├── .editorconfig ├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── README.adoc ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── fabric8 │ ├── springboot-client-secret.yml │ ├── springboot-keycloak-demo-cm.yml │ └── springboot-keycloak-demo-deployment.yml ├── java │ └── org │ │ └── workspace7 │ │ └── springboot │ │ ├── AppEnvironment.java │ │ └── KeyCloakDemoApplication.java ├── local-resources │ └── application.yml └── resources │ ├── logback.xml │ └── static │ └── index.html └── test └── java └── io └── fabric8 └── itests └── IntegrationTestKT.java /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | trim_trailing_whitespace = true 5 | end_of_line = lf 6 | insert_final_newline = true 7 | 8 | [*.{yaml,json,xml,html}] 9 | charset = utf-8 10 | indent_style = space 11 | indent_size = 2 12 | 13 | [*.java] 14 | charset = utf-8 15 | indent_style = space 16 | indent_size = 4 17 | 18 | [Makefile] 19 | indent_style = tab 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | 4 | ### STS ### 5 | .apt_generated 6 | .classpath 7 | .factorypath 8 | .project 9 | .settings 10 | .springBeans 11 | 12 | ### IntelliJ IDEA ### 13 | .idea 14 | *.iws 15 | *.iml 16 | *.ipr 17 | 18 | ### NetBeans ### 19 | nbproject/private/ 20 | build/ 21 | nbbuild/ 22 | dist/ 23 | nbdist/ 24 | .nb-gradle/ 25 | 26 | ## Eclipse ## 27 | .project 28 | .classpath 29 | .settings/ 30 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kameshsampath/springboot-keycloak-demo/3abcb61be4b3afae7aedcfee4ce9bb4a59ac091c/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.9/apache-maven-3.3.9-bin.zip 2 | -------------------------------------------------------------------------------- /README.adoc: -------------------------------------------------------------------------------- 1 | = Spring Boot OAuth2 with Keycloak 2 | 3 | This demo is a reconfiguration or migration of https://spring.io/guides/tutorials/spring-boot-oauth2/[Spring Boot and OAuth2] 4 | to use http://www.keycloak.org[Keycloak] as Authentication Provider in place of Facebook that was used in 5 | the tutorial. 6 | 7 | == Setup 8 | 9 | The demo uses the https://fabric8.io[fabric8] with https://github.com/kubernetes/minikube[minikube] to deploy the 10 | Kubernetes resources, you can also use https://github.com/minishift/minishift[MiniShift] 11 | or https://developers.redhat.com/products/cdk/overview/[RHEL CDK] to deploy the application. Choosing your deployment 12 | platform does not need any change to your code as https://fabric8.io[fabric8] does the right deployment thats suitable 13 | for your platform. 14 | 15 | == Let's get started 16 | 17 | To deploy applications we will be using the https://maven.fabric8.io[fabric8 maven plugin]. If you have not setup gofabric8 18 | please refer http://fabric8.io/guide/getStarted/index.html[here] on how to set it up. 19 | 20 | IMPORTANT: Please setup https://github.com/kubernetes/minikube[minikube] or https://github.com/minishift/minishift[MiniShift] 21 | or https://developers.redhat.com/products/cdk/overview/[RHEL CDK] up and running before proceeding further 22 | 23 | === Setup Keycloak 24 | 25 | Clone the keycloak-demo-server setup from https://github.com/kameshsampath/keycloak-demo-server[github], lets call the 26 | project directory as $KEYCLOAK_SERVER_HOME. 27 | 28 | [[keycloak-install]] 29 | ==== Deploy Keycloak 30 | 31 | Form the $KEYCLOAK_SERVER_HOME run the following command, 32 | 33 | ```code bash 34 | mvn clean install fabric8:deploy 35 | ``` 36 | 37 | This command will deploy the Keycloak server and import the realms form project 38 | https://github.com/kameshsampath/keycloak-demo-server/tree/master/src/main/resources[folder] in to Keycloak. 39 | 40 | To verify deployment and know the Keycloak url please execute the command, 41 | 42 | [[keycloak-url]] 43 | ==== Keycloak URL 44 | ```code bash 45 | gofabric8 service keycloak-demo-server --url 46 | ``` 47 | 48 | [[admin-credentials]] 49 | ==== Keycloak Admin Credentials 50 | The default Keycloak admin credentials `admin` and `admin`, you can change this via https://github.com/kameshsampath/keycloak-demo-server/blob/master/pom.xml[pom.xml] 51 | properties `keycloak.admin.user` and `keycloak.admin.password` before doing the <>. 52 | 53 | === Deploy the Application 54 | 55 | Clone the keycloak-demo-server setup from https://github.com/kameshsampath/springboot-keycloak-demo[github], lets call the 56 | project directory as $DEMO_APP_HOME. 57 | 58 | [[demo-install]] 59 | ==== Deploy Application 60 | 61 | Form the $DEMO_APP_HOME run the following command, 62 | 63 | ```code bash 64 | mvn -Pfabric8 clean install fabric8:deploy 65 | ``` 66 | 67 | To verify deployment and know the Application url please execute the command, 68 | 69 | [[demo-url]] 70 | ==== Application URL 71 | ```code bash 72 | gofabric8 service springboot-keycloak-demo --url 73 | ``` 74 | 75 | You can use the demo users found https://github.com/kameshsampath/keycloak-demo-server#keycloak-realm-resources[here] 76 | to login to the demo application 77 | 78 | === Configure the Keycloak Client 79 | 80 | The demo realms imported into the Keycloak are configured with mock client url typically `http://localhost:8080` which 81 | needs to be updated to point to the <>, to do that login into <> with 82 | <> and update the `spring-boot-demos` client with right application urls from <> 83 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # 58 | # Look for the Apple JDKs first to preserve the existing behaviour, and then look 59 | # for the new JDKs provided by Oracle. 60 | # 61 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then 62 | # 63 | # Apple JDKs 64 | # 65 | export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 66 | fi 67 | 68 | if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then 69 | # 70 | # Apple JDKs 71 | # 72 | export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 73 | fi 74 | 75 | if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then 76 | # 77 | # Oracle JDKs 78 | # 79 | export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home 80 | fi 81 | 82 | if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then 83 | # 84 | # Apple JDKs 85 | # 86 | export JAVA_HOME=`/usr/libexec/java_home` 87 | fi 88 | ;; 89 | esac 90 | 91 | if [ -z "$JAVA_HOME" ] ; then 92 | if [ -r /etc/gentoo-release ] ; then 93 | JAVA_HOME=`java-config --jre-home` 94 | fi 95 | fi 96 | 97 | if [ -z "$M2_HOME" ] ; then 98 | ## resolve links - $0 may be a link to maven's home 99 | PRG="$0" 100 | 101 | # need this for relative symlinks 102 | while [ -h "$PRG" ] ; do 103 | ls=`ls -ld "$PRG"` 104 | link=`expr "$ls" : '.*-> \(.*\)$'` 105 | if expr "$link" : '/.*' > /dev/null; then 106 | PRG="$link" 107 | else 108 | PRG="`dirname "$PRG"`/$link" 109 | fi 110 | done 111 | 112 | saveddir=`pwd` 113 | 114 | M2_HOME=`dirname "$PRG"`/.. 115 | 116 | # make it fully qualified 117 | M2_HOME=`cd "$M2_HOME" && pwd` 118 | 119 | cd "$saveddir" 120 | # echo Using m2 at $M2_HOME 121 | fi 122 | 123 | # For Cygwin, ensure paths are in UNIX format before anything is touched 124 | if $cygwin ; then 125 | [ -n "$M2_HOME" ] && 126 | M2_HOME=`cygpath --unix "$M2_HOME"` 127 | [ -n "$JAVA_HOME" ] && 128 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 129 | [ -n "$CLASSPATH" ] && 130 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 131 | fi 132 | 133 | # For Migwn, ensure paths are in UNIX format before anything is touched 134 | if $mingw ; then 135 | [ -n "$M2_HOME" ] && 136 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 137 | [ -n "$JAVA_HOME" ] && 138 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 139 | # TODO classpath? 140 | fi 141 | 142 | if [ -z "$JAVA_HOME" ]; then 143 | javaExecutable="`which javac`" 144 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 145 | # readlink(1) is not available as standard on Solaris 10. 146 | readLink=`which readlink` 147 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 148 | if $darwin ; then 149 | javaHome="`dirname \"$javaExecutable\"`" 150 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 151 | else 152 | javaExecutable="`readlink -f \"$javaExecutable\"`" 153 | fi 154 | javaHome="`dirname \"$javaExecutable\"`" 155 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 156 | JAVA_HOME="$javaHome" 157 | export JAVA_HOME 158 | fi 159 | fi 160 | fi 161 | 162 | if [ -z "$JAVACMD" ] ; then 163 | if [ -n "$JAVA_HOME" ] ; then 164 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 165 | # IBM's JDK on AIX uses strange locations for the executables 166 | JAVACMD="$JAVA_HOME/jre/sh/java" 167 | else 168 | JAVACMD="$JAVA_HOME/bin/java" 169 | fi 170 | else 171 | JAVACMD="`which java`" 172 | fi 173 | fi 174 | 175 | if [ ! -x "$JAVACMD" ] ; then 176 | echo "Error: JAVA_HOME is not defined correctly." >&2 177 | echo " We cannot execute $JAVACMD" >&2 178 | exit 1 179 | fi 180 | 181 | if [ -z "$JAVA_HOME" ] ; then 182 | echo "Warning: JAVA_HOME environment variable is not set." 183 | fi 184 | 185 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 186 | 187 | # For Cygwin, switch paths to Windows format before running java 188 | if $cygwin; then 189 | [ -n "$M2_HOME" ] && 190 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 191 | [ -n "$JAVA_HOME" ] && 192 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 193 | [ -n "$CLASSPATH" ] && 194 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 195 | fi 196 | 197 | # traverses directory structure from process work directory to filesystem root 198 | # first directory with .mvn subdirectory is considered project base directory 199 | find_maven_basedir() { 200 | local basedir=$(pwd) 201 | local wdir=$(pwd) 202 | while [ "$wdir" != '/' ] ; do 203 | if [ -d "$wdir"/.mvn ] ; then 204 | basedir=$wdir 205 | break 206 | fi 207 | wdir=$(cd "$wdir/.."; pwd) 208 | done 209 | echo "${basedir}" 210 | } 211 | 212 | # concatenates all lines of a file 213 | concat_lines() { 214 | if [ -f "$1" ]; then 215 | echo "$(tr -s '\n' ' ' < "$1")" 216 | fi 217 | } 218 | 219 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} 220 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 221 | 222 | # Provide a "standardized" way to retrieve the CLI args that will 223 | # work with both Windows and non-Windows executions. 224 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 225 | export MAVEN_CMD_LINE_ARGS 226 | 227 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 228 | 229 | exec "$JAVACMD" \ 230 | $MAVEN_OPTS \ 231 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 232 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 233 | ${WRAPPER_LAUNCHER} "$@" 234 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | set MAVEN_CMD_LINE_ARGS=%* 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | 121 | set WRAPPER_JAR="".\.mvn\wrapper\maven-wrapper.jar"" 122 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 123 | 124 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% 125 | if ERRORLEVEL 1 goto error 126 | goto end 127 | 128 | :error 129 | set ERROR_CODE=1 130 | 131 | :end 132 | @endlocal & set ERROR_CODE=%ERROR_CODE% 133 | 134 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 135 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 136 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 137 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 138 | :skipRcPost 139 | 140 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 141 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 142 | 143 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 144 | 145 | exit /B %ERROR_CODE% -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | 7 | org.springframework.boot 8 | spring-boot-starter-parent 9 | 1.4.2.RELEASE 10 | 11 | 12 | org.workspace7.springboot 13 | springboot-keycloak-demo 14 | 0.0.1-SNAPSHOT 15 | jar 16 | 17 | Springboot::Demos::KeyCloak 18 | Demo project for Spring Boot integration with KeyCloak OAuth2 19 | 20 | 21 | 22 | UTF-8 23 | UTF-8 24 | 1.8 25 | 1.4.3 26 | 2.1.1 27 | 3.2.0 28 | 2.19.1 29 | 3.2.1 30 | 2.2.176 31 | 1.7.21 32 | 33 | 34 | 35 | 36 | 37 | io.fabric8 38 | fabric8-arquillian 39 | ${fabric8-arquillian.version} 40 | test 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | src/main/resources 50 | true 51 | 52 | 53 | 54 | 55 | 56 | org.apache.maven.plugins 57 | maven-resources-plugin 58 | 3.0.1 59 | 60 | @ 61 | 62 | 63 | 64 | 65 | org.springframework.boot 66 | spring-boot-maven-plugin 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | local 76 | 77 | true 78 | 79 | 80 | 81 | localhost 82 | 8180 83 | springboot 84 | springboot-local 85 | e6526cb3-b588-44da-966e-ac0e1d7a586b 86 | 87 | 88 | clean spring-boot:run 89 | 90 | 91 | org.codehaus.mojo 92 | build-helper-maven-plugin 93 | 94 | 95 | add-local-app-yml 96 | generate-resources 97 | 98 | add-resource 99 | 100 | 101 | 102 | 103 | src/main/local-resources 104 | ${project.build.outputDirectory} 105 | true 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | kit 118 | 119 | 120 | 121 | 122 | maven-failsafe-plugin 123 | ${maven-failsafe-plugin.version} 124 | 125 | 126 | **/*KT.* 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | fabric8 136 | 137 | 138 | 139 | localhost 140 | 8180 141 | springboot 142 | 143 | 144 | clean install 145 | 146 | 147 | src/main/fabric8 148 | true 149 | 150 | 151 | 152 | 153 | io.fabric8 154 | fabric8-maven-plugin 155 | ${fabric8-maven-plugin.version} 156 | 157 | 158 | fmp 159 | install 160 | 161 | resource 162 | build 163 | helm 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | org.springframework.boot 178 | spring-boot-starter-web 179 | 180 | 181 | 182 | org.springframework.boot 183 | spring-boot-actuator 184 | 185 | 186 | 187 | 188 | ch.qos.logback 189 | logback-core 190 | ${logback.version} 191 | 192 | 193 | ch.qos.logback 194 | logback-classic 195 | ${logback.version} 196 | 197 | 198 | org.slf4j 199 | slf4j-api 200 | ${slf4j-api.version} 201 | 202 | 203 | 204 | 205 | org.springframework.boot 206 | spring-boot-starter-security 207 | 208 | 209 | org.springframework.security.oauth 210 | spring-security-oauth2 211 | 212 | 213 | 214 | 215 | 216 | org.springframework.boot 217 | spring-boot-starter-test 218 | test 219 | 220 | 221 | 222 | 223 | org.webjars 224 | angularjs 225 | ${angularjs.version} 226 | 227 | 228 | org.webjars 229 | jquery 230 | ${jquery.version} 231 | 232 | 233 | org.webjars 234 | bootstrap 235 | ${bootstrap.version} 236 | 237 | 238 | org.webjars 239 | webjars-locator 240 | 241 | 242 | org.springframework.boot 243 | spring-boot-starter-actuator 244 | 245 | 246 | io.fabric8 247 | fabric8-arquillian 248 | test 249 | 250 | 251 | 252 | 253 | 254 | -------------------------------------------------------------------------------- /src/main/fabric8/springboot-client-secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "v1" 3 | kind: "Secret" 4 | metadata: 5 | name: "springboot-kc-client" 6 | type: Opaque 7 | data: 8 | clientId: "c3ByaW5nLWJvb3QtZGVtb3M=" 9 | clientSecret: "N2FiNTRjYjMtMTM1Ni00YTY4LTgzZDctYzNjZTliOWVlMmZm" 10 | -------------------------------------------------------------------------------- /src/main/fabric8/springboot-keycloak-demo-cm.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | application.yml: | 4 | security: 5 | oauth2: 6 | client: 7 | clientId: "${CLIENT_ID}" 8 | clientSecret: "${CLIENT_SECRET}" 9 | accessTokenUri: "${KEYCLOAK_URL}/auth/realms/@keycloak.realm@/protocol/openid-connect/token" 10 | userAuthorizationUri: "${KEYCLOAK_URL}/auth/realms/@keycloak.realm@/protocol/openid-connect/auth" 11 | authenticationScheme: header 12 | clientAuthenticationScheme: header 13 | resource: 14 | userInfoUri: "${KEYCLOAK_URL}/auth/realms/@keycloak.realm@/protocol/openid-connect/userinfo" 15 | kind: ConfigMap 16 | metadata: 17 | name: springboot-keycloak 18 | -------------------------------------------------------------------------------- /src/main/fabric8/springboot-keycloak-demo-deployment.yml: -------------------------------------------------------------------------------- 1 | spec: 2 | template: 3 | spec: 4 | containers: 5 | - env: 6 | - name: CLIENT_ID 7 | valueFrom: 8 | secretKeyRef: 9 | key: "clientId" 10 | name: "springboot-kc-client" 11 | - name: CLIENT_SECRET 12 | valueFrom: 13 | secretKeyRef: 14 | key: "clientSecret" 15 | name: "springboot-kc-client" 16 | - name: KEYCLOAK_URL 17 | valueFrom: 18 | configMapKeyRef: 19 | key: "keycloak-demo-server--root-url" 20 | name: "keycloak-demo-server" 21 | - name: SPRING_CONFIG_LOCATION 22 | value: "/config/application.yml" 23 | volumeMounts: 24 | - name: springboot-app-config 25 | mountPath: /config/ 26 | volumes: 27 | - name: springboot-app-config 28 | configMap: 29 | name: springboot-keycloak 30 | -------------------------------------------------------------------------------- /src/main/java/org/workspace7/springboot/AppEnvironment.java: -------------------------------------------------------------------------------- 1 | package org.workspace7.springboot; 2 | 3 | /** 4 | * @author kameshs 5 | */ 6 | public class AppEnvironment { 7 | private String keyCloakUrl; 8 | private String redirectUri; 9 | 10 | public String getKeyCloakUrl() { 11 | return keyCloakUrl; 12 | } 13 | 14 | public void setKeyCloakUrl(String keyCloakUrl) { 15 | this.keyCloakUrl = keyCloakUrl; 16 | } 17 | 18 | public String getRedirectUri() { 19 | return redirectUri; 20 | } 21 | 22 | public void setRedirectUri(String redirectUri) { 23 | this.redirectUri = redirectUri; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/org/workspace7/springboot/KeyCloakDemoApplication.java: -------------------------------------------------------------------------------- 1 | package org.workspace7.springboot; 2 | 3 | import org.slf4j.Logger; 4 | import org.slf4j.LoggerFactory; 5 | import org.springframework.boot.SpringApplication; 6 | import org.springframework.boot.autoconfigure.SpringBootApplication; 7 | import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; 8 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 9 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 10 | import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; 11 | import org.springframework.security.web.csrf.CookieCsrfTokenRepository; 12 | import org.springframework.web.bind.annotation.RequestMapping; 13 | import org.springframework.web.bind.annotation.RequestMethod; 14 | import org.springframework.web.bind.annotation.ResponseBody; 15 | import org.springframework.web.bind.annotation.RestController; 16 | 17 | import javax.servlet.http.HttpServletRequest; 18 | import java.security.Principal; 19 | 20 | 21 | @SpringBootApplication 22 | @EnableOAuth2Sso 23 | @RestController 24 | public class KeyCloakDemoApplication extends WebSecurityConfigurerAdapter { 25 | 26 | private static final Logger LOGGER = LoggerFactory.getLogger(KeyCloakDemoApplication.class); 27 | 28 | public static void main(String[] args) { 29 | SpringApplication.run(KeyCloakDemoApplication.class, args); 30 | } 31 | 32 | 33 | @RequestMapping(value = "/user") 34 | public Principal user(Principal principal) { 35 | return principal; 36 | } 37 | 38 | /** 39 | * FIXME: make this as authorized 40 | * @param request 41 | * @return 42 | */ 43 | @RequestMapping(value = "/appConfig", method = RequestMethod.GET) 44 | public @ResponseBody AppEnvironment appConfig(HttpServletRequest request) { 45 | 46 | LOGGER.debug("Getting Application Config"); 47 | 48 | AppEnvironment appEnvironment = new AppEnvironment(); 49 | 50 | String kyeCloakUrl = System.getenv("KEYCLOAK_URL"); 51 | kyeCloakUrl =kyeCloakUrl == null ?"http://localhost:8180" : kyeCloakUrl; 52 | 53 | LOGGER.info("Using Key Cloak URL : {}",kyeCloakUrl); 54 | 55 | appEnvironment.setKeyCloakUrl(kyeCloakUrl); 56 | 57 | String redirectUri = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort(); 58 | 59 | appEnvironment.setRedirectUri(redirectUri); 60 | return appEnvironment; 61 | } 62 | 63 | @Override 64 | protected void configure(HttpSecurity http) throws Exception { 65 | http 66 | .antMatcher("/**").authorizeRequests().antMatchers("/","/appConfig", "/login/**", "/webjars/**") 67 | .permitAll().anyRequest() 68 | .authenticated().and().exceptionHandling() 69 | .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() 70 | .logoutSuccessUrl("/").permitAll() 71 | .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/main/local-resources/application.yml: -------------------------------------------------------------------------------- 1 | security: 2 | oauth2: 3 | client: 4 | clientId: @keycloak.client.id@ 5 | clientSecret: @keycloak.client.secret@ 6 | accessTokenUri: http://@keycloak.host@:@keycloak.port@/auth/realms/@keycloak.realm@/protocol/openid-connect/token 7 | userAuthorizationUri: http://@keycloak.host@:@keycloak.port@/auth/realms/@keycloak.realm@/protocol/openid-connect/auth 8 | authenticationScheme: header 9 | clientAuthenticationScheme: header 10 | resource: 11 | userInfoUri: http://@keycloak.host@:@keycloak.port@/auth/realms/@keycloak.realm@/protocol/openid-connect/userinfo 12 | -------------------------------------------------------------------------------- /src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/main/resources/static/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Spring Boot:: Demos:: KeyCloak 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 53 | 54 | 55 | 56 | 57 | l 82 | 83 |
84 |
85 |

Hello!

86 |

Hello !

87 |

This is a simple demo application to show case how to integrate Keycloak 88 | with Spring Boot and OAuth2. This application 89 | is more of porting the existing spring-boot-oauth2 90 | replacing the auth provider as Keycloak instead of Facebook/Github 91 |

92 |

The source code of this demo is available at Github 93 |

94 |
95 |
96 | 97 |
98 |
99 |
100 |

fabric8

101 |

fabric8 is an opinionated and open source Integrated Developer Platform for the Continuous Delivery of 102 | Microservices using Kubernetes and Jenkins 103 |

104 |

View 106 | details »

107 |
108 |
109 |

Spring Security OAuth

110 |

Spring Security OAuth provides support for using Spring Security with OAuth (1a) and OAuth2 using standard 111 | Spring and Spring Security programming models and configuration idioms

112 |

View 114 | details »

115 |
116 |
117 |

Keycloak

118 |

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. 119 | It makes it easy to secure applications and services with little to no code

120 |

View 121 | details »

122 |
123 |
124 |
125 |
126 | 127 | 128 | -------------------------------------------------------------------------------- /src/test/java/io/fabric8/itests/IntegrationTestKT.java: -------------------------------------------------------------------------------- 1 | package io.fabric8.itests; 2 | 3 | import io.fabric8.kubernetes.client.KubernetesClient; 4 | import org.jboss.arquillian.junit.Arquillian; 5 | import org.jboss.arquillian.test.api.ArquillianResource; 6 | import org.junit.Test; 7 | import org.junit.runner.RunWith; 8 | import static io.fabric8.kubernetes.assertions.Assertions.assertThat; 9 | 10 | /** 11 | * Tests that the Kubernetes resources (Services, Replication Controllers and 12 | * Pods) can be provisioned and start up correctly. 13 | * 14 | * This test creates a new Kubernetes Namespace for the duration of the test. 15 | * For more information see: http://fabric8.io/guide/testing.html 16 | */ 17 | @RunWith(Arquillian.class) 18 | public class IntegrationTestKT { 19 | 20 | @ArquillianResource 21 | protected KubernetesClient kubernetes; 22 | 23 | @Test 24 | public void testRunningPodStaysUp() throws Exception { 25 | assertThat(kubernetes).deployments().pods().isPodReadyForPeriod(); 26 | } 27 | } --------------------------------------------------------------------------------