├── .gitignore ├── .travis.yml ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── app-angular2 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app │ │ ├── app.component.css │ │ ├── app.component.html │ │ ├── app.component.js │ │ ├── app.component.js.map │ │ ├── app.component.ts │ │ ├── app.module.js │ │ ├── app.module.js.map │ │ ├── app.module.ts │ │ └── keycloak-service │ │ │ ├── keycloak.d.ts │ │ │ ├── keycloak.http.js │ │ │ ├── keycloak.http.js.map │ │ │ ├── keycloak.http.ts │ │ │ ├── keycloak.js │ │ │ ├── keycloak.service.js │ │ │ ├── keycloak.service.js.map │ │ │ └── keycloak.service.ts │ │ ├── index.html │ │ ├── main.js │ │ ├── main.js.map │ │ ├── main.ts │ │ ├── package.json │ │ ├── styles.css │ │ ├── systemjs-angular-loader.js │ │ ├── systemjs.config.extras.js │ │ ├── systemjs.config.js │ │ ├── tsconfig.json │ │ └── yarn.lock │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianAngular2Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-authz-jee-servlet ├── README.md ├── config │ ├── keycloak-example.json │ └── realm-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── Controller.java │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── accessDenied.jsp │ │ ├── include-logout.jsp │ │ ├── index.jsp │ │ ├── protected │ │ ├── admin │ │ │ └── onlyAdmin.jsp │ │ ├── dynamicMenu.jsp │ │ └── premium │ │ │ └── onlyPremium.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJeeAuthzTest.java │ │ └── page │ │ └── AuthzPage.java │ └── resources │ ├── arquillian.xml │ ├── keycloak.json │ └── quickstart-realm.json ├── app-authz-jee-vanilla ├── README.md ├── config │ ├── client-import.json │ ├── keycloak-example.json │ └── realm-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── Controller.java │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── error.jsp │ │ ├── include-logout.jsp │ │ └── index.jsp │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJeeAuthzVanillaTest.java │ │ └── page │ │ └── AuthzPage.java │ └── resources │ ├── arquillian.xml │ ├── keycloak.json │ └── quickstart-realm.json ├── app-authz-photoz ├── README.md ├── photoz-html5-client │ ├── pom.xml │ └── src │ │ └── main │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.html │ │ ├── js │ │ ├── app.js │ │ └── identity.js │ │ ├── keycloak.json │ │ ├── lib │ │ ├── angular │ │ │ ├── angular-resource.min.js │ │ │ ├── angular-route.min.js │ │ │ └── angular.min.js │ │ └── jwt-decode.min.js │ │ └── partials │ │ ├── admin │ │ └── albums.html │ │ ├── album │ │ ├── create.html │ │ └── detail.html │ │ ├── home.html │ │ └── profile.html ├── photoz-js-policies │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── META-INF │ │ └── keycloak-scripts.json │ │ ├── only-from-specific-client-address.js │ │ ├── only-keycloak-domain-or-admin.js │ │ └── only-owner.js ├── photoz-realm.json ├── photoz-restful-api │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── example │ │ │ └── photoz │ │ │ ├── ErrorResponse.java │ │ │ ├── PhotozApplication.java │ │ │ ├── admin │ │ │ └── AdminAlbumService.java │ │ │ ├── album │ │ │ ├── AlbumService.java │ │ │ ├── ProfileService.java │ │ │ └── SharedAlbum.java │ │ │ ├── entity │ │ │ ├── Album.java │ │ │ └── Photo.java │ │ │ └── util │ │ │ ├── Resources.java │ │ │ ├── Transaction.java │ │ │ └── TransactionInterceptor.java │ │ ├── resources │ │ ├── META-INF │ │ │ ├── beans.xml │ │ │ └── persistence.xml │ │ └── photoz-restful-api-authz-service.json │ │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ └── WEB-INF │ │ └── web.xml ├── photoz-testsuite │ ├── pom.xml │ └── src │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── uma │ │ │ ├── ArquillianAuthzUMATest.java │ │ │ └── page │ │ │ ├── ConsentPage.java │ │ │ └── PhotozPage.java │ │ └── resources │ │ ├── arquillian.xml │ │ └── quickstart-realm.json └── pom.xml ├── app-authz-rest-employee ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-rest-springboot ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-spring-security ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springsecurity │ │ │ └── web │ │ │ ├── ApplicationController.java │ │ │ ├── Identity.java │ │ │ ├── MyApplication.java │ │ │ └── SecurityConfig.java │ └── resources │ │ ├── application.properties │ │ ├── keycloak.json │ │ └── templates │ │ ├── access-denied.ftl │ │ ├── alice.ftl │ │ ├── home.ftl │ │ ├── premium.ftl │ │ └── protected.ftl │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springsecurity │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-springboot ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ ├── security │ │ │ └── Identity.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ ├── application.properties │ │ ├── application.properties.path.entitlements │ │ └── templates │ │ ├── access-denied.ftl │ │ ├── home.ftl │ │ ├── premium.ftl │ │ └── protected.ftl │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-uma-photoz ├── README.md ├── photoz-html5-client │ ├── pom.xml │ └── src │ │ └── main │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.html │ │ ├── js │ │ ├── app.js │ │ └── identity.js │ │ ├── keycloak.json │ │ ├── lib │ │ ├── angular │ │ │ ├── angular-resource.min.js │ │ │ ├── angular-route.min.js │ │ │ └── angular.min.js │ │ └── jwt-decode.min.js │ │ └── partials │ │ ├── admin │ │ └── albums.html │ │ ├── album │ │ ├── create.html │ │ └── detail.html │ │ ├── home.html │ │ └── profile.html ├── photoz-js-policies │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── META-INF │ │ └── keycloak-scripts.json │ │ ├── only-from-specific-client-address.js │ │ ├── only-keycloak-domain-or-admin.js │ │ └── only-owner.js ├── photoz-realm.json ├── photoz-restful-api │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── example │ │ │ └── photoz │ │ │ ├── ErrorResponse.java │ │ │ ├── PhotozApplication.java │ │ │ ├── admin │ │ │ └── AdminAlbumService.java │ │ │ ├── album │ │ │ ├── AlbumService.java │ │ │ ├── ProfileService.java │ │ │ └── SharedAlbum.java │ │ │ ├── entity │ │ │ ├── Album.java │ │ │ └── Photo.java │ │ │ └── util │ │ │ ├── Resources.java │ │ │ ├── Transaction.java │ │ │ └── TransactionInterceptor.java │ │ ├── resources │ │ └── META-INF │ │ │ ├── beans.xml │ │ │ └── persistence.xml │ │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ └── WEB-INF │ │ ├── keycloak.json │ │ └── web.xml ├── photoz-testsuite │ ├── pom.xml │ └── src │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── uma │ │ │ ├── ArquillianAuthzUMATest.java │ │ │ └── page │ │ │ ├── ConsentPage.java │ │ │ └── PhotozPage.java │ │ └── resources │ │ ├── arquillian.xml │ │ └── quickstart-realm.json └── pom.xml ├── app-jee-html5 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app.js │ │ ├── index.html │ │ ├── keycloak.js │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianJeeHtml5Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── protected.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianJeeJspTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-html5 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app.js │ │ ├── index.html │ │ ├── keycloak.js │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeHtml5Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ ├── jboss-deployment-structure.xml │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeJspTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-vanilla ├── README.md ├── config │ └── client-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeVanillaTest.java │ └── resources │ ├── arquillian.xml │ ├── quickstart-realm.json │ └── standalone-test.xml ├── app-profile-saml-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-saml-example.xml ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileSamlJeeJspTest.java │ └── resources │ ├── arquillian.xml │ ├── keycloak-saml.xml │ ├── quickstart-realm.json │ └── standalone-test.xml ├── authz-js-policies ├── pom.xml └── src │ └── main │ └── resources │ ├── META-INF │ └── keycloak-scripts.json │ ├── always-grant.js │ ├── match-user-from-uri.js │ ├── only-owner.js │ └── pushed-claim-from-request.js ├── config └── partial-import.json ├── docs ├── getting-started.md ├── pull_request_template.md └── test-development.md ├── fuse63 ├── README.md ├── app-war │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ProtectedServlet.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ │ └── webapp │ │ ├── WEB-INF │ │ ├── jetty-web.xml │ │ └── web.xml │ │ ├── index.jsp │ │ └── styles.css ├── features │ ├── README.md │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ └── features.xml ├── pom.xml ├── server │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── install-features.cli │ │ ├── install-features.sh │ │ ├── update-config.cli │ │ └── users.properties ├── service-camel │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── camel │ │ │ ├── CamelHelloProcessor.java │ │ │ └── Message.java │ │ └── resources │ │ ├── OSGI-INF │ │ └── blueprint │ │ │ └── blueprint.xml │ │ └── config │ │ └── .gitkeep └── service-cxf-jaxrs │ ├── README.md │ ├── config │ ├── client-import.json │ └── keycloak-example.json │ ├── pom.xml │ └── src │ └── main │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── fuse │ │ └── cxf │ │ └── rs │ │ ├── Message.java │ │ └── Resource.java │ └── resources │ ├── META-INF │ └── spring │ │ └── beans.xml │ └── config │ └── .gitkeep ├── fuse70 ├── README.md ├── app-war │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ProtectedServlet.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ └── styles.css ├── features │ ├── README.md │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ └── features.xml ├── pom.xml ├── server │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── install-features.cli │ │ ├── install-features.sh │ │ ├── update-config.cli │ │ └── users.properties ├── service-camel │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── camel │ │ │ ├── CamelHelloProcessor.java │ │ │ └── Message.java │ │ └── resources │ │ ├── OSGI-INF │ │ └── blueprint │ │ │ └── blueprint.xml │ │ └── config │ │ └── .gitkeep └── service-cxf-jaxrs │ ├── README.md │ ├── config │ ├── client-import.json │ └── keycloak-example.json │ ├── pom.xml │ └── src │ └── main │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── fuse │ │ └── cxf │ │ └── rs │ │ ├── Message.java │ │ └── Resource.java │ └── resources │ ├── OSGI-INF │ └── blueprint │ │ └── blueprint.xml │ └── config │ └── .gitkeep ├── maven-settings.xml ├── pom.xml ├── productize.sh ├── quickstart-realm.json ├── scripts ├── generate_keycloak_json.sh ├── ssorepo.txt ├── start-server.sh ├── stop-server.sh └── version.sh ├── service-jee-jaxrs ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── jaxrs │ │ │ ├── Application.java │ │ │ ├── Message.java │ │ │ └── Resource.java │ └── webapp │ │ └── WEB-INF │ │ └── web.xml │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── jaxrs │ │ └── ArquillianServiceJeeJaxrsTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── service-nodejs ├── README.md ├── app.js ├── client-import.json ├── keycloak.json ├── package-lock.json ├── package.json └── test │ ├── app-test.js │ └── config.js ├── service-springboot-rest ├── README.md ├── config │ └── client-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── ProductServiceApplication.java │ │ │ ├── service │ │ │ └── ProductService.java │ │ │ └── web │ │ │ └── ProductServiceController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── ProductServiceTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── set-version.sh ├── travis-run-tests.sh ├── travis-server.sh ├── user-storage-jpa ├── README.md ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── storage │ │ │ └── user │ │ │ ├── EjbExampleUserStorageProvider.java │ │ │ ├── EjbExampleUserStorageProviderFactory.java │ │ │ ├── UserAdapter.java │ │ │ └── UserEntity.java │ └── resources │ │ └── META-INF │ │ ├── persistence.xml │ │ └── services │ │ └── org.keycloak.storage.UserStorageProviderFactory │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJpaStorageTest.java │ │ └── page │ │ └── ConsolePage.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json └── user-storage-simple ├── README.md ├── pom.xml └── src ├── main ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── readonly │ │ ├── PropertyFileUserStorageProvider.java │ │ └── PropertyFileUserStorageProviderFactory.java │ │ └── writeable │ │ ├── PropertyFileUserStorageProvider.java │ │ └── PropertyFileUserStorageProviderFactory.java └── resources │ ├── META-INF │ └── services │ │ └── org.keycloak.storage.UserStorageProviderFactory │ └── users.properties └── test ├── java └── org │ └── keycloak │ └── quickstart │ ├── ArquillianSimpleStorageTest.java │ ├── page │ └── ConsolePage.java │ └── util │ └── StorageManager.java └── resources ├── arquillian.xml └── quickstart-realm.json /.gitignore: -------------------------------------------------------------------------------- 1 | **/config/keycloak.json 2 | **/config/keycloak-saml.xml 3 | **/WEB-INF/keycloak.json 4 | *.orig 5 | 6 | # Intellij 7 | ################### 8 | .idea 9 | *.iml 10 | 11 | # Eclipse # 12 | ########### 13 | .project 14 | .settings 15 | .classpath 16 | 17 | # NetBeans # 18 | ############ 19 | nbactions.xml 20 | nb-configuration.xml 21 | catalog.xml 22 | nbproject 23 | 24 | # Compiled source # 25 | ################### 26 | *.com 27 | *.class 28 | *.dll 29 | *.exe 30 | *.o 31 | *.so 32 | 33 | # Packages # 34 | ############ 35 | # it's better to unpack these files and commit the raw source 36 | # git has its own built in compression methods 37 | *.7z 38 | *.dmg 39 | *.gz 40 | *.iso 41 | *.jar 42 | *.rar 43 | *.tar 44 | *.zip 45 | 46 | # Logs and databases # 47 | ###################### 48 | *.log 49 | 50 | # Maven # 51 | ######### 52 | target 53 | 54 | 55 | # Node.js # 56 | ########### 57 | node_modules 58 | /app-angular2/src/main/webapp/node -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: java 2 | dist: trusty 3 | addons: 4 | apt: 5 | packages: 6 | - lynx 7 | 8 | jdk: 9 | - oraclejdk8 10 | 11 | env: 12 | global: 13 | - MAVEN_SKIP_RC=true 14 | - MAVEN_OPTS="-Xms512m -Xmx2048m" 15 | matrix: 16 | - TESTS=group1 17 | - TESTS=group2 18 | - TESTS=group3 19 | - TESTS=group4 20 | - TESTS=group5 21 | - TESTS=group6 22 | - TESTS=group7 23 | 24 | before_install: 25 | - ./travis-server.sh 26 | - ./scripts/generate_keycloak_json.sh 27 | 28 | install: 29 | - travis_wait 20 mvn -s maven-settings.xml clean install --no-snapshot-updates -B -V -q 30 | - mvn -s maven-settings.xml -Padd-datasource install -Djboss.server.port=10090 -f user-storage-jpa -q 31 | 32 | before_script: 33 | - export MAVEN_SKIP_RC=true 34 | 35 | script: 36 | - ./travis-run-tests.sh $TESTS 37 | 38 | after_install: 39 | - ./scripts/stop-server.sh 40 | - kill -9 `cat pid.txt` 41 | 42 | after_failure: 43 | - if [ -f ${HOME}/keycloak.log ]; then lynx -dump ${HOME}/keycloak.log; fi 44 | 45 | sudo: false 46 | -------------------------------------------------------------------------------- /app-angular2/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-angular2", 3 | "rootUrl": "http://localhost:8080/app-angular2", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-angular2/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": true 12 | } 13 | -------------------------------------------------------------------------------- /app-angular2/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-angular2", 6 | "public-client": true 7 | } -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/app-angular2/src/main/webapp/app/app.component.css -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.html: -------------------------------------------------------------------------------- 1 | 17 |
18 | 23 | 24 |
25 | 26 | 27 | 28 | 29 |
{{message}}
30 |
31 |
-------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"app.component.js","sourceRoot":"","sources":["app.component.ts"],"names":[],"mappings":";;;;;;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,sCAA0C;AAC1C,sCAAsE;AAEtE,wEAAoE;AAEpE,mCAAiC;AACjC,iCAA+B;AAO/B,IAAa,YAAY;IAOvB,sBAAoB,IAAU,EAAU,EAAmB;QAAvC,SAAI,GAAJ,IAAI,CAAM;QAAU,OAAE,GAAF,EAAE,CAAiB;QALnD,eAAU,GAAW,gCAAgC,CAAC;QAGvD,eAAU,GAAW,EAAE,CAAC;IAG/B,CAAC;IAED,oCAAa,GAAb;QACE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC;IACjC,CAAC;IAED,4BAAK,GAAL;QACE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAED,6BAAM,GAAN;QACE,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACnB,CAAC;IAED,8BAAO,GAAP;QACE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;IACpB,CAAC;IAED,8BAAO,GAAP,UAAQ,QAAgB;QAAxB,iBAIC;QAHC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;aACpC,SAAS,CAAC,UAAC,GAAa,IAAK,OAAA,KAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAI,CAAC,EAA9B,CAA8B,EACjD,UAAC,KAAe,IAAK,OAAA,KAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,KAAI,CAAC,EAApC,CAAoC,CAAC,CAAC;IAC5E,CAAC;IAEO,qCAAc,GAAtB,UAAuB,GAAa,EAAE,IAAkB;QACtD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,WAAW,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC;IAClD,CAAC;IAEO,yCAAkB,GAA1B,UAA2B,KAAe,EAAE,IAAkB;QAC5D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;QAC1B,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC;QAClC,CAAC;QAAC,IAAI,CAAC,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC;QACvD,CAAC;IACH,CAAC;IACH,mBAAC;AAAD,CAAC,AA7CD,IA6CC;AA7CY,YAAY;IALxB,gBAAS,CAAC;QACT,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sBAAsB;QACnC,SAAS,EAAE,CAAC,qBAAqB,CAAC;KACnC,CAAC;qCAQ0B,WAAI,EAAc,kCAAe;GAPhD,YAAY,CA6CxB;AA7CY,oCAAY"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.module.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"app.module.js","sourceRoot":"","sources":["app.module.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,8DAA0D;AAC1D,sCAAyC;AACzC,sCAA2C;AAE3C,wEAAsE;AACtE,kEAAuF;AAEvF,iDAA+C;AAe/C,IAAa,SAAS;IAAtB;IAAyB,CAAC;IAAD,gBAAC;AAAD,CAAC,AAA1B,IAA0B;AAAb,SAAS;IAZrB,eAAQ,CAAC;QACR,YAAY,EAAE,CAAE,4BAAY,CAAE;QAC9B,OAAO,EAAE;YACP,gCAAa;YACb,iBAAU;SACX;QACD,SAAS,EAAE;YACT,kCAAe;YACf,sCAAsB;SACvB;QACD,SAAS,EAAE,CAAC,4BAAY,CAAC;KAC1B,CAAC;GACW,SAAS,CAAI;AAAb,8BAAS"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.module.ts: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | import { BrowserModule } from '@angular/platform-browser'; 18 | import { NgModule } from '@angular/core'; 19 | import { HttpModule } from '@angular/http'; 20 | 21 | import { KeycloakService } from './keycloak-service/keycloak.service'; 22 | import { KeycloakHttp,KEYCLOAK_HTTP_PROVIDER } from './keycloak-service/keycloak.http'; 23 | 24 | import { AppComponent } from './app.component'; 25 | 26 | 27 | @NgModule({ 28 | declarations: [ AppComponent ], 29 | imports: [ 30 | BrowserModule, 31 | HttpModule 32 | ], 33 | providers: [ 34 | KeycloakService, 35 | KEYCLOAK_HTTP_PROVIDER 36 | ], 37 | bootstrap: [AppComponent] 38 | }) 39 | export class AppModule { } 40 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/keycloak-service/keycloak.http.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"keycloak.http.js","sourceRoot":"","sources":["keycloak.http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;;;;;AAEH,sCAAyC;AACzC,sCAAkI;AAElI,uDAAmD;AACnD,8BAAmC;AAEnC;;GAEG;AAEH,IAAa,YAAY;IAAS,gCAAI;IACpC,sBAAY,QAA2B,EAAE,eAA+B,EAAU,gBAAiC;QAAnH,YACE,kBAAM,QAAQ,EAAE,eAAe,CAAC,SACjC;QAFiF,sBAAgB,GAAhB,gBAAgB,CAAiB;;IAEnH,CAAC;IAED,8BAAO,GAAP,UAAQ,GAAqB,EAAE,OAA4B;QAA3D,iBAiBC;QAhBC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC;YAAC,MAAM,CAAC,iBAAM,OAAO,YAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE/E,IAAM,YAAY,GAAoB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACvE,IAAM,eAAe,GAAuB,eAAU,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAEjF,EAAE,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,UAAA,KAAK;gBAC9B,IAAM,WAAW,GAAG,IAAI,qBAAc,CAAC,EAAC,OAAO,EAAE,IAAI,cAAO,CAAC,EAAC,eAAe,EAAE,SAAS,GAAG,KAAK,EAAC,CAAC,EAAC,CAAC,CAAC;gBACrG,MAAM,CAAC,IAAI,qBAAc,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC,SAAS,CAAC,UAAA,IAAI,IAAI,OAAA,iBAAM,OAAO,aAAC,GAAG,EAAE,IAAI,CAAC,EAAxB,CAAwB,CAAC,CAAC;QACjD,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,YAAY,cAAO,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,UAAA,KAAK;gBAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,KAAK,CAAC,CAAC;gBACpD,MAAM,CAAC,GAAG,CAAC;YACb,CAAC,CAAC,CAAC,SAAS,CAAC,UAAA,OAAO,IAAI,OAAA,iBAAM,OAAO,aAAC,OAAO,CAAC,EAAtB,CAAsB,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IACH,mBAAC;AAAD,CAAC,AAvBD,CAAkC,WAAI,GAuBrC;AAvBY,YAAY;IADxB,iBAAU,EAAE;qCAEW,wBAAiB,EAAmB,qBAAc,EAA4B,kCAAe;GADxG,YAAY,CAuBxB;AAvBY,oCAAY;AAyBzB,6BAAoC,OAAmB,EAAE,cAA8B,EAAE,eAAgC;IACvH,MAAM,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;AACpE,CAAC;AAFD,kDAEC;AAEY,QAAA,sBAAsB,GAAG;IACpC,OAAO,EAAE,WAAI;IACb,UAAU,EAAE,mBAAmB;IAC/B,IAAI,EAAE,CAAC,iBAAU,EAAE,qBAAc,EAAE,kCAAe,CAAC;CACpD,CAAC"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/keycloak-service/keycloak.service.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"keycloak.service.js","sourceRoot":"","sources":["keycloak.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;AAEH,qCAAqC;AAErC,sCAAyC;AAEzC,IAAI,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,2BAA2B;AAIjE,IAAa,eAAe;IAA5B;IA+CA,CAAC;IA5CU,oBAAI,GAAX,UAAY,OAAa;QACrB,MAAM,CAAC,IAAI,OAAO,CAAC,UAAC,OAAO,EAAE,MAAM;YAC/B,iBAAe,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;iBACrC,OAAO,CAAC;gBACL,OAAO,EAAE,CAAC;YACd,CAAC,CAAC;iBACD,KAAK,CAAC,UAAC,SAAc;gBAClB,MAAM,CAAC,SAAS,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;QACX,CAAC,CAAC,CAAC;IACP,CAAC;IAED,uCAAa,GAAb;QACI,MAAM,CAAC,iBAAe,CAAC,YAAY,CAAC,aAAa,CAAC;IACtD,CAAC;IAED,+BAAK,GAAL;QACI,iBAAe,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,gCAAM,GAAN;QACI,iBAAe,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;IAC1C,CAAC;IAED,iCAAO,GAAP;QACI,iBAAe,CAAC,YAAY,CAAC,iBAAiB,EAAE,CAAC;IACrD,CAAC;IAED,kCAAQ,GAAR;QACI,MAAM,CAAC,IAAI,OAAO,CAAS,UAAC,OAAO,EAAE,MAAM;YACvC,EAAE,CAAC,CAAC,iBAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrC,iBAAe,CAAC,YAAY;qBACvB,WAAW,CAAC,CAAC,CAAC;qBACd,OAAO,CAAC;oBACL,OAAO,CAAS,iBAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;gBACxD,CAAC,CAAC;qBACD,KAAK,CAAC;oBACH,MAAM,CAAC,yBAAyB,CAAC,CAAC;gBACtC,CAAC,CAAC,CAAC;YACX,CAAC;YAAC,IAAI,CAAC,CAAC;gBACJ,MAAM,CAAC,eAAe,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IACL,sBAAC;AAAD,CAAC,AA/CD,IA+CC;AA9CU,4BAAY,GAAmB,QAAQ,EAAE,CAAC;AADxC,eAAe;IAD3B,iBAAU,EAAE;GACA,eAAe,CA+C3B;AA/CY,0CAAe"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | 20 | Keycloak Example App 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 43 | Loading app... 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | /* 3 | * JBoss, Home of Professional Open Source 4 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 5 | * contributors by the @authors tag. See the copyright.txt in the 6 | * distribution for a full listing of individual contributors. 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); 9 | * you may not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | */ 18 | var core_1 = require("@angular/core"); 19 | var platform_browser_dynamic_1 = require("@angular/platform-browser-dynamic"); 20 | var app_module_1 = require("./app/app.module"); 21 | var keycloak_service_1 = require("./app/keycloak-service/keycloak.service"); 22 | core_1.enableProdMode(); 23 | keycloak_service_1.KeycloakService.init({ onLoad: 'check-sso', checkLoginIframeInterval: 1 }) 24 | .then(function () { 25 | platform_browser_dynamic_1.platformBrowserDynamic().bootstrapModule(app_module_1.AppModule); 26 | }) 27 | .catch(function (e) { 28 | console.log('Error in ng2 bootstrap: ' + e); 29 | }); 30 | //# sourceMappingURL=main.js.map -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"main.js","sourceRoot":"","sources":["main.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;AACH,sCAA+C;AAC/C,8EAA2E;AAG3E,+CAA6C;AAE7C,4EAA0E;AAE1E,qBAAc,EAAE,CAAC;AAEjB,kCAAe,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC,EAAE,CAAC;KACrE,IAAI,CAAC;IACF,iDAAsB,EAAE,CAAC,eAAe,CAAC,sBAAS,CAAC,CAAC;AACxD,CAAC,CAAC;KACD,KAAK,CAAC,UAAC,CAAS;IACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,GAAG,CAAC,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.ts: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | import { enableProdMode } from '@angular/core'; 18 | import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'; 19 | import { platformBrowser } from '@angular/platform-browser'; 20 | 21 | import { AppModule } from './app/app.module'; 22 | 23 | import { KeycloakService } from './app/keycloak-service/keycloak.service'; 24 | 25 | enableProdMode(); 26 | 27 | KeycloakService.init({ onLoad: 'check-sso', checkLoginIframeInterval: 1 }) 28 | .then(() => { 29 | platformBrowserDynamic().bootstrapModule(AppModule); 30 | }) 31 | .catch((e: string) => { 32 | console.log('Error in ng2 bootstrap: ' + e); 33 | }); 34 | 35 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "app-angular2", 3 | "version": "1.0.0", 4 | "description": "Keycloak Quickstart written in Angular 2", 5 | "scripts": { 6 | "build": "tsc -p ./", 7 | "build:watch": "tsc -p ./ -w" 8 | }, 9 | "keywords": [], 10 | "author": "Stan Silvert", 11 | "license": "Apache 2.0", 12 | "dependencies": { 13 | "@angular/common": "~4.0.0", 14 | "@angular/compiler": "~4.0.0", 15 | "@angular/core": "~4.0.0", 16 | "@angular/forms": "~4.0.0", 17 | "@angular/http": "~4.0.0", 18 | "@angular/platform-browser": "~4.0.0", 19 | "@angular/platform-browser-dynamic": "~4.0.0", 20 | "@angular/router": "~4.0.0", 21 | "angular-in-memory-web-api": "~0.3.0", 22 | "core-js": "^2.4.1", 23 | "rxjs": "5.0.1", 24 | "systemjs": "0.19.40", 25 | "zone.js": "^0.8.4" 26 | }, 27 | "devDependencies": { 28 | "concurrently": "^3.2.0", 29 | "typescript": "~2.1.0", 30 | "canonical-path": "0.0.2", 31 | "lodash": "^4.16.4", 32 | "rimraf": "^2.5.4", 33 | "@types/node": "^6.0.46" 34 | }, 35 | "repository": { 36 | "type": "git", 37 | "url" : "git://github.com/keycloak/keycloak-quickstarts.git" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs-angular-loader.js: -------------------------------------------------------------------------------- 1 | var templateUrlRegex = /templateUrl\s*:(\s*['"`](.*?)['"`]\s*)/gm; 2 | var stylesRegex = /styleUrls *:(\s*\[[^\]]*?\])/g; 3 | var stringRegex = /(['`"])((?:[^\\]\\\1|.)*?)\1/g; 4 | 5 | module.exports.translate = function(load){ 6 | var url = document.createElement('a'); 7 | url.href = load.address; 8 | 9 | var basePathParts = url.pathname.split('/'); 10 | 11 | basePathParts.pop(); 12 | var basePath = basePathParts.join('/'); 13 | 14 | var baseHref = document.createElement('a'); 15 | baseHref.href = this.baseURL; 16 | baseHref = baseHref.pathname; 17 | 18 | basePath = basePath.replace(baseHref, ''); 19 | 20 | load.source = load.source 21 | .replace(templateUrlRegex, function(match, quote, url){ 22 | var resolvedUrl = url; 23 | 24 | if (url.startsWith('.')) { 25 | resolvedUrl = basePath + url.substr(1); 26 | } 27 | 28 | return 'templateUrl: "' + resolvedUrl + '"'; 29 | }) 30 | .replace(stylesRegex, function(match, relativeUrls) { 31 | var urls = []; 32 | 33 | while ((match = stringRegex.exec(relativeUrls)) !== null) { 34 | if (match[2].startsWith('.')) { 35 | urls.push('"' + basePath + match[2].substr(1) + '"'); 36 | } else { 37 | urls.push('"' + match[2] + '"'); 38 | } 39 | } 40 | 41 | return "styleUrls: [" + urls.join(', ') + "]"; 42 | }); 43 | 44 | return load; 45 | }; 46 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs.config.extras.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Add barrels and stuff 3 | * Adjust as necessary for your application needs. 4 | */ 5 | // (function (global) { 6 | // System.config({ 7 | // packages: { 8 | // // add packages here 9 | // } 10 | // }); 11 | // })(this); 12 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs.config.js: -------------------------------------------------------------------------------- 1 | /** 2 | * System configuration for Angular samples 3 | * Adjust as necessary for your application needs. 4 | */ 5 | (function (global) { 6 | System.config({ 7 | paths: { 8 | // paths serve as alias 9 | 'npm:': 'node_modules/' 10 | }, 11 | // map tells the System loader where to look for things 12 | map: { 13 | // our app is within the app folder 14 | 'app': 'app', 15 | 16 | // angular bundles 17 | '@angular/core': 'npm:@angular/core/bundles/core.umd.js', 18 | '@angular/common': 'npm:@angular/common/bundles/common.umd.js', 19 | '@angular/compiler': 'npm:@angular/compiler/bundles/compiler.umd.js', 20 | '@angular/platform-browser': 'npm:@angular/platform-browser/bundles/platform-browser.umd.js', 21 | '@angular/platform-browser-dynamic': 'npm:@angular/platform-browser-dynamic/bundles/platform-browser-dynamic.umd.js', 22 | '@angular/http': 'npm:@angular/http/bundles/http.umd.js', 23 | '@angular/router': 'npm:@angular/router/bundles/router.umd.js', 24 | '@angular/forms': 'npm:@angular/forms/bundles/forms.umd.js', 25 | 26 | // other libraries 27 | 'rxjs': 'npm:rxjs', 28 | 'angular-in-memory-web-api': 'npm:angular-in-memory-web-api/bundles/in-memory-web-api.umd.js' 29 | }, 30 | // packages tells the System loader how to load when no filename and/or no extension 31 | packages: { 32 | app: { 33 | defaultExtension: 'js', 34 | meta: { 35 | './*.js': { 36 | loader: 'systemjs-angular-loader.js' 37 | } 38 | } 39 | }, 40 | rxjs: { 41 | defaultExtension: 'js' 42 | } 43 | } 44 | }); 45 | })(this); 46 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "es5", 4 | "module": "commonjs", 5 | "moduleResolution": "node", 6 | "sourceMap": true, 7 | "emitDecoratorMetadata": true, 8 | "experimentalDecorators": true, 9 | "lib": [ "es2015", "dom" ], 10 | "noImplicitAny": true, 11 | "suppressImplicitAnyIndexErrors": true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "authz-servlet", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "path-cache": { 11 | "lifespan": 0, 12 | "max-entries": 0 13 | }, 14 | "on-deny-redirect-to" : "/authz-servlet/accessDenied.jsp" 15 | } 16 | } -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | authz-servlet 8 | 9 | 10 | 11 | All Resources 12 | /* 13 | 14 | 15 | user 16 | admin 17 | user_premium 18 | 19 | 20 | 21 | 22 | KEYCLOAK 23 | quickstart-authz-servlet 24 | 25 | 26 | 27 | admin 28 | 29 | 30 | 31 | user 32 | 33 | 34 | 35 | user_premium 36 | 37 | 38 | 39 | 403 40 | /accessDenied.jsp 41 | 42 | 43 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/accessDenied.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

You can not access this resource.

6 | <%@include file="include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/include-logout.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% controller.handleLogout(request, response); %> 3 | 4 | 5 | 6 | 9 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="org.keycloak.AuthorizationContext" %> 2 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 3 | <%@ page import="org.keycloak.representations.idm.authorization.Permission" %> 4 | 5 | <% 6 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 7 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 8 | %> 9 | 10 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 11 | 12 | 13 | 14 | <%@include file="include-logout.jsp"%> 15 |

This is a public resource. Try to access one of these protected resources:

16 | 17 |

Dynamic Menu

18 |

User Premium

19 |

Administration

20 | 21 |

Your permissions are:

22 | 23 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/admin/onlyAdmin.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

Only Administrators can access this page.

6 | <%@include file="../../include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/dynamicMenu.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="org.keycloak.AuthorizationContext" %> 2 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 3 | 4 | <% 5 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 6 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 7 | %> 8 | 9 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 10 | 11 | 12 | 13 |

Any authenticated user can access this page.

14 | <%@include file="../include-logout.jsp"%> 15 | 16 |

Here is a dynamic menu built from the permissions returned by the server:

17 | 18 | 49 | 50 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/premium/onlyPremium.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

Only for premium users.

6 | <%@include file="../../include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/java/org/keycloak/quickstart/page/AuthzPage.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.page; 2 | 3 | import org.openqa.selenium.WebElement; 4 | import org.openqa.selenium.support.FindBy; 5 | 6 | /** 7 | * @author Bruno Oliveira 8 | */ 9 | public class AuthzPage { 10 | 11 | @FindBy(name = "logoutBtn") 12 | private WebElement logoutButton; 13 | 14 | @FindBy(linkText = "Administration") 15 | private WebElement adminLink; 16 | 17 | @FindBy(linkText = "User Premium") 18 | private WebElement premiumLink; 19 | 20 | @FindBy(linkText = "Dynamic Menu") 21 | private WebElement dynamicMenuLink; 22 | 23 | @FindBy(tagName = "h2") 24 | private WebElement message; 25 | 26 | public void clickAdminLink() { 27 | adminLink.click(); 28 | } 29 | 30 | public void clickPremiumLink() { 31 | premiumLink.click(); 32 | } 33 | 34 | public void clickDynamicMenuLink() { 35 | dynamicMenuLink.click(); 36 | } 37 | 38 | public void clickLogout() { 39 | logoutButton.click(); 40 | } 41 | 42 | public String getMessage() { 43 | return message.getText(); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/resources/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart-authz-servlet", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "authz-servlet", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "on-deny-redirect-to" : "/authz-servlet/accessDenied.jsp" 11 | } 12 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-authz-vanilla", 3 | "rootUrl": "http://localhost:8080/app-authz-vanilla", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-authz-vanilla/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": false, 12 | "secret": "secret", 13 | "serviceAccountsEnabled": true, 14 | "authorizationServicesEnabled": true 15 | } 16 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-authz-vanilla", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "confidential-port": 0, 10 | "policy-enforcer": { 11 | "on-deny-redirect-to" : "/app-authz-vanilla/error.jsp" 12 | } 13 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 20 | 24 | 25 | app-authz-vanilla 26 | 27 | 28 | 29 | All Resources 30 | /* 31 | 32 | 33 | * 34 | 35 | 36 | 37 | 38 | KEYCLOAK 39 | quickstart-authz-vanilla 40 | 41 | 42 | 43 | * 44 | 45 | 46 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/error.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | ~ and other contributors as indicated by the @author tags. 4 | ~ 5 | ~ Licensed under the Apache License, Version 2.0 (the "License"); 6 | ~ you may not use this file except in compliance with the License. 7 | ~ You may obtain a copy of the License at 8 | ~ 9 | ~ http://www.apache.org/licenses/LICENSE-2.0 10 | ~ 11 | ~ Unless required by applicable law or agreed to in writing, software 12 | ~ distributed under the License is distributed on an "AS IS" BASIS, 13 | ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | ~ See the License for the specific language governing permissions and 15 | ~ limitations under the License. 16 | ~ 17 | --%> 18 | 19 | <%@ page import="org.keycloak.common.util.KeycloakUriBuilder" %> 20 | <%@ page import="org.keycloak.constants.ServiceUrlConstants" %> 21 | 22 | 23 | 24 | <%@include file="include-logout.jsp" %> 25 |

Access Denied !

26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/include-logout.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% controller.handleLogout(request, response); %> 3 | 4 | 5 | 6 | 9 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | ~ and other contributors as indicated by the @author tags. 4 | ~ 5 | ~ Licensed under the Apache License, Version 2.0 (the "License"); 6 | ~ you may not use this file except in compliance with the License. 7 | ~ You may obtain a copy of the License at 8 | ~ 9 | ~ http://www.apache.org/licenses/LICENSE-2.0 10 | ~ 11 | ~ Unless required by applicable law or agreed to in writing, software 12 | ~ distributed under the License is distributed on an "AS IS" BASIS, 13 | ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | ~ See the License for the specific language governing permissions and 15 | ~ limitations under the License. 16 | ~ 17 | --%> 18 | <%@page import="org.keycloak.AuthorizationContext" %> 19 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 20 | <%@ page import="org.keycloak.common.util.KeycloakUriBuilder" %> 21 | <%@ page import="org.keycloak.constants.ServiceUrlConstants" %> 22 | <%@ page import="org.keycloak.representations.idm.authorization.Permission" %> 23 | 24 | <% 25 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 26 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 27 | %> 28 | 29 | 30 |

Welcome!

31 | <%@include file="include-logout.jsp"%> 32 |

Your permissions are:

33 | 34 |
    35 | <% 36 | for (Permission permission : authzContext.getPermissions()) { 37 | %> 38 |
  • 39 |

    Resource: <%= permission.getResourceName() %>

    40 |

    ID: <%= permission.getResourceId() %>

    41 |
  • 42 | <% 43 | } 44 | %> 45 |
46 | 47 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/java/org/keycloak/quickstart/page/AuthzPage.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.page; 2 | 3 | import org.openqa.selenium.WebElement; 4 | import org.openqa.selenium.support.FindBy; 5 | 6 | /** 7 | * @author Bruno Oliveira 8 | */ 9 | public class AuthzPage { 10 | 11 | @FindBy(name = "logoutBtn") 12 | private WebElement logoutButton; 13 | 14 | @FindBy(tagName = "h3") 15 | private WebElement message; 16 | 17 | public void clickLogout() { 18 | logoutButton.click(); 19 | } 20 | 21 | public String getMessage() { 22 | return message.getText(); 23 | } 24 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/resources/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart-authz-vanilla", 3 | "auth-server-url": "http://127.0.0.1:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-authz-vanilla", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "on-deny-redirect-to" : "/authz-vanilla/error.jsp" 11 | } 12 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | photoz-html5-client 8 | 9 | 10 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Photoz HTML5 Client 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Show Access Token | My Account | Sign Out 23 | 24 |
25 |
26 |
27 | 28 |

29 | 
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/keycloak.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "photoz",
3 |   "auth-server-url" : "http://localhost:8180/auth",
4 |   "ssl-required" : "external",
5 |   "resource" : "photoz-html5-client",
6 |   "public-client" : true
7 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/lib/jwt-decode.min.js:
--------------------------------------------------------------------------------
1 | !function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);throw new Error("Cannot find module '"+g+"'")}var j=c[g]={exports:{}};b[g][0].call(j.exports,function(a){var c=b[g][1][a];return e(c?c:a)},j,j.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g>8-f%1*8)){if(e=a.charCodeAt(f+=.75),e>255)throw d;c=c<<8|e}return h}),a.atob||(a.atob=function(a){if(a=a.replace(/=+$/,""),a.length%4==1)throw d;for(var c,e,f=0,g=0,h="";e=a.charAt(g++);~e&&(c=f%4?64*c+e:e,f++%4)?h+=String.fromCharCode(255&c>>(-2*f&6)):0)e=b.indexOf(e);return h})}()},{}],5:[function(a){var b="undefined"!=typeof self?self:"undefined"!=typeof window?window:{},c=a("./lib/index");"function"==typeof b.window.define&&b.window.define.amd?b.window.define("jwt_decode",function(){return c}):b.window&&(b.window.jwt_decode=c)},{"./lib/index":2}]},{},[5]);


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/admin/albums.html:
--------------------------------------------------------------------------------
 1 | 

All Albums

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 17 | 18 | 19 |
{{key}}
11 | 16 |
20 |

21 | Back to main page 22 |

-------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/partials/album/create.html: -------------------------------------------------------------------------------- 1 |

Create an Album

2 | 3 |
4 | Name: 5 | 6 | 7 |
8 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/partials/album/detail.html: -------------------------------------------------------------------------------- 1 |

{{album.name}}

2 | 3 | 4 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/partials/home.html: -------------------------------------------------------------------------------- 1 |

Welcome To Photoz, {{Identity.claims.name}}

2 |
Administration: [All Albums]
3 |
4 |
5 |
6 | Create Album | My Profile 7 |
8 |

Your Albums

9 | You don't have any albums, yet. 10 | 11 | 12 | 13 | 14 |
{{p.name}} - [X]
15 |

Shared With Me

16 | You don't have any shares, yet. 17 | 18 | 19 | 20 | 21 |
{{p.album.name}} - [X]
22 |
-------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/partials/profile.html: -------------------------------------------------------------------------------- 1 |

My Profile

2 | 3 |
4 |

Name: {{profile.userName}}

5 |

Total of albums: {{profile.totalAlbums}}

6 |
7 |

8 | Back to main page 9 |

10 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-js-policies/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 20 | 4.0.0 21 | 22 | org.keycloak.quickstarts 23 | app-authz-photoz-parent 24 | 7.4.0.GA 25 | ../pom.xml 26 | 27 | 28 | photoz-js-policies 29 | jar 30 | Red Hat SSO Quickstarts: Photoz JS Policies 31 | JS Policies 32 | 33 | 34 | ${project.artifactId} 35 | 36 | 37 | src/main/resources 38 | true 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-js-policies/src/main/resources/META-INF/keycloak-scripts.json: -------------------------------------------------------------------------------- 1 | { 2 | "policies": [ 3 | { 4 | "name": "Only From @keycloak.org or Admin", 5 | "fileName": "only-keycloak-domain-or-admin.js", 6 | "description": "Defines that only users from @keycloak.org or Admins can do something" 7 | }, 8 | { 9 | "name": "Only Owner Policy", 10 | "fileName": "only-owner.js", 11 | "description": "Defines that only the resource owner is allowed to do something" 12 | }, 13 | { 14 | "name": "Only From a Specific Client Address", 15 | "fileName": "only-from-specific-client-address.js", 16 | "description": "Defines that only clients from a specific address can do something" 17 | } 18 | ] 19 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-js-policies/src/main/resources/only-from-specific-client-address.js: -------------------------------------------------------------------------------- 1 | var contextAttributes = $evaluation.getContext().getAttributes(); 2 | 3 | if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')) { 4 | $evaluation.grant(); 5 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-js-policies/src/main/resources/only-keycloak-domain-or-admin.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.getContext(); 2 | var identity = context.getIdentity(); 3 | var attributes = identity.getAttributes(); 4 | var email = attributes.getValue('email').asString(0); 5 | 6 | if (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) { 7 | $evaluation.grant(); 8 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-js-policies/src/main/resources/only-owner.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.context; 2 | var identity = context.identity; 3 | var permission = $evaluation.permission; 4 | var resource = permission.resource; 5 | 6 | if (resource.owner == identity.id) { 7 | $evaluation.grant(); 8 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/ErrorResponse.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.example.photoz; 2 | 3 | import javax.ws.rs.WebApplicationException; 4 | import javax.ws.rs.core.Response; 5 | import java.util.HashMap; 6 | import java.util.Map; 7 | 8 | /** 9 | * @author Pedro Igor 10 | */ 11 | public class ErrorResponse extends WebApplicationException { 12 | 13 | private final Response.Status status; 14 | 15 | public ErrorResponse(String message) { 16 | this(message, Response.Status.INTERNAL_SERVER_ERROR); 17 | } 18 | 19 | public ErrorResponse(String message, Response.Status status) { 20 | super(message, status); 21 | this.status = status; 22 | } 23 | 24 | @Override 25 | public Response getResponse() { 26 | Map errorResponse = new HashMap(); 27 | 28 | errorResponse.put("message", getMessage()); 29 | 30 | return Response.status(status).entity(errorResponse).build(); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/PhotozApplication.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.example.photoz; 2 | 3 | import javax.ws.rs.ApplicationPath; 4 | import javax.ws.rs.core.Application; 5 | 6 | /** 7 | * Basic auth app. 8 | */ 9 | @ApplicationPath("/") 10 | public class PhotozApplication extends Application { 11 | 12 | } 13 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/SharedAlbum.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.album; 18 | 19 | import java.util.ArrayList; 20 | import java.util.List; 21 | 22 | import org.keycloak.example.photoz.entity.Album; 23 | 24 | public class SharedAlbum { 25 | 26 | private Album album; 27 | private List scopes; 28 | 29 | public SharedAlbum(Album album) { 30 | this.album = album; 31 | } 32 | 33 | public Album getAlbum() { 34 | return album; 35 | } 36 | 37 | public List getScopes() { 38 | return scopes; 39 | } 40 | 41 | public void addScope(String scope) { 42 | if (scopes == null) { 43 | scopes = new ArrayList(); 44 | } 45 | scopes.add(scope); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Resources.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.util; 18 | 19 | import javax.annotation.PostConstruct; 20 | import javax.annotation.PreDestroy; 21 | import javax.enterprise.context.ApplicationScoped; 22 | import javax.enterprise.context.RequestScoped; 23 | import javax.enterprise.inject.Produces; 24 | import javax.persistence.EntityManager; 25 | import javax.persistence.EntityManagerFactory; 26 | import javax.persistence.Persistence; 27 | 28 | /** 29 | * @author Pedro Igor 30 | */ 31 | @ApplicationScoped 32 | public class Resources { 33 | 34 | private EntityManagerFactory entityManagerFactory; 35 | 36 | @PostConstruct 37 | public void init() { 38 | entityManagerFactory = Persistence.createEntityManagerFactory("primary"); 39 | } 40 | 41 | @PreDestroy 42 | public void dispose() { 43 | entityManagerFactory.close(); 44 | } 45 | 46 | @RequestScoped 47 | @Produces 48 | public EntityManager createEntityManager() { 49 | return entityManagerFactory.createEntityManager(); 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Transaction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.util; 18 | 19 | import javax.interceptor.InterceptorBinding; 20 | import java.lang.annotation.Retention; 21 | import java.lang.annotation.Target; 22 | 23 | import static java.lang.annotation.ElementType.TYPE; 24 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 25 | 26 | /** 27 | * @author Pedro Igor 28 | */ 29 | @InterceptorBinding 30 | @Target({ TYPE }) 31 | @Retention(RUNTIME) 32 | public @interface Transaction { 33 | } 34 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/resources/META-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | org.keycloak.example.photoz.util.TransactionInterceptor 8 | 9 | 10 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | org.keycloak.example.photoz.entity.Album 10 | org.keycloak.example.photoz.entity.Photo 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | photoz-restful-api 8 | 9 | 10 | 11 | All Resources 12 | /* 13 | 14 | 15 | user 16 | 17 | 18 | 19 | 20 | 21 | All Resources 22 | /* 23 | 24 | 25 | admin 26 | 27 | 28 | 29 | 30 | KEYCLOAK 31 | photoz 32 | 33 | 34 | 35 | admin 36 | 37 | 38 | 39 | user 40 | 41 | 42 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-testsuite/src/test/java/org/keycloak/quickstart/uma/page/ConsentPage.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | package org.keycloak.quickstart.uma.page; 19 | 20 | import org.jboss.arquillian.test.api.ArquillianResource; 21 | import org.openqa.selenium.WebDriver; 22 | import org.openqa.selenium.WebElement; 23 | import org.openqa.selenium.support.FindBy; 24 | 25 | /** 26 | * A {@code {@link org.jboss.arquillian.graphene.page.Page}} representing the consent page. 27 | * 28 | * @author Stefan Guilhen 29 | */ 30 | public class ConsentPage { 31 | 32 | @ArquillianResource 33 | protected WebDriver driver; 34 | 35 | @FindBy(id = "kc-login") 36 | private WebElement submitButton; 37 | 38 | @FindBy(id = "kc-cancel") 39 | private WebElement cancelButton; 40 | 41 | public void confirm() { 42 | submitButton.click(); 43 | } 44 | 45 | public void cancel() { 46 | cancelButton.click(); 47 | } 48 | 49 | public boolean isCurrent() { 50 | return driver.getTitle().equalsIgnoreCase("Log in to photoz"); 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /app-authz-rest-employee/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * 4 | * Copyright 2017 Red Hat, Inc. and/or its affiliates. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | package org.keycloak.quickstart.springboot; 20 | 21 | import org.springframework.boot.SpringApplication; 22 | import org.springframework.boot.autoconfigure.SpringBootApplication; 23 | 24 | /** 25 | * @author Pedro Igor 26 | */ 27 | @SpringBootApplication 28 | public class MyApplication { 29 | 30 | public static void main(String[] args) throws Exception { 31 | SpringApplication.run(MyApplication.class, args); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /app-authz-rest-employee/src/main/java/org/keycloak/quickstart/springboot/web/ApplicationController.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * 4 | * Copyright 2017 Red Hat, Inc. and/or its affiliates. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | package org.keycloak.quickstart.springboot.web; 20 | 21 | import org.springframework.web.bind.annotation.PathVariable; 22 | import org.springframework.web.bind.annotation.RequestMapping; 23 | import org.springframework.web.bind.annotation.RequestMethod; 24 | import org.springframework.web.bind.annotation.RestController; 25 | 26 | /** 27 | * @author Pedro Igor 28 | */ 29 | @RestController 30 | public class ApplicationController { 31 | 32 | @RequestMapping(value = "/api/{employee}", method = RequestMethod.GET) 33 | public Employee salary(@PathVariable String employee) { 34 | return new Employee(employee); 35 | } 36 | 37 | public static class Employee { 38 | 39 | private final String name; 40 | 41 | public Employee(String name) { 42 | this.name = name; 43 | } 44 | 45 | public String getName() { 46 | return name; 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /app-authz-rest-employee/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | server.port = 8080 3 | keycloak.realm=spring-boot-quickstart 4 | keycloak.auth-server-url=http://localhost:8180/auth 5 | keycloak.ssl-required=external 6 | keycloak.resource=app-authz-rest-employee 7 | keycloak.bearer-only=true 8 | keycloak.credentials.secret=secret 9 | keycloak.securityConstraints[0].authRoles[0]=user 10 | keycloak.securityConstraints[0].securityCollections[0].name=protected 11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 12 | keycloak.policy-enforcer-config.enforcement-mode=ENFORCING 13 | keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath} 14 | 15 | # Turn off the logs 16 | logging.level.root=OFF 17 | logging.level.org.springframework.boot=OFF 18 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-rest-employee/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | server.port = 8080 3 | keycloak.realm=spring-boot-quickstart 4 | keycloak.auth-server-url=http://localhost:8180/auth 5 | keycloak.ssl-required=external 6 | keycloak.resource=app-authz-rest-employee 7 | keycloak.bearer-only=true 8 | keycloak.credentials.secret=secret 9 | keycloak.securityConstraints[0].authRoles[0]=user 10 | keycloak.securityConstraints[0].securityCollections[0].name=protected 11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 12 | keycloak.policy-enforcer-config.enforcement-mode=ENFORCING 13 | keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath} 14 | 15 | # Turn off the logs 16 | logging.level.root=OFF 17 | logging.level.org.springframework.boot=OFF 18 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-rest-springboot/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * 4 | * Copyright 2017 Red Hat, Inc. and/or its affiliates. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | package org.keycloak.quickstart.springboot; 20 | 21 | import org.springframework.boot.SpringApplication; 22 | import org.springframework.boot.autoconfigure.SpringBootApplication; 23 | 24 | /** 25 | * @author Pedro Igor 26 | */ 27 | @SpringBootApplication 28 | public class MyApplication { 29 | 30 | public static void main(String[] args) throws Exception { 31 | SpringApplication.run(MyApplication.class, args); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /app-authz-rest-springboot/src/main/java/org/keycloak/quickstart/springboot/web/ApplicationController.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * 4 | * Copyright 2017 Red Hat, Inc. and/or its affiliates. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | package org.keycloak.quickstart.springboot.web; 20 | 21 | import org.springframework.web.bind.annotation.RequestMapping; 22 | import org.springframework.web.bind.annotation.RequestMethod; 23 | import org.springframework.web.bind.annotation.RestController; 24 | 25 | /** 26 | * @author Pedro Igor 27 | */ 28 | @RestController 29 | public class ApplicationController { 30 | 31 | @RequestMapping(value = "/api/resourcea", method = RequestMethod.GET) 32 | public String handleResourceA() { 33 | return createResponse(); 34 | } 35 | 36 | @RequestMapping(value = "/api/resourceb", method = RequestMethod.GET) 37 | public String handleResourceB() { 38 | return createResponse(); 39 | } 40 | 41 | @RequestMapping(value = "/api/premium", method = RequestMethod.GET) 42 | public String handlePremiumResource() { 43 | return createResponse(); 44 | } 45 | 46 | @RequestMapping(value = "/api/admin", method = RequestMethod.GET) 47 | public String handleAdminResource() { 48 | return createResponse(); 49 | } 50 | 51 | private String createResponse() { 52 | return "Access Granted"; 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /app-authz-rest-springboot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | server.port = 8080 3 | keycloak.realm=spring-boot-quickstart 4 | keycloak.auth-server-url=http://localhost:8180/auth 5 | keycloak.ssl-required=external 6 | keycloak.resource=app-authz-rest-springboot 7 | keycloak.bearer-only=true 8 | keycloak.credentials.secret=secret 9 | keycloak.securityConstraints[0].authRoles[0]=user 10 | keycloak.securityConstraints[0].securityCollections[0].name=protected 11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 12 | keycloak.policy-enforcer-config.lazy-load-paths=true 13 | keycloak.policy-enforcer-config.paths[0].path=/api/admin 14 | keycloak.policy-enforcer-config.paths[0].claimInformationPointConfig.claims[some-claim]={request.parameter['parameter-a']} 15 | 16 | # Turn off the logs 17 | logging.level.root=OFF 18 | logging.level.org.springframework.boot=OFF 19 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-rest-springboot/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | server.port = 8080 3 | keycloak.realm=spring-boot-quickstart 4 | keycloak.auth-server-url=http://localhost:8180/auth 5 | keycloak.ssl-required=external 6 | keycloak.resource=app-authz-rest-springboot 7 | keycloak.bearer-only=true 8 | keycloak.credentials.secret=secret 9 | keycloak.securityConstraints[0].authRoles[0]=user 10 | keycloak.securityConstraints[0].securityCollections[0].name=protected 11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 12 | keycloak.policy-enforcer-config.lazy-load-paths=true 13 | keycloak.policy-enforcer-config.paths[0].path=/api/admin 14 | keycloak.policy-enforcer-config.paths[0].claimInformationPointConfig.claims[some-claim]={request.parameter['parameter-a']} 15 | 16 | # Turn off the logs 17 | logging.level.root=OFF 18 | logging.level.org.springframework.boot=OFF 19 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/java/org/keycloak/quickstart/springsecurity/web/MyApplication.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.springsecurity.web; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class MyApplication { 8 | 9 | public static void main(String[] args) throws Throwable { 10 | SpringApplication.run(MyApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | # Turn off the logs 2 | logging.level.root=OFF 3 | logging.level.org.springframework.boot=OFF 4 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "spring-security-quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-authz-spring-security", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "on-deny-redirect-to": "/accessDenied" 11 | } 12 | } -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/templates/access-denied.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Access Denied 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Users are redirect to this page when they lack permissions to access a resource

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/templates/alice.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Alice Page 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Only Alice is allowed to access this resource

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/templates/home.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Home Page 7 | 8 | 9 | 10 |
11 |

Welcome, ${identity.name}

12 | 13 |

Logout

14 |

15 | 16 |

Any authenticated user with a role "user" can access this resource

17 |

Only users with a role "user-premium" can access this resource

18 | 19 | <#if identity.hasResourcePermission('Alice Resource')> 20 |

Only user "alice" can access this resource

21 | 22 | 23 |

You have permissions to access the following resources:

24 | 25 |
    26 | <#list identity.permissions as permission> 27 |
  • 28 |

    ${permission.resourceName}

    29 |
  • 30 | 31 |
32 |
33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/templates/premium.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Premium Page 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Access to this page is enforced by permissions associated with resource "Premium Resource"

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/main/resources/templates/protected.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Protected Page 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Access to this page is enforced by permissions associated with resource "Protected Resource"

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-spring-security/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | # Turn off the logs 2 | logging.level.root=OFF 3 | logging.level.org.springframework.boot=OFF 4 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-springboot/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * 4 | * Copyright 2017 Red Hat, Inc. and/or its affiliates. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | * 18 | */ 19 | package org.keycloak.quickstart.springboot; 20 | 21 | import org.springframework.boot.SpringApplication; 22 | import org.springframework.boot.autoconfigure.SpringBootApplication; 23 | 24 | /** 25 | * @author Pedro Igor 26 | */ 27 | @SpringBootApplication 28 | public class MyApplication { 29 | 30 | public static void main(String[] args) throws Exception { 31 | SpringApplication.run(MyApplication.class, args); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | spring.freemarker.cache=false 3 | server.port = 8080 4 | keycloak.realm=spring-boot-quickstart 5 | keycloak.auth-server-url=http://localhost:8180/auth 6 | keycloak.ssl-required=external 7 | keycloak.resource=app-authz-springboot 8 | keycloak.public-client=false 9 | keycloak.credentials.secret=secret 10 | keycloak.securityConstraints[0].authRoles[0] = user 11 | keycloak.securityConstraints[0].securityCollections[0].name = protected 12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /* 13 | 14 | # This configuration enables the policy enforcer in order to protect resources served by this application. 15 | # During the boot, the policy enforcer is going to fetch all protected resources in Keycloak and automatically configure your application. 16 | # Note that protected resources in Keycloak are defined with a URI which maps to a set of resources in this application. 17 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied 18 | 19 | # Turn off the logs 20 | logging.level.root=OFF 21 | logging.level.org.springframework.boot=OFF 22 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/application.properties.path.entitlements: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | spring.freemarker.cache=false 3 | server.port = 8080 4 | keycloak.realm=spring-boot-quickstart 5 | keycloak.auth-server-url=http://localhost:8180/auth 6 | keycloak.ssl-required=external 7 | keycloak.resource=app-authz-springboot 8 | keycloak.public-client=false 9 | keycloak.credentials.secret=secret 10 | keycloak.securityConstraints[0].authRoles[0]=user 11 | keycloak.securityConstraints[0].securityCollections[0].name=protected 12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 13 | 14 | # This configuration enables the policy enforcer in order to protect resources served by this application. 15 | # During the boot, the policy enforcer is going to fetch only the paths defined below and associate these paths with specific 16 | resources defined in Keycloak. 17 | # When defining paths in the configuration, you are not really required to specify a URI for protected resources in Keycloak. 18 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied 19 | keycloak.policy-enforcer-config.paths[0].name=Default Resource 20 | keycloak.policy-enforcer-config.paths[0].path=/* 21 | keycloak.policy-enforcer-config.paths[1].name=Protected Resource 22 | keycloak.policy-enforcer-config.paths[1].path=/protected/* 23 | 24 | # This is a special path definition where a pattern is used to map different resources in Keycloak. 25 | # With this configuration is possible to enforce access for resources based on a type. 26 | keycloak.policy-enforcer-config.paths[2].name=User Resource 27 | keycloak.policy-enforcer-config.paths[2].path=/protected/{user_name} 28 | 29 | 30 | keycloak.policy-enforcer-config.paths[3].name=Premium Resource 31 | keycloak.policy-enforcer-config.paths[3].path=/protected/premium -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/templates/access-denied.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Access Denied 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Users are redirect to this page when they lack permissions to access a resource

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/templates/home.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Home Page 7 | 8 | 9 | 10 |
11 |

Welcome, ${identity.name}

12 | 13 |

Logout

14 |

15 | 16 |

Any authenticated user with a role "user" can access this resource

17 |

Only users with a role "user-premium" can access this resource

18 | 19 |

You have permissions to access the following resources:

20 | 21 |
    22 | <#list identity.permissions as permission> 23 |
  • 24 |

    ${permission.resourceName}

    25 |
  • 26 | 27 |
28 |
29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/templates/premium.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Premium Page 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Access to this page is enforced by permissions associated with resource "Premium Resource"

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-springboot/src/main/resources/templates/protected.ftl: -------------------------------------------------------------------------------- 1 | <#import "/spring.ftl" as spring /> 2 | <#assign xhtmlCompliant = true in spring> 3 | 4 | 5 | 6 | Protected Page 7 | 8 | 9 | 10 |
11 | Logout 12 |
13 | 14 |

Access to this page is enforced by permissions associated with resource "Protected Resource"

15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /app-authz-springboot/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.connection-timeout=5000 2 | spring.freemarker.cache=false 3 | server.port = 8080 4 | keycloak.realm=spring-boot-quickstart 5 | keycloak.auth-server-url=http://localhost:8180/auth 6 | keycloak.ssl-required=external 7 | keycloak.resource=app-authz-springboot 8 | keycloak.public-client=false 9 | keycloak.credentials.secret=secret 10 | keycloak.securityConstraints[0].authRoles[0]=user 11 | keycloak.securityConstraints[0].securityCollections[0].name=protected 12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/* 13 | 14 | # This configuration enables the policy enforcer in order to protect resources served by this application. 15 | # During the boot, the policy enforcer is going to fetch only the paths defined below and associate these paths with specific 16 | resources defined in Keycloak. 17 | # When defining paths in the configuration, you are not really required to specify a URI for protected resources in Keycloak. 18 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied 19 | keycloak.policy-enforcer-config.paths[0].name=Default Resource 20 | keycloak.policy-enforcer-config.paths[0].path=/* 21 | keycloak.policy-enforcer-config.paths[1].name=Protected Resource 22 | keycloak.policy-enforcer-config.paths[1].path=/protected/* 23 | 24 | # This is a special path definition where a pattern is used to map different resources in Keycloak. 25 | # With this configuration is possible to enforce access for resources based on a type. 26 | keycloak.policy-enforcer-config.paths[2].name=User Resource 27 | keycloak.policy-enforcer-config.paths[2].path=/protected/{user_name} 28 | 29 | 30 | keycloak.policy-enforcer-config.paths[3].name=Premium Resource 31 | keycloak.policy-enforcer-config.paths[3].path=/protected/premium 32 | 33 | # Turn off the logs 34 | logging.level.root=OFF 35 | logging.level.org.springframework.boot=OFF 36 | spring.main.banner-mode=OFF -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | photoz-html5-client 8 | 9 | 10 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Photoz HTML5 Client 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Show Requesting Party Token | Show Access Token | Request Entitlements | My Account | Sign Out 23 | 24 |
25 |
26 |
27 | 28 |

29 | 
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/keycloak.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "photoz",
3 |   "auth-server-url" : "http://localhost:8180/auth",
4 |   "ssl-required" : "external",
5 |   "resource" : "photoz-html5-client",
6 |   "public-client" : true
7 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/lib/jwt-decode.min.js:
--------------------------------------------------------------------------------
1 | !function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);throw new Error("Cannot find module '"+g+"'")}var j=c[g]={exports:{}};b[g][0].call(j.exports,function(a){var c=b[g][1][a];return e(c?c:a)},j,j.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g>8-f%1*8)){if(e=a.charCodeAt(f+=.75),e>255)throw d;c=c<<8|e}return h}),a.atob||(a.atob=function(a){if(a=a.replace(/=+$/,""),a.length%4==1)throw d;for(var c,e,f=0,g=0,h="";e=a.charAt(g++);~e&&(c=f%4?64*c+e:e,f++%4)?h+=String.fromCharCode(255&c>>(-2*f&6)):0)e=b.indexOf(e);return h})}()},{}],5:[function(a){var b="undefined"!=typeof self?self:"undefined"!=typeof window?window:{},c=a("./lib/index");"function"==typeof b.window.define&&b.window.define.amd?b.window.define("jwt_decode",function(){return c}):b.window&&(b.window.jwt_decode=c)},{"./lib/index":2}]},{},[5]);


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/admin/albums.html:
--------------------------------------------------------------------------------
 1 | 

All Albums

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 17 | 18 | 19 |
{{key}}
11 | 16 |
20 |

21 | Back to main page 22 |

-------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/album/create.html: -------------------------------------------------------------------------------- 1 |

Create an Album

2 | 3 |
4 | Name: 5 | 6 | 7 |
8 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/album/detail.html: -------------------------------------------------------------------------------- 1 |

{{album.name}}

2 | 3 | 4 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/home.html: -------------------------------------------------------------------------------- 1 |

Welcome To Photoz, {{Identity.claims.name}}

2 |
Administration: [All Albums]
3 |
4 |
5 |
6 | Create Album | My Profile 7 |
8 |

Your Albums

9 | You don't have any albums, yet. 10 | 11 | 12 | 13 | 14 |
{{p.name}} - [X]
15 |

Shared With Me

16 | You don't have any shares, yet. 17 | 18 | 19 | 20 | 21 |
{{p.album.name}} - [X]Request Delete Access
22 |
-------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/profile.html: -------------------------------------------------------------------------------- 1 |

My Profile

2 | 3 |
4 |

Name: {{profile.userName}}

5 |

Total of albums: {{profile.totalAlbums}}

6 |
7 |

8 | Back to main page 9 |

10 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-js-policies/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 20 | 4.0.0 21 | 22 | org.keycloak.quickstarts 23 | app-authz-uma-photoz-parent 24 | 7.4.0.GA 25 | ../pom.xml 26 | 27 | 28 | photoz-uma-js-policies 29 | jar 30 | Red Hat SSO Quickstarts: Photoz JS Policies 31 | JS Policies 32 | 33 | 34 | ${project.artifactId} 35 | 36 | 37 | src/main/resources 38 | true 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-js-policies/src/main/resources/META-INF/keycloak-scripts.json: -------------------------------------------------------------------------------- 1 | { 2 | "policies": [ 3 | { 4 | "name": "Only From @keycloak.org or Admin", 5 | "fileName": "only-keycloak-domain-or-admin.js", 6 | "description": "Defines that only users from @keycloak.org or Admins can do something" 7 | }, 8 | { 9 | "name": "Only Owner Policy", 10 | "fileName": "only-owner.js", 11 | "description": "Defines that only the resource owner is allowed to do something" 12 | }, 13 | { 14 | "name": "Only From a Specific Client Address", 15 | "fileName": "only-from-specific-client-address.js", 16 | "description": "Defines that only clients from a specific address can do something" 17 | } 18 | ] 19 | } -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-from-specific-client-address.js: -------------------------------------------------------------------------------- 1 | var contextAttributes = $evaluation.getContext().getAttributes(); 2 | 3 | if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')) { 4 | $evaluation.grant(); 5 | } -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-keycloak-domain-or-admin.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.getContext(); 2 | var identity = context.getIdentity(); 3 | var attributes = identity.getAttributes(); 4 | var email = attributes.getValue('email').asString(0); 5 | 6 | if (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) { 7 | $evaluation.grant(); 8 | } -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-owner.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.context; 2 | var identity = context.identity; 3 | var permission = $evaluation.permission; 4 | var resource = permission.resource; 5 | 6 | if (resource.owner == identity.id) { 7 | $evaluation.grant(); 8 | } -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/ErrorResponse.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.example.photoz; 2 | 3 | import javax.ws.rs.WebApplicationException; 4 | import javax.ws.rs.core.Response; 5 | import java.util.HashMap; 6 | import java.util.Map; 7 | 8 | /** 9 | * @author Pedro Igor 10 | */ 11 | public class ErrorResponse extends WebApplicationException { 12 | 13 | private final Response.Status status; 14 | 15 | public ErrorResponse(String message) { 16 | this(message, Response.Status.INTERNAL_SERVER_ERROR); 17 | } 18 | 19 | public ErrorResponse(String message, Response.Status status) { 20 | super(message, status); 21 | this.status = status; 22 | } 23 | 24 | @Override 25 | public Response getResponse() { 26 | Map errorResponse = new HashMap(); 27 | 28 | errorResponse.put("message", getMessage()); 29 | 30 | return Response.status(status).entity(errorResponse).build(); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/PhotozApplication.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.example.photoz; 2 | 3 | import javax.ws.rs.ApplicationPath; 4 | import javax.ws.rs.core.Application; 5 | 6 | /** 7 | * Basic auth app. 8 | */ 9 | @ApplicationPath("/") 10 | public class PhotozApplication extends Application { 11 | 12 | } 13 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/SharedAlbum.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.album; 18 | 19 | import java.util.ArrayList; 20 | import java.util.List; 21 | 22 | import org.keycloak.example.photoz.entity.Album; 23 | 24 | public class SharedAlbum { 25 | 26 | private Album album; 27 | private List scopes; 28 | 29 | public SharedAlbum(Album album) { 30 | this.album = album; 31 | } 32 | 33 | public Album getAlbum() { 34 | return album; 35 | } 36 | 37 | public List getScopes() { 38 | return scopes; 39 | } 40 | 41 | public void addScope(String scope) { 42 | if (scopes == null) { 43 | scopes = new ArrayList(); 44 | } 45 | scopes.add(scope); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Resources.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.util; 18 | 19 | import javax.annotation.PostConstruct; 20 | import javax.annotation.PreDestroy; 21 | import javax.enterprise.context.ApplicationScoped; 22 | import javax.enterprise.context.RequestScoped; 23 | import javax.enterprise.inject.Produces; 24 | import javax.persistence.EntityManager; 25 | import javax.persistence.EntityManagerFactory; 26 | import javax.persistence.Persistence; 27 | 28 | /** 29 | * @author Pedro Igor 30 | */ 31 | @ApplicationScoped 32 | public class Resources { 33 | 34 | private EntityManagerFactory entityManagerFactory; 35 | 36 | @PostConstruct 37 | public void init() { 38 | entityManagerFactory = Persistence.createEntityManagerFactory("primary"); 39 | } 40 | 41 | @PreDestroy 42 | public void dispose() { 43 | entityManagerFactory.close(); 44 | } 45 | 46 | @RequestScoped 47 | @Produces 48 | public EntityManager createEntityManager() { 49 | return entityManagerFactory.createEntityManager(); 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Transaction.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.example.photoz.util; 18 | 19 | import javax.interceptor.InterceptorBinding; 20 | import java.lang.annotation.Retention; 21 | import java.lang.annotation.Target; 22 | 23 | import static java.lang.annotation.ElementType.TYPE; 24 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 25 | 26 | /** 27 | * @author Pedro Igor 28 | */ 29 | @InterceptorBinding 30 | @Target({ TYPE }) 31 | @Retention(RUNTIME) 32 | public @interface Transaction { 33 | } 34 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/resources/META-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | org.keycloak.example.photoz.util.TransactionInterceptor 8 | 9 | 10 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | org.keycloak.example.photoz.entity.Album 10 | org.keycloak.example.photoz.entity.Photo 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/webapp/WEB-INF/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "photoz", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "photoz-restful-api", 6 | "bearer-only" : true, 7 | "credentials": { 8 | "secret": "secret" 9 | }, 10 | "policy-enforcer": { 11 | "enforcement-mode": "PERMISSIVE", 12 | "user-managed-access": {}, 13 | "paths": [ 14 | { 15 | "name" : "Album Resource", 16 | "path" : "/album/{id}", 17 | "methods" : [ 18 | { 19 | "method": "DELETE", 20 | "scopes" : ["album:delete"] 21 | }, 22 | { 23 | "method": "GET", 24 | "scopes" : ["album:view"] 25 | } 26 | ] 27 | }, 28 | { 29 | "name" : "Album Resource", 30 | "path" : "/album/shares", 31 | "enforcement-mode": "DISABLED" 32 | }, 33 | { 34 | "path" : "/profile" 35 | }, 36 | { 37 | "name" : "Admin Resources", 38 | "path" : "/admin/*" 39 | } 40 | ] 41 | } 42 | } -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | photoz-restful-api 8 | 9 | 10 | 11 | All Resources 12 | /* 13 | 14 | 15 | user 16 | 17 | 18 | 19 | 20 | 21 | All Resources 22 | /* 23 | 24 | 25 | admin 26 | 27 | 28 | 29 | 30 | KEYCLOAK 31 | photoz 32 | 33 | 34 | 35 | admin 36 | 37 | 38 | 39 | user 40 | 41 | 42 | -------------------------------------------------------------------------------- /app-authz-uma-photoz/photoz-testsuite/src/test/java/org/keycloak/quickstart/uma/page/ConsentPage.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | 18 | package org.keycloak.quickstart.uma.page; 19 | 20 | import org.jboss.arquillian.test.api.ArquillianResource; 21 | import org.openqa.selenium.WebDriver; 22 | import org.openqa.selenium.WebElement; 23 | import org.openqa.selenium.support.FindBy; 24 | 25 | /** 26 | * A {@code {@link org.jboss.arquillian.graphene.page.Page}} representing the consent page. 27 | * 28 | * @author Stefan Guilhen 29 | */ 30 | public class ConsentPage { 31 | 32 | @ArquillianResource 33 | protected WebDriver driver; 34 | 35 | @FindBy(id = "kc-login") 36 | private WebElement submitButton; 37 | 38 | @FindBy(id = "kc-cancel") 39 | private WebElement cancelButton; 40 | 41 | public void confirm() { 42 | submitButton.click(); 43 | } 44 | 45 | public void cancel() { 46 | cancelButton.click(); 47 | } 48 | 49 | public boolean isCurrent() { 50 | return driver.getTitle().equalsIgnoreCase("Log in to photoz"); 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /app-jee-html5/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-html5", 3 | "rootUrl": "http://localhost:8080/app-html5", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-html5/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": true 12 | } 13 | -------------------------------------------------------------------------------- /app-jee-html5/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-html5", 6 | "public-client": true 7 | } -------------------------------------------------------------------------------- /app-jee-html5/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | 20 | 21 | Keycloak Example App 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 |
31 | 34 | 35 | 39 | 40 |
41 | 42 | 43 | 44 | 45 |
46 |
47 |
48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /app-jee-html5/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-jee-jsp/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-jsp", 3 | "rootUrl": "http://localhost:8080/app-jsp", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-jsp/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": false, 12 | "secret": "578262e1-9181-4721-baec-7cc913331c1f" 13 | } 14 | -------------------------------------------------------------------------------- /app-jee-jsp/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-jsp", 6 | "credentials": { 7 | "secret": "5bad43ac-0dac-4272-a723-ab7a3cef49b9" 8 | } 9 | } -------------------------------------------------------------------------------- /app-jee-jsp/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 22 | 23 | 24 | app 25 | /protected.jsp 26 | 27 | 28 | * 29 | 30 | 31 | 32 | 33 | KEYCLOAK 34 | 35 | 36 | 37 | * 38 | 39 | 40 | -------------------------------------------------------------------------------- /app-jee-jsp/src/main/webapp/protected.jsp: -------------------------------------------------------------------------------- 1 | 17 | 18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 19 | <%@ taglib prefix="c" 20 | uri="http://java.sun.com/jsp/jstl/core" %> 21 | 22 | 23 | 24 | 25 | Keycloak Example App 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /app-jee-jsp/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-profile-jee-html5/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-profile-html5", 3 | "rootUrl": "http://localhost:8080/app-profile-html5", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-profile-html5/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": true 12 | } 13 | -------------------------------------------------------------------------------- /app-profile-jee-html5/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "resource": "app-profile-html5", 5 | "public-client": true 6 | } 7 | -------------------------------------------------------------------------------- /app-profile-jee-html5/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-profile-jsp", 3 | "rootUrl": "http://localhost:8080/app-profile-jsp", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-profile-jsp/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": false, 12 | "secret": "578262e1-9181-4721-baec-7cc913331c1f" 13 | } 14 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-profile-jsp", 6 | "credentials": { 7 | "secret": "578262e1-9181-4721-baec-7cc913331c1f" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 22 | 23 | 24 | app 25 | /profile.jsp 26 | 27 | 28 | * 29 | 30 | 31 | 32 | 33 | KEYCLOAK 34 | 35 | 36 | 37 | * 38 | 39 | 40 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | 17 | 18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1" %> 19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 20 | 21 | 22 | 23 | 24 | Keycloak Example App 25 | 26 | 27 | 28 | 29 | 30 | <% controller.handleLogout(request); %> 31 | 32 | 33 | 34 | 35 | 36 | 37 |
38 | 41 | 42 |
43 |
Please login
44 |
45 |
46 | 47 | 48 | -------------------------------------------------------------------------------- /app-profile-jee-jsp/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-profile-jee-vanilla/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-profile-vanilla", 3 | "rootUrl": "http://localhost:8080/vanilla", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/vanilla/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": false, 12 | "secret": "578262e1-9181-4721-baec-7cc913331c1f" 13 | } 14 | -------------------------------------------------------------------------------- /app-profile-jee-vanilla/src/main/java/org/keycloak/quickstart/profilejee/Controller.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.profilejee; 18 | 19 | import javax.servlet.ServletException; 20 | import javax.servlet.http.HttpServletRequest; 21 | 22 | /** 23 | * Controller simplifies access to the server environment from the JSP. 24 | * 25 | * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc. 26 | */ 27 | public class Controller { 28 | 29 | public void handleLogout(HttpServletRequest req) throws ServletException { 30 | if (req.getParameter("logout") != null) { 31 | req.logout(); 32 | } 33 | } 34 | 35 | public boolean isLoggedIn(HttpServletRequest req) { 36 | return req.getUserPrincipal() != null; 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /app-profile-jee-vanilla/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 22 | 23 | vanilla 24 | 25 | 26 | 27 | app-profile-jee 28 | /profile.jsp 29 | 30 | 31 | * 32 | 33 | 34 | 35 | 36 | BASIC 37 | 38 | 39 | 40 | * 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /app-profile-jee-vanilla/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | 17 | 18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 20 | 21 | 22 | 23 | 24 | Keycloak Example App 25 | 26 | 27 | 28 | 29 | 30 | <% controller.handleLogout(request); %> 31 | 32 | 33 | 34 | 35 | 36 | 37 |
38 | 41 | 42 |
43 |
Please login
44 |
45 |
46 | 47 | 48 | -------------------------------------------------------------------------------- /app-profile-saml-jee-jsp/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 22 | 23 | 24 | app 25 | /profile.jsp 26 | 27 | 28 | user 29 | 30 | 31 | 32 | 33 | KEYCLOAK-SAML 34 | 35 | 36 | 37 | user 38 | 39 | 40 | -------------------------------------------------------------------------------- /app-profile-saml-jee-jsp/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | 17 | 18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 20 | 21 | 22 | 23 | 24 | Keycloak Example App 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 |
37 | 40 | 41 |
42 |
Please login
43 |
44 |
45 | 46 | 47 | -------------------------------------------------------------------------------- /app-profile-saml-jee-jsp/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 22 | 23 | 24 | 26 | 27 | 28 | 29 | 30 | 32 | 33 | 127.0.0.1 34 | 9990 35 | ${basedir}/target/wildfly-${version.wildfly} 36 | ../../../test-classes/standalone-test.xml 37 | 38 | 39 | 40 | 41 | phantomjs 42 | 43 | 44 | -------------------------------------------------------------------------------- /authz-js-policies/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 20 | 4.0.0 21 | 22 | org.keycloak.quickstarts 23 | keycloak-quickstart-parent 24 | 7.4.0.GA 25 | ../pom.xml 26 | 27 | 28 | authz-js-policies 29 | jar 30 | Red Hat SSO Quickstarts: JS Policies 31 | JS Policies used by Authorization Services Quickstarts 32 | 33 | 34 | ${project.artifactId} 35 | 36 | 37 | src/main/resources 38 | true 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /authz-js-policies/src/main/resources/META-INF/keycloak-scripts.json: -------------------------------------------------------------------------------- 1 | { 2 | "policies": [ 3 | { 4 | "name": "Match User From Requested Uri", 5 | "fileName": "match-user-from-uri.js", 6 | "description": "A policy that extracts the username from a request URI and check if it matches the current identity" 7 | }, 8 | { 9 | "name": "Claim-Based", 10 | "fileName": "pushed-claim-from-request.js", 11 | "description": "A policy that makes decision based on the value of a context attribute" 12 | }, 13 | { 14 | "name": "Always Grant", 15 | "fileName": "always-grant.js", 16 | "description": "A policy that always grants access" 17 | }, 18 | { 19 | "name": "Only Owner", 20 | "fileName": "only-owner.js", 21 | "description": "A policy that always grants access to resource owners" 22 | } 23 | ] 24 | } -------------------------------------------------------------------------------- /authz-js-policies/src/main/resources/always-grant.js: -------------------------------------------------------------------------------- 1 | // by default, grants any permission associated with this policy 2 | $evaluation.grant(); -------------------------------------------------------------------------------- /authz-js-policies/src/main/resources/match-user-from-uri.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.getContext(); 2 | var attributes = context.getAttributes(); 3 | var httpUri = attributes.getValue('http.uri'); 4 | 5 | if (httpUri) { 6 | var uriParts = httpUri.asString(0).split('/'); 7 | var identity = context.getIdentity(); 8 | var username = identity.getAttributes().getValue('preferred_username').asString(0); 9 | 10 | if (uriParts[2] == username) { 11 | $evaluation.grant(); 12 | } 13 | } -------------------------------------------------------------------------------- /authz-js-policies/src/main/resources/only-owner.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.context; 2 | var identity = context.identity; 3 | var permission = $evaluation.permission; 4 | var resource = permission.resource; 5 | 6 | if (resource.owner == identity.id) { 7 | $evaluation.grant(); 8 | } -------------------------------------------------------------------------------- /authz-js-policies/src/main/resources/pushed-claim-from-request.js: -------------------------------------------------------------------------------- 1 | var context = $evaluation.context; 2 | 3 | var attributes = context.attributes; 4 | 5 | if (attributes.containsValue('some-claim', 'claim-value')) { 6 | $evaluation.grant(); 7 | } -------------------------------------------------------------------------------- /config/partial-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "roles": { 3 | "realm" : [{ 4 | "name": "user" 5 | }] 6 | }, 7 | 8 | "users": [{ 9 | "username" : "user", 10 | "enabled": true, 11 | "credentials" : [{ 12 | "type" : "password", 13 | "value" : "password" 14 | }], 15 | "realmRoles": ["user"], 16 | "clientRoles": { 17 | "account": ["view-profile", "manage-account"] 18 | } 19 | }] 20 | } 21 | -------------------------------------------------------------------------------- /docs/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /docs/test-development.md: -------------------------------------------------------------------------------- 1 | # Writing tests 2 | 3 | We focus primarily on integration/functional level tests. Unit tests are avoided and only recommended for isolated 4 | classes such as small utils. We do not use any mocking frameworks and we will not accept any contributions that adds a 5 | mocking framework. 6 | 7 | When writing tests please follow the same approach as we have taken in the other tests. There are many ways to 8 | test software and we have chosen ours, so please appreciate that. 9 | 10 | The main tests are provided in `src/test/java` for each Quickstart folder. Most of the integration tests are there. 11 | 12 | Any test inside the quickstarts should be reasonable and straightforward to understand. But feedback for improvements are always welcome. 13 | 14 | When developing your test depending on the feature or enhancement you are testing you may find it best to add to an 15 | existing test, or to write a test from scratch. For the latter, we recommend finding another test that is close to what 16 | you need and use that as a basis. 17 | 18 | 19 | # Running integration tests 20 | 21 | By default, the integration tests for each quickstart, expect this initial admin user to have `admin` as username and `admin` as password. This is configurable in each `ArquillianTest` class. 22 | 23 | ``` 24 | static { 25 | try { 26 | importTestRealm("admin", "admin", "/quickstart-realm.json"); 27 | } catch (IOException e) { 28 | e.printStackTrace(); 29 | } 30 | } 31 | ``` 32 | 33 | If you don't have access to admin's credentials, please import the `quickstart-realm.json` from `src/test/resources`. 34 | 35 | To run integration tests for JBoss EAP managed quickstarts use the following command: 36 | ``` 37 | mvn clean install -Pwildfly-managed -Denforcer.skip=true 38 | ``` 39 | 40 | If you want to run the tests for a quickstart that doesn't need JBoss EAP, you have to use appropriate profile. See a particular quickstart's README for more details. 41 | -------------------------------------------------------------------------------- /fuse63/app-war/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-app-jsp", 3 | "adminUrl": "http://localhost:8181/app-war-jsp", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8181/app-war-jsp/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8181" 10 | ], 11 | "publicClient": false, 12 | "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79" 13 | } 14 | -------------------------------------------------------------------------------- /fuse63/app-war/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "fuse-app-jsp", 6 | "credentials": { 7 | "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79" 8 | } 9 | } -------------------------------------------------------------------------------- /fuse63/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.fuse.appjee; 2 | 3 | import java.io.IOException; 4 | 5 | import javax.servlet.ServletException; 6 | import javax.servlet.http.HttpServlet; 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | 10 | /** 11 | * @author Marek Posolda 12 | */ 13 | public class ProtectedServlet extends HttpServlet { 14 | 15 | @Override 16 | protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 17 | req.getRequestDispatcher("index.jsp").forward(req, resp); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /fuse63/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ServiceLocator.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.fuse.appjee; 2 | 3 | import java.net.MalformedURLException; 4 | import java.net.URL; 5 | import java.util.logging.Logger; 6 | 7 | import javax.servlet.http.HttpServletRequest; 8 | 9 | /** 10 | * @author Marko Strukelj 11 | */ 12 | public class ServiceLocator { 13 | 14 | private static final Logger log = Logger.getLogger(ServiceLocator.class.getName()); 15 | 16 | public static URL getServiceUrl(HttpServletRequest req) { 17 | 18 | String uri = null; 19 | try { 20 | uri = System.getProperty("service.url"); 21 | if (uri != null) { 22 | return new URL(uri); 23 | } 24 | 25 | uri = System.getenv("SERVICE_URL"); 26 | if (uri != null) { 27 | return new URL(uri); 28 | } 29 | 30 | URL requestUrl = new URL(req.getRequestURL().toString()); 31 | 32 | String host = requestUrl.getHost(); 33 | String schema = requestUrl.getProtocol(); 34 | String port = requestUrl.getPort() != -1 ? (":" + requestUrl.getPort()) : ""; 35 | 36 | uri = schema + "://" + host + port + "/service"; 37 | return new URL(uri); 38 | 39 | } catch (MalformedURLException e) { 40 | throw new RuntimeException("Malformed url: " + uri); 41 | } finally { 42 | log.info("Service url: " + uri); 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /fuse63/app-war/src/main/webapp/WEB-INF/jetty-web.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /fuse63/features/README.md: -------------------------------------------------------------------------------- 1 | JBoss Fuse Features 2 | =================== 3 | This module contains the Karaf feature `keycloak-fuse63-quickstarts`, which is used by `server` module to install all the other Keycloak Fuse Quickstart applications into the JBoss Fuse server. 4 | -------------------------------------------------------------------------------- /fuse63/features/src/main/resources/features.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 19 | 20 | 21 | 22 |
The Keycloak Fuse example
23 | war 24 | camel 25 | camel-jetty 26 | cxf 27 | keycloak 28 | keycloak-jetty9-adapter 29 | mvn:org.keycloak.quickstarts/keycloak-fuse63-app-war-jsp/${project.version}/war 30 | mvn:org.keycloak.quickstarts/keycloak-fuse63-service-camel/${project.version} 31 | mvn:org.keycloak.quickstarts/keycloak-fuse63-service-cxf-jaxrs/${project.version} 32 |
33 | 34 |
-------------------------------------------------------------------------------- /fuse63/server/src/main/resources/install-features.cli: -------------------------------------------------------------------------------- 1 | features:addurl mvn:org.keycloak/keycloak-osgi-features/${version.keycloak}/xml/features 2 | features:addurl mvn:org.keycloak.quickstarts/keycloak-fuse63-features/${project.version}/xml/features 3 | features:install keycloak-fuse63-quickstarts 4 | -------------------------------------------------------------------------------- /fuse63/server/src/main/resources/install-features.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "JAVA_HOME=$JAVA_HOME" 3 | 4 | ./start 5 | 6 | echo "Karaf container starting" 7 | sleep 5 8 | 9 | TIMEOUT=5 10 | DELAY=1 11 | T=0 12 | 13 | RESULT=0 14 | 15 | until [ $T -gt $TIMEOUT ] 16 | do 17 | if ./client info; then 18 | echo "Server is reachable." 19 | 20 | 21 | echo "Updating Config" 22 | ./client -f update-config.cli 23 | if [ $? -ne 0 ]; then 24 | echo "Call update-config.cli failed!"; 25 | RESULT=1; 26 | else 27 | ./client config:list | grep org.ops4j.pax.url.mvn. 28 | fi 29 | 30 | echo "Installing features." 31 | ./client -f install-features.cli 32 | if [ $? -ne 0 ]; then 33 | echo "Call install-features.cli failed!"; 34 | RESULT=1; 35 | fi 36 | exit $RESULT 37 | else 38 | echo "Server is not reachable. Waiting." 39 | sleep $DELAY 40 | let T=$T+$DELAY 41 | fi 42 | done 43 | -------------------------------------------------------------------------------- /fuse63/server/src/main/resources/update-config.cli: -------------------------------------------------------------------------------- 1 | config:edit org.ops4j.pax.url.mvn 2 | config:propset org.ops4j.pax.url.mvn.localRepository ${user.home}/.m2/repository 3 | config:update 4 | 5 | features:refreshurl 6 | 7 | dev:system-property service.url ${service.url} 8 | -------------------------------------------------------------------------------- /fuse63/server/src/main/resources/users.properties: -------------------------------------------------------------------------------- 1 | karaf = karaf,_g_:admingroup 2 | _g_\:admingroup = group,admin,manager,viewer,webconsole 3 | -------------------------------------------------------------------------------- /fuse63/service-camel/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-service-camel", 3 | "enabled": true, 4 | "bearerOnly": true, 5 | "adminUrl": "http://localhost:8383/service" 6 | } 7 | -------------------------------------------------------------------------------- /fuse63/service-camel/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "fuse-service-camel" 7 | } -------------------------------------------------------------------------------- /fuse63/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/CamelHelloProcessor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.camel; 18 | 19 | import javax.servlet.http.HttpServletRequest; 20 | 21 | import org.apache.camel.Exchange; 22 | import org.apache.camel.Processor; 23 | import org.keycloak.KeycloakPrincipal; 24 | import org.keycloak.util.JsonSerialization; 25 | 26 | /** 27 | * @author Marek Posolda 28 | */ 29 | public class CamelHelloProcessor implements Processor { 30 | 31 | @Override 32 | public void process(Exchange exchange) throws Exception { 33 | HttpServletRequest req = exchange.getIn().getBody(HttpServletRequest.class); 34 | 35 | // KeycloakPrincipal encapsulates informations like token etc 36 | KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal) req.getUserPrincipal(); 37 | 38 | String suffix = (String) exchange.getIn().getHeader("id"); 39 | 40 | exchange.getOut().setHeader(Exchange.CONTENT_TYPE, "application/json"); 41 | Message message = new Message("camel - " + suffix); 42 | String jsonResponse = JsonSerialization.writeValueAsString(message); 43 | exchange.getOut().setBody(jsonResponse); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /fuse63/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.camel; 18 | 19 | 20 | public class Message { 21 | 22 | private String message; 23 | 24 | public Message(String message) { 25 | this.message = message; 26 | } 27 | 28 | public String getMessage() { 29 | return message; 30 | } 31 | 32 | public void setMessage(String message) { 33 | this.message = message; 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /fuse63/service-camel/src/main/resources/config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse63/service-camel/src/main/resources/config/.gitkeep -------------------------------------------------------------------------------- /fuse63/service-cxf-jaxrs/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-service-cxf", 3 | "enabled": true, 4 | "bearerOnly": true 5 | } 6 | -------------------------------------------------------------------------------- /fuse63/service-cxf-jaxrs/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "fuse-service-cxf" 7 | } -------------------------------------------------------------------------------- /fuse63/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.cxf.rs; 18 | 19 | public class Message { 20 | 21 | private String message; 22 | 23 | public Message(String message) { 24 | this.message = message; 25 | } 26 | 27 | public String getMessage() { 28 | return message; 29 | } 30 | 31 | public void setMessage(String message) { 32 | this.message = message; 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /fuse63/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Resource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.cxf.rs; 18 | 19 | import javax.servlet.http.HttpServletResponse; 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.Produces; 23 | import javax.ws.rs.core.Context; 24 | import javax.ws.rs.core.HttpHeaders; 25 | import javax.ws.rs.core.MediaType; 26 | 27 | @Path("/") 28 | public class Resource { 29 | 30 | @GET 31 | @Produces(MediaType.APPLICATION_JSON) 32 | @Path("public") 33 | public Message getPublic(@Context HttpHeaders header, @Context HttpServletResponse response){ 34 | response.setHeader("Access-Control-Allow-Origin", "*"); 35 | return new Message("cxf - public"); 36 | } 37 | 38 | @GET 39 | @Produces(MediaType.APPLICATION_JSON) 40 | @Path("secured") 41 | public Message getSecured() { 42 | return new Message("cxf - secured"); 43 | } 44 | 45 | @GET 46 | @Produces(MediaType.APPLICATION_JSON) 47 | @Path("admin") 48 | public Message getAdmin() { 49 | return new Message("cxf - admin"); 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /fuse63/service-cxf-jaxrs/src/main/resources/config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse63/service-cxf-jaxrs/src/main/resources/config/.gitkeep -------------------------------------------------------------------------------- /fuse70/app-war/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-app-jsp", 3 | "adminUrl": "http://localhost:8181/app-war-jsp", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8181/app-war-jsp/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8181" 10 | ], 11 | "publicClient": false, 12 | "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79" 13 | } 14 | -------------------------------------------------------------------------------- /fuse70/app-war/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "fuse-app-jsp", 6 | "credentials": { 7 | "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79" 8 | } 9 | } -------------------------------------------------------------------------------- /fuse70/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.fuse.appjee; 2 | 3 | import java.io.IOException; 4 | 5 | import javax.servlet.ServletException; 6 | import javax.servlet.http.HttpServlet; 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | 10 | /** 11 | * @author Marek Posolda 12 | */ 13 | public class ProtectedServlet extends HttpServlet { 14 | 15 | @Override 16 | protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 17 | req.getRequestDispatcher("index.jsp").forward(req, resp); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /fuse70/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ServiceLocator.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.fuse.appjee; 2 | 3 | import java.net.MalformedURLException; 4 | import java.net.URL; 5 | import java.util.logging.Logger; 6 | 7 | import javax.servlet.http.HttpServletRequest; 8 | 9 | /** 10 | * @author Marko Strukelj 11 | */ 12 | public class ServiceLocator { 13 | 14 | private static final Logger log = Logger.getLogger(ServiceLocator.class.getName()); 15 | 16 | public static URL getServiceUrl(HttpServletRequest req) { 17 | 18 | String uri = null; 19 | try { 20 | uri = System.getProperty("service.url"); 21 | if (uri != null) { 22 | return new URL(uri); 23 | } 24 | 25 | uri = System.getenv("SERVICE_URL"); 26 | if (uri != null) { 27 | return new URL(uri); 28 | } 29 | 30 | URL requestUrl = new URL(req.getRequestURL().toString()); 31 | 32 | String host = requestUrl.getHost(); 33 | String schema = requestUrl.getProtocol(); 34 | String port = requestUrl.getPort() != -1 ? (":" + requestUrl.getPort()) : ""; 35 | 36 | uri = schema + "://" + host + port + "/service"; 37 | return new URL(uri); 38 | 39 | } catch (MalformedURLException e) { 40 | throw new RuntimeException("Malformed url: " + uri); 41 | } finally { 42 | log.info("Service url: " + uri); 43 | } 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /fuse70/features/README.md: -------------------------------------------------------------------------------- 1 | JBoss Fuse Features 2 | =================== 3 | This module contains the Karaf feature `keycloak-fuse70-quickstarts`, which is used by `server` module to install all the other Keycloak Fuse Quickstart applications into the JBoss Fuse server. 4 | -------------------------------------------------------------------------------- /fuse70/features/src/main/resources/features.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 19 | 20 | 21 | 22 |
The Keycloak Fuse 7.0 example
23 | war 24 | camel 25 | cxf 26 | keycloak-pax-http-undertow 27 | mvn:org.keycloak.quickstarts/keycloak-fuse70-app-war-jsp/${project.version}/war 28 | mvn:org.keycloak.quickstarts/keycloak-fuse70-service-camel/${project.version} 29 | mvn:org.keycloak.quickstarts/keycloak-fuse70-service-cxf-jaxrs/${project.version} 30 |
31 | 32 |
-------------------------------------------------------------------------------- /fuse70/server/src/main/resources/install-features.cli: -------------------------------------------------------------------------------- 1 | features:addurl mvn:org.keycloak/keycloak-osgi-features/${version.keycloak}/xml/features 2 | features:addurl mvn:org.keycloak.quickstarts/keycloak-fuse70-features/${project.version}/xml/features 3 | features:install keycloak-fuse70-quickstarts 4 | -------------------------------------------------------------------------------- /fuse70/server/src/main/resources/install-features.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "JAVA_HOME=$JAVA_HOME" 3 | 4 | ./start 5 | 6 | echo "Karaf container starting" 7 | sleep 5 8 | 9 | TIMEOUT=5 10 | DELAY=1 11 | T=0 12 | 13 | RESULT=0 14 | 15 | until [ $T -gt $TIMEOUT ] 16 | do 17 | if ./client info; then 18 | echo "Server is reachable." 19 | 20 | 21 | echo "Updating Config" 22 | ./client -f update-config.cli 23 | if [ $? -ne 0 ]; then 24 | echo "Call update-config.cli failed!"; 25 | RESULT=1; 26 | else 27 | ./client config:list | grep org.ops4j.pax.url.mvn. 28 | fi 29 | 30 | echo "Installing features." 31 | ./client -f install-features.cli 32 | if [ $? -ne 0 ]; then 33 | echo "Call install-features.cli failed!"; 34 | RESULT=1; 35 | fi 36 | exit $RESULT 37 | else 38 | echo "Server is not reachable. Waiting." 39 | sleep $DELAY 40 | let T=$T+$DELAY 41 | fi 42 | done 43 | -------------------------------------------------------------------------------- /fuse70/server/src/main/resources/update-config.cli: -------------------------------------------------------------------------------- 1 | config:edit org.ops4j.pax.url.mvn 2 | config:propset org.ops4j.pax.url.mvn.localRepository ${user.home}/.m2/repository 3 | config:update 4 | 5 | features:refreshurl 6 | 7 | dev:system-property service.url ${service.url} 8 | -------------------------------------------------------------------------------- /fuse70/server/src/main/resources/users.properties: -------------------------------------------------------------------------------- 1 | karaf = karaf,_g_:admingroup 2 | _g_\:admingroup = group,admin,manager,viewer,webconsole,ssh 3 | -------------------------------------------------------------------------------- /fuse70/service-camel/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-service-camel", 3 | "enabled": true, 4 | "bearerOnly": true, 5 | "adminUrl": "http://localhost:8383/service" 6 | } 7 | -------------------------------------------------------------------------------- /fuse70/service-camel/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "fuse-service-camel" 7 | } -------------------------------------------------------------------------------- /fuse70/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.camel; 18 | 19 | 20 | public class Message { 21 | 22 | private String message; 23 | 24 | public Message(String message) { 25 | this.message = message; 26 | } 27 | 28 | public String getMessage() { 29 | return message; 30 | } 31 | 32 | public void setMessage(String message) { 33 | this.message = message; 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /fuse70/service-camel/src/main/resources/config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse70/service-camel/src/main/resources/config/.gitkeep -------------------------------------------------------------------------------- /fuse70/service-cxf-jaxrs/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "fuse-service-cxf", 3 | "enabled": true, 4 | "bearerOnly": true 5 | } 6 | -------------------------------------------------------------------------------- /fuse70/service-cxf-jaxrs/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "master", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "fuse-service-cxf" 7 | } -------------------------------------------------------------------------------- /fuse70/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.fuse.cxf.rs; 18 | 19 | public class Message { 20 | 21 | private String message; 22 | 23 | public Message(String message) { 24 | this.message = message; 25 | } 26 | 27 | public String getMessage() { 28 | return message; 29 | } 30 | 31 | public void setMessage(String message) { 32 | this.message = message; 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /fuse70/service-cxf-jaxrs/src/main/resources/config/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse70/service-cxf-jaxrs/src/main/resources/config/.gitkeep -------------------------------------------------------------------------------- /maven-settings.xml: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | org.jenkins-ci.tools 8 | 9 | 10 | 11 | 12 | jboss-public-repository 13 | 14 | 15 | jboss-public-repository-group 16 | JBoss Public Maven Repository Group 17 | http://repository.jboss.org/nexus/content/groups/public/ 18 | default 19 | 20 | true 21 | never 22 | 23 | 24 | true 25 | never 26 | 27 | 28 | 29 | 30 | 31 | jboss-public-repository-group 32 | JBoss Public Maven Repository Group 33 | http://repository.jboss.org/nexus/content/groups/public/ 34 | default 35 | 36 | true 37 | never 38 | 39 | 40 | true 41 | never 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | jboss-public-repository 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /scripts/generate_keycloak_json.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | ## This is a helper script for generating "keycloak.json" files from "keycloak-example.json". 4 | ## Use this to test your changes against the Enforcer Plugin. 5 | 6 | for f in $(find . -type f -name 'keycloak-example.json'); do 7 | cp "$f" "${f%-example.json}.json" 8 | done 9 | 10 | for f in $(find . -type f -name 'keycloak-saml-example.xml'); do 11 | cp "$f" "${f%-example.xml}.xml" 12 | done 13 | -------------------------------------------------------------------------------- /scripts/ssorepo.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | jboss-enterprise-maven-repository 4 | https://maven.repository.redhat.com/ga/ 5 | 6 | true 7 | 8 | 9 | false 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /scripts/start-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . scripts/version.sh 4 | 5 | set -v 6 | 7 | function waitForServer { 8 | # Give the server some time to start up. Look for a well-known 9 | # bit of text in the log file. Try at most 50 times before giving up. 10 | C=50 11 | while [ $C -gt 0 ] 12 | do 13 | grep "Keycloak ${VERSION} (WildFly Core .*) started" keycloak.log 14 | if [ $? -eq 0 ]; then 15 | echo "Server started." 16 | C=0 17 | else 18 | echo -n "." 19 | C=$(( $C - 1 )) 20 | fi 21 | sleep 1 22 | done 23 | } 24 | 25 | ARCHIVE="${KEYCLOAK}.tar.gz" 26 | DIST="keycloak-server-dist" 27 | URL="https://repo1.maven.org/maven2/org/keycloak/$DIST/${VERSION}/$DIST-${VERSION}.tar.gz" 28 | # Download keycloak server if we don't already have it 29 | if [[ $TRAVIS_BRANCH = "latest" ]]; 30 | then 31 | curl -o $ARCHIVE $URL 32 | tar xzf $ARCHIVE 33 | rm -f $ARCHIVE 34 | else 35 | KEYCLOAK="keycloak-server" 36 | fi 37 | 38 | cp authz-js-policies/target/authz-js-policies.jar $KEYCLOAK/standalone/deployments 39 | $KEYCLOAK/bin/add-user-keycloak.sh -u admin -p admin 40 | # Start the server 41 | $KEYCLOAK/bin/standalone.sh -Djava.net.preferIPv4Stack=true \ 42 | -Djboss.socket.binding.port-offset=100 > keycloak.log 2>&1 & 43 | 44 | waitForServer 45 | -------------------------------------------------------------------------------- /scripts/stop-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . scripts/version.sh 4 | 5 | ${KEYCLOAK}/bin/jboss-cli.sh --connect controller=127.0.0.1:10090 command=:shutdown 6 | -------------------------------------------------------------------------------- /scripts/version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export VERSION=`curl -s https://repo1.maven.org/maven2/org/keycloak/keycloak-server-dist/ | sed -e 's/<[^>]*>//g' | grep -i final | cut -d '/' -f1 | tail -n1` 4 | export KEYCLOAK="keycloak-${VERSION}" 5 | -------------------------------------------------------------------------------- /service-jee-jaxrs/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "service-jaxrs", 3 | "enabled": true, 4 | "bearerOnly": true 5 | } 6 | -------------------------------------------------------------------------------- /service-jee-jaxrs/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "service-jaxrs" 7 | } -------------------------------------------------------------------------------- /service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Application.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.jaxrs; 18 | 19 | import javax.ws.rs.ApplicationPath; 20 | 21 | @ApplicationPath("/") 22 | public class Application extends javax.ws.rs.core.Application { 23 | } 24 | -------------------------------------------------------------------------------- /service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Message.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.jaxrs; 18 | 19 | public class Message { 20 | 21 | private String message; 22 | 23 | public Message(String message) { 24 | this.message = message; 25 | } 26 | 27 | public String getMessage() { 28 | return message; 29 | } 30 | 31 | public void setMessage(String message) { 32 | this.message = message; 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Resource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.jaxrs; 18 | 19 | import javax.servlet.http.HttpServletResponse; 20 | import javax.ws.rs.GET; 21 | import javax.ws.rs.Path; 22 | import javax.ws.rs.Produces; 23 | import javax.ws.rs.core.Context; 24 | import javax.ws.rs.core.HttpHeaders; 25 | import javax.ws.rs.core.MediaType; 26 | 27 | @Path("/") 28 | public class Resource { 29 | 30 | @GET 31 | @Produces(MediaType.APPLICATION_JSON) 32 | @Path("public") 33 | public Message getPublic(@Context HttpHeaders header, @Context HttpServletResponse response){ 34 | response.setHeader("Access-Control-Allow-Origin", "*"); 35 | return new Message("public"); 36 | } 37 | 38 | @GET 39 | @Produces(MediaType.APPLICATION_JSON) 40 | @Path("secured") 41 | public Message getSecured() { 42 | return new Message("secured"); 43 | } 44 | 45 | @GET 46 | @Produces(MediaType.APPLICATION_JSON) 47 | @Path("admin") 48 | public Message getAdmin() { 49 | return new Message("admin"); 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /service-jee-jaxrs/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | always 28 | 127.0.0.1 29 | 9990 30 | ${basedir}/target/wildfly-${version.wildfly} 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /service-nodejs/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "service-nodejs", 3 | "enabled": true, 4 | "bearerOnly": true 5 | } 6 | -------------------------------------------------------------------------------- /service-nodejs/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "bearer-only": true, 4 | "auth-server-url": "http://localhost:8180/auth", 5 | "ssl-required": "external", 6 | "resource": "service-nodejs" 7 | } -------------------------------------------------------------------------------- /service-nodejs/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "service-nodejs", 3 | "version": "0.0.1", 4 | "scripts": { 5 | "start": "node app.js", 6 | "test": "tape test/*.js" 7 | }, 8 | "dependencies": { 9 | "keycloak-connect": "keycloak/keycloak-nodejs-connect", 10 | "body-parser": "^1.13.3", 11 | "express": "^4.13.3", 12 | "express-session": "^1.14.2", 13 | "cors": "^2.8.1" 14 | }, 15 | "devDependencies": { 16 | "keycloak-request-token": "^0.1.0", 17 | "keycloak-client-registration": "^0.1.0", 18 | "eslint": "^3.3.1", 19 | "eslint-config-semistandard": "^7.0.0-beta.0", 20 | "eslint-config-standard": "^6.0.0", 21 | "eslint-plugin-promise": "^3.3.0", 22 | "eslint-plugin-react": "^6.1.2", 23 | "eslint-plugin-standard": "^2.0.0", 24 | "ink-docstrap": "^1.1.4", 25 | "jsdoc": "^3.4.0", 26 | "jshint": "^2.9.1", 27 | "tape": "^4.5.1", 28 | "roi": "^0.15.0" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /service-nodejs/test/config.js: -------------------------------------------------------------------------------- 1 | var baseUrl = 'http://localhost:8180/auth'; 2 | 3 | module.exports = { 4 | registration: { 5 | endpoint: baseUrl + '/realms/quickstart/clients-registrations', 6 | accessToken: '' 7 | }, 8 | baseUrl: baseUrl, 9 | token: { 10 | username: 'alice', 11 | password: 'password', 12 | grant_type: 'password', 13 | client_id: 'test-cli', 14 | realmName: 'quickstart' 15 | }, 16 | testClient: { 17 | clientId: 'test-cli', 18 | consentRequired: "false", 19 | publicClient: "true", 20 | standardFlowEnabled: "false", 21 | directAccessGrantsEnabled: "true", 22 | fullScopeAllowed: "true" 23 | } 24 | }; 25 | -------------------------------------------------------------------------------- /service-springboot-rest/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "service-springboot", 3 | "enabled": true, 4 | "bearerOnly": true 5 | } 6 | -------------------------------------------------------------------------------- /service-springboot-rest/src/main/java/org/keycloak/quickstart/springboot/service/ProductService.java: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | package org.keycloak.quickstart.springboot.service; 18 | 19 | import java.util.Arrays; 20 | import java.util.List; 21 | import org.springframework.stereotype.Component; 22 | 23 | @Component 24 | public class ProductService { 25 | 26 | public List getProducts() { 27 | return Arrays.asList( 28 | "alpha", "bravo", "charlie", "delta", "echo", "foxtrot"); 29 | } 30 | 31 | public String getPublic() { 32 | return "public"; 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /service-springboot-rest/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port = 8081 2 | keycloak.realm=quickstart 3 | keycloak.auth-server-url=http://localhost:8180/auth 4 | keycloak.ssl-required=external 5 | keycloak.resource=service-springboot 6 | keycloak.public-client=true 7 | keycloak.bearer-only=true 8 | keycloak.securityConstraints[0].securityCollections[0].name = protected resource 9 | keycloak.securityConstraints[0].authRoles[0] = user 10 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /products 11 | keycloak.securityConstraints[0].securityCollections[0].patterns[1] = /products/ -------------------------------------------------------------------------------- /service-springboot-rest/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.compression.enabled: true 2 | server.compression.min-response-size: 1 3 | server.connection-timeout=5000 4 | server.port = 8081 5 | keycloak.realm=quickstart 6 | keycloak.auth-server-url=http://localhost:8180/auth 7 | keycloak.ssl-required=external 8 | keycloak.resource=test-demo 9 | keycloak.public-client=true 10 | keycloak.bearer-only=true 11 | keycloak.securityConstraints[0].securityCollections[0].name = protected resource 12 | keycloak.securityConstraints[0].authRoles[0] = user 13 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /products 14 | 15 | # Turn off the logs 16 | logging.level.root=OFF 17 | logging.level.org.springframework.boot=OFF 18 | spring.main.banner-mode=OFF 19 | -------------------------------------------------------------------------------- /set-version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | NEW_VERSION=$1 4 | 5 | LATEST_KEYCLOAK_VERSION=`curl -s "http://search.maven.org/solrsearch/select?q=g:org.keycloak%20AND%20a:keycloak-parent&rows=1&wt=json" | jq -r .response.docs[0].latestVersion` 6 | 7 | mvn versions:update-parent -Dversion.keycloak=$LATEST_KEYCLOAK_VERSION -DparentVersion=$NEW_VERSION -DgenerateBackupPoms=false -Pbump-version 8 | mvn versions:set -Dversion.keycloak=$LATEST_KEYCLOAK_VERSION -DnewVersion=$NEW_VERSION -DgenerateBackupPoms=false -DgroupId=org.keycloak* -DartifactId=* -Pbump-version 9 | 10 | sed -i "s|keycloak/keycloak:.*|keycloak/keycloak:$NEW_VERSION|" kubernetes-examples/keycloak.yaml 11 | sed -i "s|keycloak/keycloak:.*|keycloak/keycloak:$NEW_VERSION|" openshift-examples/keycloak.yaml 12 | -------------------------------------------------------------------------------- /travis-run-tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | if [ $1 == "group1" ]; then 4 | for i in `mvn -q --also-make exec:exec -Dexec.executable="pwd" | awk -F '/' '{if (NR > 1) print $NF}'`; 5 | do 6 | # FIXME Workaround to skip Angular.js app on Travis CI while we figure out the best way to fix the issues with Selenium 7 | if [ "$i" = "app-angular2" -o "$i" = "app-authz-uma-photoz" -o "$i" = "app-authz-photoz" -o "$i" = "photoz-html5-client" -o "$i" = "photoz-js-policies" -o "$i" = "photoz-restful-api" -o "$i" = "photoz-testsuite" -o "$i" = "app-profile-jee-html5" ]; then 8 | continue 9 | fi 10 | mvn -B -s maven-settings.xml clean install -Pwildfly-managed -Denforcer.skip=true -f $i 11 | done 12 | fi 13 | 14 | if [ $1 == "group2" ]; then 15 | mvn -B -s maven-settings.xml test -Pwildfly-managed -f action-token-authenticator/pom.xml /dev/null& 28 | cd ../app-springboot 29 | mvn -B -s ../maven-settings.xml clean test -Pspring-boot 30 | fi 31 | 32 | if [ $1 == "group5" ]; then 33 | mvn -B -s maven-settings.xml test -Pkeycloak-remote -f user-storage-jpa 34 | mvn -B -s maven-settings.xml test -Pkeycloak-remote -f user-storage-simple 35 | fi 36 | if [ $1 == "group6" ] && [ $TRAVIS_PULL_REQUEST == "false" ]; then 37 | ./productize.sh 38 | exit 0 39 | fi 40 | if [ $1 == "group7" ]; then 41 | mvn -B -s maven-settings.xml test -Pkeycloak-remote -f event-listener-sysout 42 | mvn -B -s maven-settings.xml test -Pkeycloak-remote -f event-store-mem 43 | fi 44 | -------------------------------------------------------------------------------- /travis-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | REPO="https://github.com/keycloak/keycloak.git" 4 | 5 | echo "Building $TRAVIS_BRANCH" 6 | 7 | if [[ $TRAVIS_BRANCH != "latest" ]]; then 8 | # Temporarily commented 9 | # git clone --depth 1 $REPO > /dev/null 2>&1 && cd keycloak 10 | # Clone Keycloak repo 11 | git clone $REPO > /dev/null 2>&1 && cd keycloak 12 | 13 | # The exact version of Keycloak based on Maven 14 | VERSION=`grep -A1 "keycloak-parent" pom.xml | grep ".*$" | awk -F'[><]' '{print $3}'` 15 | 16 | # Build the repository based on jboss-public-repository 17 | mvn -s ../maven-settings.xml clean install --no-snapshot-updates -Pdistribution -DskipTestsuite -DskipTests=true -B -V 18 | 19 | # Extract and start the Keycloak server distribution 20 | mkdir ../keycloak-server && tar xzf distribution/server-dist/target/keycloak-$VERSION.tar.gz -C ../keycloak-server --strip-components 1 21 | cd .. && ./scripts/start-server.sh 22 | 23 | else 24 | ./scripts/start-server.sh 25 | fi 26 | -------------------------------------------------------------------------------- /user-storage-jpa/src/main/resources/META-INF/persistence.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | java:jboss/datasources/ExampleXADS 9 | 10 | org.keycloak.quickstart.storage.user.UserEntity 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /user-storage-jpa/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory: -------------------------------------------------------------------------------- 1 | org.keycloak.quickstart.storage.user.EjbExampleUserStorageProviderFactory -------------------------------------------------------------------------------- /user-storage-jpa/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 19 | 20 | 127.0.0.1 21 | 10090 22 | admin 23 | admin 24 | 25 | 26 | 27 | 28 | phantomjs 29 | 30 | 31 | -------------------------------------------------------------------------------- /user-storage-simple/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory: -------------------------------------------------------------------------------- 1 | org.keycloak.quickstart.readonly.PropertyFileUserStorageProviderFactory 2 | org.keycloak.quickstart.writeable.PropertyFileUserStorageProviderFactory -------------------------------------------------------------------------------- /user-storage-simple/src/main/resources/users.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | # and other contributors as indicated by the @author tags. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | tbrady=superbowl -------------------------------------------------------------------------------- /user-storage-simple/src/test/java/org/keycloak/quickstart/util/StorageManager.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.util; 2 | 3 | import java.io.FileWriter; 4 | import java.io.IOException; 5 | import java.nio.file.Files; 6 | import java.nio.file.Path; 7 | import java.util.Properties; 8 | 9 | /** 10 | * @author Bruno Oliveira 11 | */ 12 | public class StorageManager { 13 | 14 | private static final String TMP_DIR_PREFIX = "user_storage_"; 15 | private static final Properties props = new Properties(); 16 | private static Path file; 17 | 18 | public static String getPropertyFile() { 19 | return file.toFile().getAbsoluteFile().toString(); 20 | } 21 | 22 | public static void createStorage() { 23 | try { 24 | Path path = Files.createTempDirectory(TMP_DIR_PREFIX); 25 | file = path.resolve("example-users.properties"); 26 | } catch (IOException e) { 27 | e.printStackTrace(); 28 | } 29 | } 30 | 31 | public static void addUser(String user, String password) { 32 | try { 33 | props.setProperty(user, password); 34 | FileWriter writer = new FileWriter(file.toFile()); 35 | props.store(writer, "Added user"); 36 | writer.close(); 37 | } catch (IOException e) { 38 | e.printStackTrace(); 39 | } 40 | } 41 | 42 | public static void deleteStorage() { 43 | try { 44 | Files.delete(file); 45 | } catch (IOException e) { 46 | e.printStackTrace(); 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /user-storage-simple/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 19 | 20 | 127.0.0.1 21 | 10090 22 | admin 23 | admin 24 | 25 | 26 | 27 | 28 | phantomjs 29 | 30 | 31 | --------------------------------------------------------------------------------