9xME_args_slurp 75 | if "x%~1" == "x" goto execute 76 | 77 | set CMD_LINE_ARGS=%* 78 | 79 | :execute 80 | @rem Setup the command line 81 | 82 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 83 | 84 | @rem Execute Gradle 85 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 86 | 87 | :end 88 | @rem End local scope for the variables with windows NT shell 89 | if "%ERRORLEVEL%"=="0" goto mainEnd 90 | 91 | :fail 92 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 93 | rem the _cmd.exe /c_ return code! 94 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 95 | exit /b 1 96 | 97 | :mainEnd 98 | if "%OS%"=="Windows_NT" endlocal 99 | 100 | :omega 101 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'keycloak-spring-boot-first-look' 2 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/java/com/thomasvitale/keycloak/Application.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(Application.class, args); 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/java/com/thomasvitale/keycloak/config/KeycloakConfig.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.config; 2 | 3 | import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | 7 | @Configuration 8 | public class KeycloakConfig { 9 | 10 | @Bean 11 | public KeycloakSpringBootConfigResolver keycloakConfigResolver() { 12 | return new KeycloakSpringBootConfigResolver(); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/java/com/thomasvitale/keycloak/controller/LibraryController.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.controller; 2 | 3 | import com.thomasvitale.keycloak.repository.BookRepository; 4 | import org.keycloak.KeycloakSecurityContext; 5 | import org.springframework.stereotype.Controller; 6 | import org.springframework.ui.Model; 7 | import org.springframework.web.bind.annotation.GetMapping; 8 | 9 | import javax.servlet.ServletException; 10 | import javax.servlet.http.HttpServletRequest; 11 | 12 | @Controller 13 | public class LibraryController { 14 | 15 | private final HttpServletRequest request; 16 | private final BookRepository bookRepository; 17 | 18 | public LibraryController(HttpServletRequest request, BookRepository bookRepository) { 19 | this.request = request; 20 | this.bookRepository = bookRepository; 21 | } 22 | 23 | @GetMapping(value = "/") 24 | public String getHome() { 25 | return "index"; 26 | } 27 | 28 | @GetMapping(value = "/books") 29 | public String getBooks(Model model) { 30 | configCommonAttributes(model); 31 | model.addAttribute("books", bookRepository.readAll()); 32 | return "books"; 33 | } 34 | 35 | @GetMapping(value = "/manager") 36 | public String getManager(Model model) { 37 | configCommonAttributes(model); 38 | model.addAttribute("books", bookRepository.readAll()); 39 | return "manager"; 40 | } 41 | 42 | @GetMapping(value = "/logout") 43 | public String logout() throws ServletException { 44 | request.logout(); 45 | return "redirect:/"; 46 | } 47 | 48 | private void configCommonAttributes(Model model) { 49 | model.addAttribute("name", getKeycloakSecurityContext().getIdToken().getGivenName()); 50 | } 51 | 52 | private KeycloakSecurityContext getKeycloakSecurityContext() { 53 | return (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/java/com/thomasvitale/keycloak/model/Book.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.model; 2 | 3 | import org.springframework.stereotype.Component; 4 | 5 | @Component 6 | public class Book { 7 | private String id; 8 | private String title; 9 | private String author; 10 | 11 | public Book() {} 12 | 13 | public Book(String id, String title, String author) { 14 | this.id = id; 15 | this.title = title; 16 | this.author = author; 17 | } 18 | 19 | public String getId() { 20 | return id; 21 | } 22 | 23 | public void setId(String id) { 24 | this.id = id; 25 | } 26 | 27 | public String getTitle() { 28 | return title; 29 | } 30 | 31 | public void setTitle(String title) { 32 | this.title = title; 33 | } 34 | 35 | public String getAuthor() { 36 | return author; 37 | } 38 | 39 | public void setAuthor(String author) { 40 | this.author = author; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/java/com/thomasvitale/keycloak/repository/BookRepository.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.repository; 2 | 3 | import com.thomasvitale.keycloak.model.Book; 4 | import org.springframework.stereotype.Repository; 5 | 6 | import java.util.ArrayList; 7 | import java.util.Comparator; 8 | import java.util.List; 9 | import java.util.Map; 10 | import java.util.concurrent.ConcurrentHashMap; 11 | 12 | @Repository 13 | public class BookRepository { 14 | private static Map books = new ConcurrentHashMap<>(); 15 | 16 | static { 17 | books.put("B01", new Book("B01", "Harry Potter and the Deathly Hallows", "J.K. Rowling")); 18 | books.put("B02", new Book("B02", "The Lord of the Rings", "J.R.R. Tolkien")); 19 | books.put("B03", new Book("B03", "War and Peace", "Leo Tolstoy")); 20 | } 21 | 22 | public List readAll() { 23 | List allBooks = new ArrayList<>(books.values()); 24 | allBooks.sort(Comparator.comparing(Book::getId)); 25 | return allBooks; 26 | } 27 | 28 | public void create(Book book) { 29 | books.put(book.getId(), book); 30 | } 31 | 32 | public Book read(String id) { 33 | return books.get(id); 34 | } 35 | 36 | public void update(Book book) { 37 | books.put(book.getId(), book); 38 | } 39 | 40 | public void delete(String id) { 41 | books.remove(id); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | keycloak.realm=public-library 2 | keycloak.resource=spring-boot-app 3 | keycloak.auth-server-url=http://localhost:8180/auth 4 | keycloak.ssl-required=external 5 | keycloak.public-client=true 6 | 7 | keycloak.securityConstraints[0].authRoles[0]=Member 8 | keycloak.securityConstraints[0].authRoles[1]=Librarian 9 | keycloak.securityConstraints[0].securityCollections[0].name=member resource 10 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/books 11 | 12 | keycloak.securityConstraints[1].authRoles[0]=Librarian 13 | keycloak.securityConstraints[1].securityCollections[0].name=librarian resource 14 | keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/manager -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/static/css/style.css: -------------------------------------------------------------------------------- 1 | body { 2 | padding-top: 5rem; 3 | } 4 | .starter-template { 5 | padding: 3rem 1.5rem; 6 | text-align: center; 7 | } -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/static/images/public-library-bookshelves-books.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasVitale/spring-keycloak-tutorials/a4fcec7263197c36bd1fddd77cc81681a08145f9/keycloak-spring-boot-first-look/src/main/resources/static/images/public-library-bookshelves-books.jpg -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/templates/books.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Browse Books 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 39 | 40 |
41 | 42 |
43 |

Hello

44 |

This page is protected. You have member privileges, so you can browse the books.

45 |
46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 |
#TitleAuthor
64 | 65 |
66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/templates/error/403.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 403 | Forbidden 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 34 | 35 |
36 | 37 |
38 |

Forbidden

39 |

You don't have the right privileges to access this area.

40 |
41 | 42 |
43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Home | Public Library 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 34 | 35 |
36 | 37 |
38 |

Public Library

39 |

Welcome to the public library. You are free to visit this page since is not protected.

40 |
41 | 42 |
43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/main/resources/templates/manager.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Manage Library 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 39 | 40 |
41 | 42 |
43 |

Hello

44 |

This page is protected. You have librarian privileges, so you can manage the library.

45 | 46 |
47 | 48 |
49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /keycloak-spring-boot-first-look/src/test/java/com/thomasvitale/keycloak/ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class ApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | 18 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/.gitignore: -------------------------------------------------------------------------------- 1 | # Eclipse 2 | .project 3 | .classpath 4 | .settings/ 5 | bin/ 6 | 7 | # STS 8 | .apt_generated 9 | .factorypath 10 | .settings 11 | .springBeans 12 | .sts4-cache 13 | 14 | # IntelliJ 15 | .idea 16 | *.ipr 17 | *.iml 18 | *.iws 19 | /out/ 20 | 21 | # NetBeans 22 | nb-configuration.xml 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | 29 | # Visual Studio Code 30 | .vscode 31 | 32 | # OSX 33 | .DS_Store 34 | 35 | # Vim 36 | *.swp 37 | *.swo 38 | 39 | # patch 40 | *.orig 41 | *.rej 42 | 43 | # Gradle 44 | .gradle/ 45 | build/ 46 | !gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | ext { 3 | springBootVersion = '2.1.9.RELEASE' 4 | } 5 | repositories { 6 | mavenCentral() 7 | } 8 | dependencies { 9 | classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") 10 | } 11 | } 12 | 13 | apply plugin: 'java' 14 | apply plugin: 'org.springframework.boot' 15 | apply plugin: 'io.spring.dependency-management' 16 | 17 | group = 'com.thomasvitale' 18 | version = '0.0.1-SNAPSHOT' 19 | sourceCompatibility = '1.8' 20 | 21 | repositories { 22 | mavenCentral() 23 | } 24 | 25 | ext { 26 | set('keycloakVersion', '7.0.1') 27 | } 28 | 29 | dependencies { 30 | // Spring 31 | implementation 'org.springframework.boot:spring-boot-starter-web' 32 | implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' 33 | implementation 'org.springframework.boot:spring-boot-starter-security' 34 | 35 | // Keycloak 36 | implementation 'org.keycloak:keycloak-spring-boot-starter' 37 | 38 | // Test 39 | testImplementation 'org.springframework.boot:spring-boot-starter-test' 40 | testImplementation 'org.springframework.boot:spring-security-test' 41 | testImplementation 'org.keycloak:keycloak-test-helper' 42 | } 43 | 44 | dependencyManagement { 45 | imports { 46 | mavenBom "org.keycloak.bom:keycloak-adapter-bom:${keycloakVersion}" 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasVitale/spring-keycloak-tutorials/a4fcec7263197c36bd1fddd77cc81681a08145f9/keycloak-spring-security-first-look/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> \(.*\)$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | # Determine the Java command to use to start the JVM. 86 | if [ -n "$JAVA_HOME" ] ; then 87 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 88 | # IBM's JDK on AIX uses strange locations for the executables 89 | JAVACMD="$JAVA_HOME/jre/sh/java" 90 | else 91 | JAVACMD="$JAVA_HOME/bin/java" 92 | fi 93 | if [ ! -x "$JAVACMD" ] ; then 94 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 95 | 96 | Please set the JAVA_HOME variable in your environment to match the 97 | location of your Java installation." 98 | fi 99 | else 100 | JAVACMD="java" 101 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 102 | 103 | Please set the JAVA_HOME variable in your environment to match the 104 | location of your Java installation." 105 | fi 106 | 107 | # Increase the maximum file descriptors if we can. 108 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 109 | MAX_FD_LIMIT=`ulimit -H -n` 110 | if [ $? -eq 0 ] ; then 111 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 112 | MAX_FD="$MAX_FD_LIMIT" 113 | fi 114 | ulimit -n $MAX_FD 115 | if [ $? -ne 0 ] ; then 116 | warn "Could not set maximum file descriptor limit: $MAX_FD" 117 | fi 118 | else 119 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 120 | fi 121 | fi 122 | 123 | # For Darwin, add options to specify how the application appears in the dock 124 | if $darwin; then 125 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 126 | fi 127 | 128 | # For Cygwin or MSYS, switch paths to Windows format before running java 129 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 130 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 131 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 132 | JAVACMD=`cygpath --unix "$JAVACMD"` 133 | 134 | # We build the pattern for arguments to be converted via cygpath 135 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 136 | SEP="" 137 | for dir in $ROOTDIRSRAW ; do 138 | ROOTDIRS="$ROOTDIRS$SEP$dir" 139 | SEP="|" 140 | done 141 | OURCYGPATTERN="(^($ROOTDIRS))" 142 | # Add a user-defined pattern to the cygpath arguments 143 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 144 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 145 | fi 146 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 147 | i=0 148 | for arg in "$@" ; do 149 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 150 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 151 | 152 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 153 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 154 | else 155 | eval `echo args$i`="\"$arg\"" 156 | fi 157 | i=$((i+1)) 158 | done 159 | case $i in 160 | (0) set -- ;; 161 | (1) set -- "$args0" ;; 162 | (2) set -- "$args0" "$args1" ;; 163 | (3) set -- "$args0" "$args1" "$args2" ;; 164 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 165 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 166 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 167 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 168 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 169 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 170 | esac 171 | fi 172 | 173 | # Escape application args 174 | save () { 175 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 176 | echo " " 177 | } 178 | APP_ARGS=$(save "$@") 179 | 180 | # Collect all arguments for the java command, following the shell quoting and substitution rules 181 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 182 | 183 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 184 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 185 | cd "$(dirname "$0")" 186 | fi 187 | 188 | exec "$JAVACMD" "$@" 189 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 33 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 34 | 35 | @rem Find java.exe 36 | if defined JAVA_HOME goto findJavaFromJavaHome 37 | 38 | set JAVA_EXE=java.exe 39 | %JAVA_EXE% -version >NUL 2>&1 40 | if "%ERRORLEVEL%" == "0" goto init 41 | 42 | echo. 43 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 44 | echo. 45 | echo Please set the JAVA_HOME variable in your environment to match the 46 | echo location of your Java installation. 47 | 48 | goto fail 49 | 50 | :findJavaFromJavaHome 51 | set JAVA_HOME=%JAVA_HOME:"=% 52 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 53 | 54 | if exist "%JAVA_EXE%" goto init 55 | 56 | echo. 57 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 58 | echo. 59 | echo Please set the JAVA_HOME variable in your environment to match the 60 | echo location of your Java installation. 61 | 62 | goto fail 63 | 64 | :init 65 | @rem Get command-line arguments, handling Windows variants 66 | 67 | if not "%OS%" == "Windows_NT" goto win9xME_args 68 | 69 | :win9xME_args 70 | @rem Slurp the command line arguments. 71 | set CMD_LINE_ARGS= 72 | set _SKIP=2 73 | 74 | :win9xME_args_slurp 75 | if "x%~1" == "x" goto execute 76 | 77 | set CMD_LINE_ARGS=%* 78 | 79 | :execute 80 | @rem Setup the command line 81 | 82 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 83 | 84 | @rem Execute Gradle 85 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 86 | 87 | :end 88 | @rem End local scope for the variables with windows NT shell 89 | if "%ERRORLEVEL%"=="0" goto mainEnd 90 | 91 | :fail 92 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 93 | rem the _cmd.exe /c_ return code! 94 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 95 | exit /b 1 96 | 97 | :mainEnd 98 | if "%OS%"=="Windows_NT" endlocal 99 | 100 | :omega 101 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'keycloak-spring-security-first-look' 2 | 3 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/Application.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(Application.class, args); 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/config/KeycloakConfig.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.config; 2 | 3 | import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | 7 | @Configuration 8 | public class KeycloakConfig { 9 | 10 | /** 11 | * Load Keycloak configuration from application.properties or application.yml, rather than keycloak.json. 12 | */ 13 | @Bean 14 | public KeycloakSpringBootConfigResolver keycloakConfigResolver() { 15 | return new KeycloakSpringBootConfigResolver(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/config/SecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.config; 2 | 3 | import org.keycloak.adapters.springsecurity.KeycloakConfiguration; 4 | import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; 5 | import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; 6 | import org.keycloak.adapters.springsecurity.management.HttpSessionManager; 7 | import org.springframework.beans.factory.annotation.Autowired; 8 | import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 9 | import org.springframework.context.annotation.Bean; 10 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 11 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 12 | import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; 13 | import org.springframework.security.core.session.SessionRegistryImpl; 14 | import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; 15 | import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; 16 | 17 | @KeycloakConfiguration 18 | public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { 19 | 20 | /** 21 | * Registers the KeycloakAuthenticationProvider with the authentication manager. 22 | * 23 | * Since Spring Security requires that role names start with "ROLE_", 24 | * a SimpleAuthorityMapper is used to instruct the KeycloakAuthenticationProvider 25 | * to insert the "ROLE_" prefix. 26 | * 27 | * e.g. Librarian -> ROLE_Librarian 28 | * 29 | * Should you prefer to have the role all in uppercase, you can instruct 30 | * the SimpleAuthorityMapper to convert it by calling: 31 | * {@code grantedAuthorityMapper.setConvertToUpperCase(true); }. 32 | * The result will be: Librarian -> ROLE_LIBRARIAN. 33 | */ 34 | @Autowired 35 | public void configureGlobal(AuthenticationManagerBuilder auth) { 36 | SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper(); 37 | grantedAuthorityMapper.setPrefix("ROLE_"); 38 | 39 | KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider(); 40 | keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthorityMapper); 41 | auth.authenticationProvider(keycloakAuthenticationProvider); 42 | } 43 | 44 | /** 45 | * Defines the session authentication strategy. 46 | * 47 | * RegisterSessionAuthenticationStrategy is used because this is a public application 48 | * from the Keycloak point of view. 49 | */ 50 | @Bean 51 | @Override 52 | protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { 53 | return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); 54 | } 55 | 56 | /** 57 | * Define an HttpSessionManager bean only if missing. 58 | * 59 | * This is necessary because since Spring Boot 2.1.0, spring.main.allow-bean-definition-overriding 60 | * is disabled by default. 61 | */ 62 | @Bean 63 | @Override 64 | @ConditionalOnMissingBean(HttpSessionManager.class) 65 | protected HttpSessionManager httpSessionManager() { 66 | return new HttpSessionManager(); 67 | } 68 | 69 | /** 70 | * Define security constraints for the application resources. 71 | */ 72 | @Override 73 | protected void configure(HttpSecurity http) throws Exception { 74 | super.configure(http); 75 | http 76 | .authorizeRequests() 77 | .antMatchers("/books").hasAnyRole("Member", "Librarian") 78 | .antMatchers("/manager").hasRole("Librarian") 79 | .anyRequest().permitAll(); 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/controller/LibraryController.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.controller; 2 | 3 | import com.thomasvitale.keycloak.repository.BookRepository; 4 | import org.keycloak.KeycloakSecurityContext; 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Controller; 7 | import org.springframework.ui.Model; 8 | import org.springframework.web.bind.annotation.GetMapping; 9 | 10 | import javax.servlet.ServletException; 11 | import javax.servlet.http.HttpServletRequest; 12 | 13 | @Controller 14 | public class LibraryController { 15 | private final HttpServletRequest request; 16 | private final BookRepository bookRepository; 17 | 18 | @Autowired 19 | public LibraryController(HttpServletRequest request, BookRepository bookRepository) { 20 | this.request = request; 21 | this.bookRepository = bookRepository; 22 | } 23 | 24 | @GetMapping(value = "/") 25 | public String getHome() { 26 | return "index"; 27 | } 28 | 29 | @GetMapping(value = "/books") 30 | public String getBooks(Model model) { 31 | configCommonAttributes(model); 32 | model.addAttribute("books", bookRepository.readAll()); 33 | return "books"; 34 | } 35 | 36 | @GetMapping(value = "/manager") 37 | public String getManager(Model model) { 38 | configCommonAttributes(model); 39 | model.addAttribute("books", bookRepository.readAll()); 40 | return "manager"; 41 | } 42 | 43 | @GetMapping(value = "/logout") 44 | public String logout() throws ServletException { 45 | request.logout(); 46 | return "redirect:/"; 47 | } 48 | 49 | private void configCommonAttributes(Model model) { 50 | model.addAttribute("name", getKeycloakSecurityContext().getIdToken().getGivenName()); 51 | } 52 | 53 | /** 54 | * The KeycloakSecurityContext provides access to several pieces of information 55 | * contained in the security token, such as user profile information. 56 | */ 57 | private KeycloakSecurityContext getKeycloakSecurityContext() { 58 | return (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/model/Book.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.model; 2 | 3 | import org.springframework.stereotype.Component; 4 | 5 | @Component 6 | public class Book { 7 | private String id; 8 | private String title; 9 | private String author; 10 | 11 | public Book() {} 12 | 13 | public Book(String id, String title, String author) { 14 | this.id = id; 15 | this.title = title; 16 | this.author = author; 17 | } 18 | 19 | public String getId() { 20 | return id; 21 | } 22 | 23 | public void setId(String id) { 24 | this.id = id; 25 | } 26 | 27 | public String getTitle() { 28 | return title; 29 | } 30 | 31 | public void setTitle(String title) { 32 | this.title = title; 33 | } 34 | 35 | public String getAuthor() { 36 | return author; 37 | } 38 | 39 | public void setAuthor(String author) { 40 | this.author = author; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/java/com/thomasvitale/keycloak/repository/BookRepository.java: -------------------------------------------------------------------------------- 1 | package com.thomasvitale.keycloak.repository; 2 | 3 | import com.thomasvitale.keycloak.model.Book; 4 | import org.springframework.stereotype.Repository; 5 | 6 | import java.util.ArrayList; 7 | import java.util.Comparator; 8 | import java.util.List; 9 | import java.util.Map; 10 | import java.util.concurrent.ConcurrentHashMap; 11 | 12 | @Repository 13 | public class BookRepository { 14 | private static Map books = new ConcurrentHashMap<>(); 15 | 16 | static { 17 | books.put("B01", new Book("B01", "Harry Potter and the Deathly Hallows", "J.K. Rowling")); 18 | books.put("B02", new Book("B02", "The Lord of the Rings", "J.R.R. Tolkien")); 19 | books.put("B03", new Book("B03", "War and Peace", "Leo Tolstoy")); 20 | } 21 | 22 | public List readAll() { 23 | List allBooks = new ArrayList<>(books.values()); 24 | allBooks.sort(Comparator.comparing(Book::getId)); 25 | return allBooks; 26 | } 27 | 28 | public void create(Book book) { 29 | books.put(book.getId(), book); 30 | } 31 | 32 | public Book read(String id) { 33 | return books.get(id); 34 | } 35 | 36 | public void update(Book book) { 37 | books.put(book.getId(), book); 38 | } 39 | 40 | public void delete(String id) { 41 | books.remove(id); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | keycloak.realm=public-library 2 | keycloak.resource=spring-boot-app 3 | keycloak.auth-server-url=http://localhost:8180/auth 4 | keycloak.ssl-required=external 5 | keycloak.public-client=true 6 | keycloak.principal-attribute=preferred_username -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/static/css/style.css: -------------------------------------------------------------------------------- 1 | body { 2 | padding-top: 5rem; 3 | } 4 | .starter-template { 5 | padding: 3rem 1.5rem; 6 | text-align: center; 7 | } -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/static/images/public-library-bookshelves-books.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThomasVitale/spring-keycloak-tutorials/a4fcec7263197c36bd1fddd77cc81681a08145f9/keycloak-spring-security-first-look/src/main/resources/static/images/public-library-bookshelves-books.jpg -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/templates/books.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Browse Books 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 39 | 40 |
41 | 42 |
43 |

Hello

44 |

This page is protected. You have member privileges, so you can browse the books.

45 |
46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 |
#TitleAuthor
64 | 65 |
66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/templates/error/403.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 403 | Forbidden 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 34 | 35 |
36 | 37 |
38 |

Forbidden

39 |

You don't have the right privileges to access this area.

40 |
41 | 42 |
43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Home | Public Library 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 34 | 35 |
36 | 37 |
38 |

Public Library

39 |

Welcome to the public library. You are free to visit this page since it is not protected.

40 |
41 | 42 |
43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /keycloak-spring-security-first-look/src/main/resources/templates/manager.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Manage Library 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 39 | 40 |
41 | 42 |
43 |

Hello

44 |

This page is protected. You have librarian privileges, so you can manage the library.

45 | 46 |
47 | 48 |
49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | --------------------------------------------------------------------------------