├── .gitignore ├── .travis.yml ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── app-angular2 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app │ │ ├── app.component.css │ │ ├── app.component.html │ │ ├── app.component.js │ │ ├── app.component.js.map │ │ ├── app.component.ts │ │ ├── app.module.js │ │ ├── app.module.js.map │ │ ├── app.module.ts │ │ └── keycloak-service │ │ │ ├── keycloak.d.ts │ │ │ ├── keycloak.http.js │ │ │ ├── keycloak.http.js.map │ │ │ ├── keycloak.http.ts │ │ │ ├── keycloak.js │ │ │ ├── keycloak.service.js │ │ │ ├── keycloak.service.js.map │ │ │ └── keycloak.service.ts │ │ ├── index.html │ │ ├── main.js │ │ ├── main.js.map │ │ ├── main.ts │ │ ├── package.json │ │ ├── styles.css │ │ ├── systemjs-angular-loader.js │ │ ├── systemjs.config.extras.js │ │ ├── systemjs.config.js │ │ ├── tsconfig.json │ │ └── yarn.lock │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianAngular2Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-authz-jee-servlet ├── README.md ├── config │ ├── keycloak-example.json │ └── realm-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── Controller.java │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── accessDenied.jsp │ │ ├── include-logout.jsp │ │ ├── index.jsp │ │ ├── protected │ │ ├── admin │ │ │ └── onlyAdmin.jsp │ │ ├── dynamicMenu.jsp │ │ └── premium │ │ │ └── onlyPremium.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJeeAuthzTest.java │ │ └── page │ │ └── AuthzPage.java │ └── resources │ ├── arquillian.xml │ ├── keycloak.json │ └── quickstart-realm.json ├── app-authz-jee-vanilla ├── README.md ├── config │ ├── client-import.json │ ├── keycloak-example.json │ └── realm-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── Controller.java │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── error.jsp │ │ ├── include-logout.jsp │ │ └── index.jsp │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJeeAuthzVanillaTest.java │ │ └── page │ │ └── AuthzPage.java │ └── resources │ ├── arquillian.xml │ ├── keycloak.json │ └── quickstart-realm.json ├── app-authz-photoz ├── README.md ├── photoz-html5-client │ ├── pom.xml │ └── src │ │ └── main │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.html │ │ ├── js │ │ ├── app.js │ │ └── identity.js │ │ ├── keycloak.json │ │ ├── lib │ │ ├── angular │ │ │ ├── angular-resource.min.js │ │ │ ├── angular-route.min.js │ │ │ └── angular.min.js │ │ └── jwt-decode.min.js │ │ └── partials │ │ ├── admin │ │ └── albums.html │ │ ├── album │ │ ├── create.html │ │ └── detail.html │ │ ├── home.html │ │ └── profile.html ├── photoz-js-policies │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── META-INF │ │ └── keycloak-scripts.json │ │ ├── only-from-specific-client-address.js │ │ ├── only-keycloak-domain-or-admin.js │ │ └── only-owner.js ├── photoz-realm.json ├── photoz-restful-api │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── example │ │ │ └── photoz │ │ │ ├── ErrorResponse.java │ │ │ ├── PhotozApplication.java │ │ │ ├── admin │ │ │ └── AdminAlbumService.java │ │ │ ├── album │ │ │ ├── AlbumService.java │ │ │ ├── ProfileService.java │ │ │ └── SharedAlbum.java │ │ │ ├── entity │ │ │ ├── Album.java │ │ │ └── Photo.java │ │ │ └── util │ │ │ ├── Resources.java │ │ │ ├── Transaction.java │ │ │ └── TransactionInterceptor.java │ │ ├── resources │ │ ├── META-INF │ │ │ ├── beans.xml │ │ │ └── persistence.xml │ │ └── photoz-restful-api-authz-service.json │ │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ └── WEB-INF │ │ └── web.xml ├── photoz-testsuite │ ├── pom.xml │ └── src │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── uma │ │ │ ├── ArquillianAuthzUMATest.java │ │ │ └── page │ │ │ ├── ConsentPage.java │ │ │ └── PhotozPage.java │ │ └── resources │ │ ├── arquillian.xml │ │ └── quickstart-realm.json └── pom.xml ├── app-authz-rest-employee ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-rest-springboot ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-spring-security ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springsecurity │ │ │ └── web │ │ │ ├── ApplicationController.java │ │ │ ├── Identity.java │ │ │ ├── MyApplication.java │ │ │ └── SecurityConfig.java │ └── resources │ │ ├── application.properties │ │ ├── keycloak.json │ │ └── templates │ │ ├── access-denied.ftl │ │ ├── alice.ftl │ │ ├── home.ftl │ │ ├── premium.ftl │ │ └── protected.ftl │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springsecurity │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-springboot ├── README.md ├── config │ └── quickstart-realm.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── MyApplication.java │ │ │ ├── security │ │ │ └── Identity.java │ │ │ └── web │ │ │ └── ApplicationController.java │ └── resources │ │ ├── application.properties │ │ ├── application.properties.path.entitlements │ │ └── templates │ │ ├── access-denied.ftl │ │ ├── home.ftl │ │ ├── premium.ftl │ │ └── protected.ftl │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── MyAppTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── app-authz-uma-photoz ├── README.md ├── photoz-html5-client │ ├── pom.xml │ └── src │ │ └── main │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.html │ │ ├── js │ │ ├── app.js │ │ └── identity.js │ │ ├── keycloak.json │ │ ├── lib │ │ ├── angular │ │ │ ├── angular-resource.min.js │ │ │ ├── angular-route.min.js │ │ │ └── angular.min.js │ │ └── jwt-decode.min.js │ │ └── partials │ │ ├── admin │ │ └── albums.html │ │ ├── album │ │ ├── create.html │ │ └── detail.html │ │ ├── home.html │ │ └── profile.html ├── photoz-js-policies │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── META-INF │ │ └── keycloak-scripts.json │ │ ├── only-from-specific-client-address.js │ │ ├── only-keycloak-domain-or-admin.js │ │ └── only-owner.js ├── photoz-realm.json ├── photoz-restful-api │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── example │ │ │ └── photoz │ │ │ ├── ErrorResponse.java │ │ │ ├── PhotozApplication.java │ │ │ ├── admin │ │ │ └── AdminAlbumService.java │ │ │ ├── album │ │ │ ├── AlbumService.java │ │ │ ├── ProfileService.java │ │ │ └── SharedAlbum.java │ │ │ ├── entity │ │ │ ├── Album.java │ │ │ └── Photo.java │ │ │ └── util │ │ │ ├── Resources.java │ │ │ ├── Transaction.java │ │ │ └── TransactionInterceptor.java │ │ ├── resources │ │ └── META-INF │ │ │ ├── beans.xml │ │ │ └── persistence.xml │ │ └── webapp │ │ ├── META-INF │ │ └── jboss-deployment-structure.xml │ │ └── WEB-INF │ │ ├── keycloak.json │ │ └── web.xml ├── photoz-testsuite │ ├── pom.xml │ └── src │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── uma │ │ │ ├── ArquillianAuthzUMATest.java │ │ │ └── page │ │ │ ├── ConsentPage.java │ │ │ └── PhotozPage.java │ │ └── resources │ │ ├── arquillian.xml │ │ └── quickstart-realm.json └── pom.xml ├── app-jee-html5 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app.js │ │ ├── index.html │ │ ├── keycloak.js │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianJeeHtml5Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── protected.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianJeeJspTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-html5 ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── app.js │ │ ├── index.html │ │ ├── keycloak.js │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeHtml5Test.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ ├── jboss-deployment-structure.xml │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeJspTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── app-profile-jee-vanilla ├── README.md ├── config │ └── client-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileJeeVanillaTest.java │ └── resources │ ├── arquillian.xml │ ├── quickstart-realm.json │ └── standalone-test.xml ├── app-profile-saml-jee-jsp ├── README.md ├── config │ ├── client-import.json │ └── keycloak-saml-example.xml ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── profilejee │ │ │ └── Controller.java │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ ├── profile.jsp │ │ └── styles.css │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── ArquillianProfileSamlJeeJspTest.java │ └── resources │ ├── arquillian.xml │ ├── keycloak-saml.xml │ ├── quickstart-realm.json │ └── standalone-test.xml ├── authz-js-policies ├── pom.xml └── src │ └── main │ └── resources │ ├── META-INF │ └── keycloak-scripts.json │ ├── always-grant.js │ ├── match-user-from-uri.js │ ├── only-owner.js │ └── pushed-claim-from-request.js ├── config └── partial-import.json ├── docs ├── getting-started.md ├── pull_request_template.md └── test-development.md ├── fuse63 ├── README.md ├── app-war │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ProtectedServlet.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ │ └── webapp │ │ ├── WEB-INF │ │ ├── jetty-web.xml │ │ └── web.xml │ │ ├── index.jsp │ │ └── styles.css ├── features │ ├── README.md │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ └── features.xml ├── pom.xml ├── server │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── install-features.cli │ │ ├── install-features.sh │ │ ├── update-config.cli │ │ └── users.properties ├── service-camel │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── camel │ │ │ ├── CamelHelloProcessor.java │ │ │ └── Message.java │ │ └── resources │ │ ├── OSGI-INF │ │ └── blueprint │ │ │ └── blueprint.xml │ │ └── config │ │ └── .gitkeep └── service-cxf-jaxrs │ ├── README.md │ ├── config │ ├── client-import.json │ └── keycloak-example.json │ ├── pom.xml │ └── src │ └── main │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── fuse │ │ └── cxf │ │ └── rs │ │ ├── Message.java │ │ └── Resource.java │ └── resources │ ├── META-INF │ └── spring │ │ └── beans.xml │ └── config │ └── .gitkeep ├── fuse70 ├── README.md ├── app-war │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── appjee │ │ │ ├── Controller.java │ │ │ ├── ProtectedServlet.java │ │ │ ├── ServiceClient.java │ │ │ └── ServiceLocator.java │ │ └── webapp │ │ ├── WEB-INF │ │ └── web.xml │ │ ├── index.jsp │ │ └── styles.css ├── features │ ├── README.md │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ └── features.xml ├── pom.xml ├── server │ ├── pom.xml │ └── src │ │ └── main │ │ └── resources │ │ ├── install-features.cli │ │ ├── install-features.sh │ │ ├── update-config.cli │ │ └── users.properties ├── service-camel │ ├── README.md │ ├── config │ │ ├── client-import.json │ │ └── keycloak-example.json │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── fuse │ │ │ └── camel │ │ │ ├── CamelHelloProcessor.java │ │ │ └── Message.java │ │ └── resources │ │ ├── OSGI-INF │ │ └── blueprint │ │ │ └── blueprint.xml │ │ └── config │ │ └── .gitkeep └── service-cxf-jaxrs │ ├── README.md │ ├── config │ ├── client-import.json │ └── keycloak-example.json │ ├── pom.xml │ └── src │ └── main │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── fuse │ │ └── cxf │ │ └── rs │ │ ├── Message.java │ │ └── Resource.java │ └── resources │ ├── OSGI-INF │ └── blueprint │ │ └── blueprint.xml │ └── config │ └── .gitkeep ├── maven-settings.xml ├── pom.xml ├── productize.sh ├── quickstart-realm.json ├── scripts ├── generate_keycloak_json.sh ├── ssorepo.txt ├── start-server.sh ├── stop-server.sh └── version.sh ├── service-jee-jaxrs ├── README.md ├── config │ ├── client-import.json │ └── keycloak-example.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── jaxrs │ │ │ ├── Application.java │ │ │ ├── Message.java │ │ │ └── Resource.java │ └── webapp │ │ └── WEB-INF │ │ └── web.xml │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── jaxrs │ │ └── ArquillianServiceJeeJaxrsTest.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json ├── service-nodejs ├── README.md ├── app.js ├── client-import.json ├── keycloak.json ├── package-lock.json ├── package.json └── test │ ├── app-test.js │ └── config.js ├── service-springboot-rest ├── README.md ├── config │ └── client-import.json ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── springboot │ │ │ ├── ProductServiceApplication.java │ │ │ ├── service │ │ │ └── ProductService.java │ │ │ └── web │ │ │ └── ProductServiceController.java │ └── resources │ │ └── application.properties │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ └── springboot │ │ └── ProductServiceTest.java │ └── resources │ ├── application.properties │ └── quickstart-realm.json ├── set-version.sh ├── travis-run-tests.sh ├── travis-server.sh ├── user-storage-jpa ├── README.md ├── pom.xml └── src │ ├── main │ ├── java │ │ └── org │ │ │ └── keycloak │ │ │ └── quickstart │ │ │ └── storage │ │ │ └── user │ │ │ ├── EjbExampleUserStorageProvider.java │ │ │ ├── EjbExampleUserStorageProviderFactory.java │ │ │ ├── UserAdapter.java │ │ │ └── UserEntity.java │ └── resources │ │ └── META-INF │ │ ├── persistence.xml │ │ └── services │ │ └── org.keycloak.storage.UserStorageProviderFactory │ └── test │ ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── ArquillianJpaStorageTest.java │ │ └── page │ │ └── ConsolePage.java │ └── resources │ ├── arquillian.xml │ └── quickstart-realm.json └── user-storage-simple ├── README.md ├── pom.xml └── src ├── main ├── java │ └── org │ │ └── keycloak │ │ └── quickstart │ │ ├── readonly │ │ ├── PropertyFileUserStorageProvider.java │ │ └── PropertyFileUserStorageProviderFactory.java │ │ └── writeable │ │ ├── PropertyFileUserStorageProvider.java │ │ └── PropertyFileUserStorageProviderFactory.java └── resources │ ├── META-INF │ └── services │ │ └── org.keycloak.storage.UserStorageProviderFactory │ └── users.properties └── test ├── java └── org │ └── keycloak │ └── quickstart │ ├── ArquillianSimpleStorageTest.java │ ├── page │ └── ConsolePage.java │ └── util │ └── StorageManager.java └── resources ├── arquillian.xml └── quickstart-realm.json /.gitignore: -------------------------------------------------------------------------------- 1 | **/config/keycloak.json 2 | **/config/keycloak-saml.xml 3 | **/WEB-INF/keycloak.json 4 | *.orig 5 | 6 | # Intellij 7 | ################### 8 | .idea 9 | *.iml 10 | 11 | # Eclipse # 12 | ########### 13 | .project 14 | .settings 15 | .classpath 16 | 17 | # NetBeans # 18 | ############ 19 | nbactions.xml 20 | nb-configuration.xml 21 | catalog.xml 22 | nbproject 23 | 24 | # Compiled source # 25 | ################### 26 | *.com 27 | *.class 28 | *.dll 29 | *.exe 30 | *.o 31 | *.so 32 | 33 | # Packages # 34 | ############ 35 | # it's better to unpack these files and commit the raw source 36 | # git has its own built in compression methods 37 | *.7z 38 | *.dmg 39 | *.gz 40 | *.iso 41 | *.jar 42 | *.rar 43 | *.tar 44 | *.zip 45 | 46 | # Logs and databases # 47 | ###################### 48 | *.log 49 | 50 | # Maven # 51 | ######### 52 | target 53 | 54 | 55 | # Node.js # 56 | ########### 57 | node_modules 58 | /app-angular2/src/main/webapp/node -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: java 2 | dist: trusty 3 | addons: 4 | apt: 5 | packages: 6 | - lynx 7 | 8 | jdk: 9 | - oraclejdk8 10 | 11 | env: 12 | global: 13 | - MAVEN_SKIP_RC=true 14 | - MAVEN_OPTS="-Xms512m -Xmx2048m" 15 | matrix: 16 | - TESTS=group1 17 | - TESTS=group2 18 | - TESTS=group3 19 | - TESTS=group4 20 | - TESTS=group5 21 | - TESTS=group6 22 | - TESTS=group7 23 | 24 | before_install: 25 | - ./travis-server.sh 26 | - ./scripts/generate_keycloak_json.sh 27 | 28 | install: 29 | - travis_wait 20 mvn -s maven-settings.xml clean install --no-snapshot-updates -B -V -q 30 | - mvn -s maven-settings.xml -Padd-datasource install -Djboss.server.port=10090 -f user-storage-jpa -q 31 | 32 | before_script: 33 | - export MAVEN_SKIP_RC=true 34 | 35 | script: 36 | - ./travis-run-tests.sh $TESTS 37 | 38 | after_install: 39 | - ./scripts/stop-server.sh 40 | - kill -9 `cat pid.txt` 41 | 42 | after_failure: 43 | - if [ -f ${HOME}/keycloak.log ]; then lynx -dump ${HOME}/keycloak.log; fi 44 | 45 | sudo: false 46 | -------------------------------------------------------------------------------- /app-angular2/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-angular2", 3 | "rootUrl": "http://localhost:8080/app-angular2", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-angular2/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": true 12 | } 13 | -------------------------------------------------------------------------------- /app-angular2/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-angular2", 6 | "public-client": true 7 | } -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/app-angular2/src/main/webapp/app/app.component.css -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.html: -------------------------------------------------------------------------------- 1 | 17 |
18 |
19 | 20 | 21 | 22 |
23 | 24 |
25 | 26 | 27 | 28 | 29 |
{{message}}
30 |
31 |
-------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.component.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"app.component.js","sourceRoot":"","sources":["app.component.ts"],"names":[],"mappings":";;;;;;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,sCAA0C;AAC1C,sCAAsE;AAEtE,wEAAoE;AAEpE,mCAAiC;AACjC,iCAA+B;AAO/B,IAAa,YAAY;IAOvB,sBAAoB,IAAU,EAAU,EAAmB;QAAvC,SAAI,GAAJ,IAAI,CAAM;QAAU,OAAE,GAAF,EAAE,CAAiB;QALnD,eAAU,GAAW,gCAAgC,CAAC;QAGvD,eAAU,GAAW,EAAE,CAAC;IAG/B,CAAC;IAED,oCAAa,GAAb;QACE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC;IACjC,CAAC;IAED,4BAAK,GAAL;QACE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAED,6BAAM,GAAN;QACE,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACnB,CAAC;IAED,8BAAO,GAAP;QACE,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC;IACpB,CAAC;IAED,8BAAO,GAAP,UAAQ,QAAgB;QAAxB,iBAIC;QAHC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;aACpC,SAAS,CAAC,UAAC,GAAa,IAAK,OAAA,KAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAI,CAAC,EAA9B,CAA8B,EACjD,UAAC,KAAe,IAAK,OAAA,KAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,KAAI,CAAC,EAApC,CAAoC,CAAC,CAAC;IAC5E,CAAC;IAEO,qCAAc,GAAtB,UAAuB,GAAa,EAAE,IAAkB;QACtD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,WAAW,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC;IAClD,CAAC;IAEO,yCAAkB,GAA1B,UAA2B,KAAe,EAAE,IAAkB;QAC5D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;QAC1B,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC;QAClC,CAAC;QAAC,IAAI,CAAC,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC;QACvD,CAAC;IACH,CAAC;IACH,mBAAC;AAAD,CAAC,AA7CD,IA6CC;AA7CY,YAAY;IALxB,gBAAS,CAAC;QACT,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sBAAsB;QACnC,SAAS,EAAE,CAAC,qBAAqB,CAAC;KACnC,CAAC;qCAQ0B,WAAI,EAAc,kCAAe;GAPhD,YAAY,CA6CxB;AA7CY,oCAAY"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.module.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"app.module.js","sourceRoot":"","sources":["app.module.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,8DAA0D;AAC1D,sCAAyC;AACzC,sCAA2C;AAE3C,wEAAsE;AACtE,kEAAuF;AAEvF,iDAA+C;AAe/C,IAAa,SAAS;IAAtB;IAAyB,CAAC;IAAD,gBAAC;AAAD,CAAC,AAA1B,IAA0B;AAAb,SAAS;IAZrB,eAAQ,CAAC;QACR,YAAY,EAAE,CAAE,4BAAY,CAAE;QAC9B,OAAO,EAAE;YACP,gCAAa;YACb,iBAAU;SACX;QACD,SAAS,EAAE;YACT,kCAAe;YACf,sCAAsB;SACvB;QACD,SAAS,EAAE,CAAC,4BAAY,CAAC;KAC1B,CAAC;GACW,SAAS,CAAI;AAAb,8BAAS"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/app.module.ts: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Red Hat, Inc. and/or its affiliates 3 | * and other contributors as indicated by the @author tags. 4 | * 5 | * Licensed under the Apache License, Version 2.0 (the "License"); 6 | * you may not use this file except in compliance with the License. 7 | * You may obtain a copy of the License at 8 | * 9 | * http://www.apache.org/licenses/LICENSE-2.0 10 | * 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | import { BrowserModule } from '@angular/platform-browser'; 18 | import { NgModule } from '@angular/core'; 19 | import { HttpModule } from '@angular/http'; 20 | 21 | import { KeycloakService } from './keycloak-service/keycloak.service'; 22 | import { KeycloakHttp,KEYCLOAK_HTTP_PROVIDER } from './keycloak-service/keycloak.http'; 23 | 24 | import { AppComponent } from './app.component'; 25 | 26 | 27 | @NgModule({ 28 | declarations: [ AppComponent ], 29 | imports: [ 30 | BrowserModule, 31 | HttpModule 32 | ], 33 | providers: [ 34 | KeycloakService, 35 | KEYCLOAK_HTTP_PROVIDER 36 | ], 37 | bootstrap: [AppComponent] 38 | }) 39 | export class AppModule { } 40 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/keycloak-service/keycloak.http.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"keycloak.http.js","sourceRoot":"","sources":["keycloak.http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;;;;;AAEH,sCAAyC;AACzC,sCAAkI;AAElI,uDAAmD;AACnD,8BAAmC;AAEnC;;GAEG;AAEH,IAAa,YAAY;IAAS,gCAAI;IACpC,sBAAY,QAA2B,EAAE,eAA+B,EAAU,gBAAiC;QAAnH,YACE,kBAAM,QAAQ,EAAE,eAAe,CAAC,SACjC;QAFiF,sBAAgB,GAAhB,gBAAgB,CAAiB;;IAEnH,CAAC;IAED,8BAAO,GAAP,UAAQ,GAAqB,EAAE,OAA4B;QAA3D,iBAiBC;QAhBC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC;YAAC,MAAM,CAAC,iBAAM,OAAO,YAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE/E,IAAM,YAAY,GAAoB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACvE,IAAM,eAAe,GAAuB,eAAU,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAEjF,EAAE,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,UAAA,KAAK;gBAC9B,IAAM,WAAW,GAAG,IAAI,qBAAc,CAAC,EAAC,OAAO,EAAE,IAAI,cAAO,CAAC,EAAC,eAAe,EAAE,SAAS,GAAG,KAAK,EAAC,CAAC,EAAC,CAAC,CAAC;gBACrG,MAAM,CAAC,IAAI,qBAAc,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC,SAAS,CAAC,UAAA,IAAI,IAAI,OAAA,iBAAM,OAAO,aAAC,GAAG,EAAE,IAAI,CAAC,EAAxB,CAAwB,CAAC,CAAC;QACjD,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,YAAY,cAAO,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,UAAA,KAAK;gBAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,GAAG,KAAK,CAAC,CAAC;gBACpD,MAAM,CAAC,GAAG,CAAC;YACb,CAAC,CAAC,CAAC,SAAS,CAAC,UAAA,OAAO,IAAI,OAAA,iBAAM,OAAO,aAAC,OAAO,CAAC,EAAtB,CAAsB,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IACH,mBAAC;AAAD,CAAC,AAvBD,CAAkC,WAAI,GAuBrC;AAvBY,YAAY;IADxB,iBAAU,EAAE;qCAEW,wBAAiB,EAAmB,qBAAc,EAA4B,kCAAe;GADxG,YAAY,CAuBxB;AAvBY,oCAAY;AAyBzB,6BAAoC,OAAmB,EAAE,cAA8B,EAAE,eAAgC;IACvH,MAAM,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;AACpE,CAAC;AAFD,kDAEC;AAEY,QAAA,sBAAsB,GAAG;IACpC,OAAO,EAAE,WAAI;IACb,UAAU,EAAE,mBAAmB;IAC/B,IAAI,EAAE,CAAC,iBAAU,EAAE,qBAAc,EAAE,kCAAe,CAAC;CACpD,CAAC"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/app/keycloak-service/keycloak.service.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"keycloak.service.js","sourceRoot":"","sources":["keycloak.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;AAEH,qCAAqC;AAErC,sCAAyC;AAEzC,IAAI,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,2BAA2B;AAIjE,IAAa,eAAe;IAA5B;IA+CA,CAAC;IA5CU,oBAAI,GAAX,UAAY,OAAa;QACrB,MAAM,CAAC,IAAI,OAAO,CAAC,UAAC,OAAO,EAAE,MAAM;YAC/B,iBAAe,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;iBACrC,OAAO,CAAC;gBACL,OAAO,EAAE,CAAC;YACd,CAAC,CAAC;iBACD,KAAK,CAAC,UAAC,SAAc;gBAClB,MAAM,CAAC,SAAS,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;QACX,CAAC,CAAC,CAAC;IACP,CAAC;IAED,uCAAa,GAAb;QACI,MAAM,CAAC,iBAAe,CAAC,YAAY,CAAC,aAAa,CAAC;IACtD,CAAC;IAED,+BAAK,GAAL;QACI,iBAAe,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,gCAAM,GAAN;QACI,iBAAe,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;IAC1C,CAAC;IAED,iCAAO,GAAP;QACI,iBAAe,CAAC,YAAY,CAAC,iBAAiB,EAAE,CAAC;IACrD,CAAC;IAED,kCAAQ,GAAR;QACI,MAAM,CAAC,IAAI,OAAO,CAAS,UAAC,OAAO,EAAE,MAAM;YACvC,EAAE,CAAC,CAAC,iBAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrC,iBAAe,CAAC,YAAY;qBACvB,WAAW,CAAC,CAAC,CAAC;qBACd,OAAO,CAAC;oBACL,OAAO,CAAS,iBAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;gBACxD,CAAC,CAAC;qBACD,KAAK,CAAC;oBACH,MAAM,CAAC,yBAAyB,CAAC,CAAC;gBACtC,CAAC,CAAC,CAAC;YACX,CAAC;YAAC,IAAI,CAAC,CAAC;gBACJ,MAAM,CAAC,eAAe,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IACL,sBAAC;AAAD,CAAC,AA/CD,IA+CC;AA9CU,4BAAY,GAAmB,QAAQ,EAAE,CAAC;AADxC,eAAe;IAD3B,iBAAU,EAAE;GACA,eAAe,CA+C3B;AA/CY,0CAAe"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | 20 | Keycloak Example App 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 43 | Loading app... 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | /* 3 | * JBoss, Home of Professional Open Source 4 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 5 | * contributors by the @authors tag. See the copyright.txt in the 6 | * distribution for a full listing of individual contributors. 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); 9 | * you may not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | */ 18 | var core_1 = require("@angular/core"); 19 | var platform_browser_dynamic_1 = require("@angular/platform-browser-dynamic"); 20 | var app_module_1 = require("./app/app.module"); 21 | var keycloak_service_1 = require("./app/keycloak-service/keycloak.service"); 22 | core_1.enableProdMode(); 23 | keycloak_service_1.KeycloakService.init({ onLoad: 'check-sso', checkLoginIframeInterval: 1 }) 24 | .then(function () { 25 | platform_browser_dynamic_1.platformBrowserDynamic().bootstrapModule(app_module_1.AppModule); 26 | }) 27 | .catch(function (e) { 28 | console.log('Error in ng2 bootstrap: ' + e); 29 | }); 30 | //# sourceMappingURL=main.js.map -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.js.map: -------------------------------------------------------------------------------- 1 | {"version":3,"file":"main.js","sourceRoot":"","sources":["main.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;AACH,sCAA+C;AAC/C,8EAA2E;AAG3E,+CAA6C;AAE7C,4EAA0E;AAE1E,qBAAc,EAAE,CAAC;AAEjB,kCAAe,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC,EAAE,CAAC;KACrE,IAAI,CAAC;IACF,iDAAsB,EAAE,CAAC,eAAe,CAAC,sBAAS,CAAC,CAAC;AACxD,CAAC,CAAC;KACD,KAAK,CAAC,UAAC,CAAS;IACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,GAAG,CAAC,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC"} -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/main.ts: -------------------------------------------------------------------------------- 1 | /* 2 | * JBoss, Home of Professional Open Source 3 | * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual 4 | * contributors by the @authors tag. See the copyright.txt in the 5 | * distribution for a full listing of individual contributors. 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * Unless required by applicable law or agreed to in writing, software 12 | * distributed under the License is distributed on an "AS IS" BASIS, 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | * See the License for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | import { enableProdMode } from '@angular/core'; 18 | import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'; 19 | import { platformBrowser } from '@angular/platform-browser'; 20 | 21 | import { AppModule } from './app/app.module'; 22 | 23 | import { KeycloakService } from './app/keycloak-service/keycloak.service'; 24 | 25 | enableProdMode(); 26 | 27 | KeycloakService.init({ onLoad: 'check-sso', checkLoginIframeInterval: 1 }) 28 | .then(() => { 29 | platformBrowserDynamic().bootstrapModule(AppModule); 30 | }) 31 | .catch((e: string) => { 32 | console.log('Error in ng2 bootstrap: ' + e); 33 | }); 34 | 35 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "app-angular2", 3 | "version": "1.0.0", 4 | "description": "Keycloak Quickstart written in Angular 2", 5 | "scripts": { 6 | "build": "tsc -p ./", 7 | "build:watch": "tsc -p ./ -w" 8 | }, 9 | "keywords": [], 10 | "author": "Stan Silvert", 11 | "license": "Apache 2.0", 12 | "dependencies": { 13 | "@angular/common": "~4.0.0", 14 | "@angular/compiler": "~4.0.0", 15 | "@angular/core": "~4.0.0", 16 | "@angular/forms": "~4.0.0", 17 | "@angular/http": "~4.0.0", 18 | "@angular/platform-browser": "~4.0.0", 19 | "@angular/platform-browser-dynamic": "~4.0.0", 20 | "@angular/router": "~4.0.0", 21 | "angular-in-memory-web-api": "~0.3.0", 22 | "core-js": "^2.4.1", 23 | "rxjs": "5.0.1", 24 | "systemjs": "0.19.40", 25 | "zone.js": "^0.8.4" 26 | }, 27 | "devDependencies": { 28 | "concurrently": "^3.2.0", 29 | "typescript": "~2.1.0", 30 | "canonical-path": "0.0.2", 31 | "lodash": "^4.16.4", 32 | "rimraf": "^2.5.4", 33 | "@types/node": "^6.0.46" 34 | }, 35 | "repository": { 36 | "type": "git", 37 | "url" : "git://github.com/keycloak/keycloak-quickstarts.git" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs-angular-loader.js: -------------------------------------------------------------------------------- 1 | var templateUrlRegex = /templateUrl\s*:(\s*['"`](.*?)['"`]\s*)/gm; 2 | var stylesRegex = /styleUrls *:(\s*\[[^\]]*?\])/g; 3 | var stringRegex = /(['`"])((?:[^\\]\\\1|.)*?)\1/g; 4 | 5 | module.exports.translate = function(load){ 6 | var url = document.createElement('a'); 7 | url.href = load.address; 8 | 9 | var basePathParts = url.pathname.split('/'); 10 | 11 | basePathParts.pop(); 12 | var basePath = basePathParts.join('/'); 13 | 14 | var baseHref = document.createElement('a'); 15 | baseHref.href = this.baseURL; 16 | baseHref = baseHref.pathname; 17 | 18 | basePath = basePath.replace(baseHref, ''); 19 | 20 | load.source = load.source 21 | .replace(templateUrlRegex, function(match, quote, url){ 22 | var resolvedUrl = url; 23 | 24 | if (url.startsWith('.')) { 25 | resolvedUrl = basePath + url.substr(1); 26 | } 27 | 28 | return 'templateUrl: "' + resolvedUrl + '"'; 29 | }) 30 | .replace(stylesRegex, function(match, relativeUrls) { 31 | var urls = []; 32 | 33 | while ((match = stringRegex.exec(relativeUrls)) !== null) { 34 | if (match[2].startsWith('.')) { 35 | urls.push('"' + basePath + match[2].substr(1) + '"'); 36 | } else { 37 | urls.push('"' + match[2] + '"'); 38 | } 39 | } 40 | 41 | return "styleUrls: [" + urls.join(', ') + "]"; 42 | }); 43 | 44 | return load; 45 | }; 46 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs.config.extras.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Add barrels and stuff 3 | * Adjust as necessary for your application needs. 4 | */ 5 | // (function (global) { 6 | // System.config({ 7 | // packages: { 8 | // // add packages here 9 | // } 10 | // }); 11 | // })(this); 12 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/systemjs.config.js: -------------------------------------------------------------------------------- 1 | /** 2 | * System configuration for Angular samples 3 | * Adjust as necessary for your application needs. 4 | */ 5 | (function (global) { 6 | System.config({ 7 | paths: { 8 | // paths serve as alias 9 | 'npm:': 'node_modules/' 10 | }, 11 | // map tells the System loader where to look for things 12 | map: { 13 | // our app is within the app folder 14 | 'app': 'app', 15 | 16 | // angular bundles 17 | '@angular/core': 'npm:@angular/core/bundles/core.umd.js', 18 | '@angular/common': 'npm:@angular/common/bundles/common.umd.js', 19 | '@angular/compiler': 'npm:@angular/compiler/bundles/compiler.umd.js', 20 | '@angular/platform-browser': 'npm:@angular/platform-browser/bundles/platform-browser.umd.js', 21 | '@angular/platform-browser-dynamic': 'npm:@angular/platform-browser-dynamic/bundles/platform-browser-dynamic.umd.js', 22 | '@angular/http': 'npm:@angular/http/bundles/http.umd.js', 23 | '@angular/router': 'npm:@angular/router/bundles/router.umd.js', 24 | '@angular/forms': 'npm:@angular/forms/bundles/forms.umd.js', 25 | 26 | // other libraries 27 | 'rxjs': 'npm:rxjs', 28 | 'angular-in-memory-web-api': 'npm:angular-in-memory-web-api/bundles/in-memory-web-api.umd.js' 29 | }, 30 | // packages tells the System loader how to load when no filename and/or no extension 31 | packages: { 32 | app: { 33 | defaultExtension: 'js', 34 | meta: { 35 | './*.js': { 36 | loader: 'systemjs-angular-loader.js' 37 | } 38 | } 39 | }, 40 | rxjs: { 41 | defaultExtension: 'js' 42 | } 43 | } 44 | }); 45 | })(this); 46 | -------------------------------------------------------------------------------- /app-angular2/src/main/webapp/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "es5", 4 | "module": "commonjs", 5 | "moduleResolution": "node", 6 | "sourceMap": true, 7 | "emitDecoratorMetadata": true, 8 | "experimentalDecorators": true, 9 | "lib": [ "es2015", "dom" ], 10 | "noImplicitAny": true, 11 | "suppressImplicitAnyIndexErrors": true 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "authz-servlet", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "path-cache": { 11 | "lifespan": 0, 12 | "max-entries": 0 13 | }, 14 | "on-deny-redirect-to" : "/authz-servlet/accessDenied.jsp" 15 | } 16 | } -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | authz-servlet 8 | 9 | 10 | 11 | All Resources 12 | /* 13 | 14 | 15 | user 16 | admin 17 | user_premium 18 | 19 | 20 | 21 | 22 | KEYCLOAK 23 | quickstart-authz-servlet 24 | 25 | 26 | 27 | admin 28 | 29 | 30 | 31 | user 32 | 33 | 34 | 35 | user_premium 36 | 37 | 38 | 39 | 403 40 | /accessDenied.jsp 41 | 42 | 43 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/accessDenied.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

You can not access this resource.

6 | <%@include file="include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/include-logout.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% controller.handleLogout(request, response); %> 3 | 4 | 5 | 6 | 9 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="org.keycloak.AuthorizationContext" %> 2 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 3 | <%@ page import="org.keycloak.representations.idm.authorization.Permission" %> 4 | 5 | <% 6 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 7 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 8 | %> 9 | 10 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 11 | 12 | 13 | 14 | <%@include file="include-logout.jsp"%> 15 |

This is a public resource. Try to access one of these protected resources:

16 | 17 |

Dynamic Menu

18 |

User Premium

19 |

Administration

20 | 21 |

Your permissions are:

22 | 23 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/admin/onlyAdmin.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

Only Administrators can access this page.

6 | <%@include file="../../include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/dynamicMenu.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="org.keycloak.AuthorizationContext" %> 2 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 3 | 4 | <% 5 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 6 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 7 | %> 8 | 9 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 10 | 11 | 12 | 13 |

Any authenticated user can access this page.

14 | <%@include file="../include-logout.jsp"%> 15 | 16 |

Here is a dynamic menu built from the permissions returned by the server:

17 | 18 | 49 | 50 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/main/webapp/protected/premium/onlyPremium.jsp: -------------------------------------------------------------------------------- 1 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%> 2 | 3 | 4 | 5 |

Only for premium users.

6 | <%@include file="../../include-logout.jsp"%> 7 | 8 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/java/org/keycloak/quickstart/page/AuthzPage.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.page; 2 | 3 | import org.openqa.selenium.WebElement; 4 | import org.openqa.selenium.support.FindBy; 5 | 6 | /** 7 | * @author Bruno Oliveira 8 | */ 9 | public class AuthzPage { 10 | 11 | @FindBy(name = "logoutBtn") 12 | private WebElement logoutButton; 13 | 14 | @FindBy(linkText = "Administration") 15 | private WebElement adminLink; 16 | 17 | @FindBy(linkText = "User Premium") 18 | private WebElement premiumLink; 19 | 20 | @FindBy(linkText = "Dynamic Menu") 21 | private WebElement dynamicMenuLink; 22 | 23 | @FindBy(tagName = "h2") 24 | private WebElement message; 25 | 26 | public void clickAdminLink() { 27 | adminLink.click(); 28 | } 29 | 30 | public void clickPremiumLink() { 31 | premiumLink.click(); 32 | } 33 | 34 | public void clickDynamicMenuLink() { 35 | dynamicMenuLink.click(); 36 | } 37 | 38 | public void clickLogout() { 39 | logoutButton.click(); 40 | } 41 | 42 | public String getMessage() { 43 | return message.getText(); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-authz-jee-servlet/src/test/resources/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart-authz-servlet", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "authz-servlet", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "on-deny-redirect-to" : "/authz-servlet/accessDenied.jsp" 11 | } 12 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/config/client-import.json: -------------------------------------------------------------------------------- 1 | { 2 | "clientId": "app-authz-vanilla", 3 | "rootUrl": "http://localhost:8080/app-authz-vanilla", 4 | "enabled": true, 5 | "redirectUris": [ 6 | "http://localhost:8080/app-authz-vanilla/*" 7 | ], 8 | "webOrigins": [ 9 | "http://localhost:8080" 10 | ], 11 | "publicClient": false, 12 | "secret": "secret", 13 | "serviceAccountsEnabled": true, 14 | "authorizationServicesEnabled": true 15 | } 16 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/config/keycloak-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart", 3 | "auth-server-url": "http://localhost:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-authz-vanilla", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "confidential-port": 0, 10 | "policy-enforcer": { 11 | "on-deny-redirect-to" : "/app-authz-vanilla/error.jsp" 12 | } 13 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/META-INF/jboss-deployment-structure.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 20 | 24 | 25 | app-authz-vanilla 26 | 27 | 28 | 29 | All Resources 30 | /* 31 | 32 | 33 | * 34 | 35 | 36 | 37 | 38 | KEYCLOAK 39 | quickstart-authz-vanilla 40 | 41 | 42 | 43 | * 44 | 45 | 46 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/error.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | ~ and other contributors as indicated by the @author tags. 4 | ~ 5 | ~ Licensed under the Apache License, Version 2.0 (the "License"); 6 | ~ you may not use this file except in compliance with the License. 7 | ~ You may obtain a copy of the License at 8 | ~ 9 | ~ http://www.apache.org/licenses/LICENSE-2.0 10 | ~ 11 | ~ Unless required by applicable law or agreed to in writing, software 12 | ~ distributed under the License is distributed on an "AS IS" BASIS, 13 | ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | ~ See the License for the specific language governing permissions and 15 | ~ limitations under the License. 16 | ~ 17 | --%> 18 | 19 | <%@ page import="org.keycloak.common.util.KeycloakUriBuilder" %> 20 | <%@ page import="org.keycloak.constants.ServiceUrlConstants" %> 21 | 22 | 23 | 24 | <%@include file="include-logout.jsp" %> 25 |

Access Denied !

26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/include-logout.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% controller.handleLogout(request, response); %> 3 | 4 | 5 | 6 | 9 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Copyright 2016 Red Hat, Inc. and/or its affiliates 3 | ~ and other contributors as indicated by the @author tags. 4 | ~ 5 | ~ Licensed under the Apache License, Version 2.0 (the "License"); 6 | ~ you may not use this file except in compliance with the License. 7 | ~ You may obtain a copy of the License at 8 | ~ 9 | ~ http://www.apache.org/licenses/LICENSE-2.0 10 | ~ 11 | ~ Unless required by applicable law or agreed to in writing, software 12 | ~ distributed under the License is distributed on an "AS IS" BASIS, 13 | ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | ~ See the License for the specific language governing permissions and 15 | ~ limitations under the License. 16 | ~ 17 | --%> 18 | <%@page import="org.keycloak.AuthorizationContext" %> 19 | <%@ page import="org.keycloak.KeycloakSecurityContext" %> 20 | <%@ page import="org.keycloak.common.util.KeycloakUriBuilder" %> 21 | <%@ page import="org.keycloak.constants.ServiceUrlConstants" %> 22 | <%@ page import="org.keycloak.representations.idm.authorization.Permission" %> 23 | 24 | <% 25 | KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); 26 | AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); 27 | %> 28 | 29 | 30 |

Welcome!

31 | <%@include file="include-logout.jsp"%> 32 |

Your permissions are:

33 | 34 |
    35 | <% 36 | for (Permission permission : authzContext.getPermissions()) { 37 | %> 38 |
  • 39 |

    Resource: <%= permission.getResourceName() %>

    40 |

    ID: <%= permission.getResourceId() %>

    41 |
    • 42 | <% 43 | } 44 | %> 45 |
46 | 47 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/java/org/keycloak/quickstart/page/AuthzPage.java: -------------------------------------------------------------------------------- 1 | package org.keycloak.quickstart.page; 2 | 3 | import org.openqa.selenium.WebElement; 4 | import org.openqa.selenium.support.FindBy; 5 | 6 | /** 7 | * @author Bruno Oliveira 8 | */ 9 | public class AuthzPage { 10 | 11 | @FindBy(name = "logoutBtn") 12 | private WebElement logoutButton; 13 | 14 | @FindBy(tagName = "h3") 15 | private WebElement message; 16 | 17 | public void clickLogout() { 18 | logoutButton.click(); 19 | } 20 | 21 | public String getMessage() { 22 | return message.getText(); 23 | } 24 | } -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/resources/arquillian.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 16 | 17 | 18 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | 127.0.0.1 28 | 9990 29 | ${basedir}/target/wildfly-${version.wildfly} 30 | 31 | 32 | 33 | 34 | phantomjs 35 | 36 | 37 | -------------------------------------------------------------------------------- /app-authz-jee-vanilla/src/test/resources/keycloak.json: -------------------------------------------------------------------------------- 1 | { 2 | "realm": "quickstart-authz-vanilla", 3 | "auth-server-url": "http://127.0.0.1:8180/auth", 4 | "ssl-required": "external", 5 | "resource": "app-authz-vanilla", 6 | "credentials": { 7 | "secret": "secret" 8 | }, 9 | "policy-enforcer": { 10 | "on-deny-redirect-to" : "/authz-vanilla/error.jsp" 11 | } 12 | } -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | photoz-html5-client 8 | 9 | 10 | -------------------------------------------------------------------------------- /app-authz-photoz/photoz-html5-client/src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Photoz HTML5 Client 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Show Access Token | My Account | Sign Out 23 | 24 |
25 |
26 |
27 | 28 | 

29 | 
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/keycloak.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "photoz",
3 |   "auth-server-url" : "http://localhost:8180/auth",
4 |   "ssl-required" : "external",
5 |   "resource" : "photoz-html5-client",
6 |   "public-client" : true
7 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/lib/jwt-decode.min.js:
--------------------------------------------------------------------------------
1 | !function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);throw new Error("Cannot find module '"+g+"'")}var j=c[g]={exports:{}};b[g][0].call(j.exports,function(a){var c=b[g][1][a];return e(c?c:a)},j,j.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g>8-f%1*8)){if(e=a.charCodeAt(f+=.75),e>255)throw d;c=c<<8|e}return h}),a.atob||(a.atob=function(a){if(a=a.replace(/=+$/,""),a.length%4==1)throw d;for(var c,e,f=0,g=0,h="";e=a.charAt(g++);~e&&(c=f%4?64*c+e:e,f++%4)?h+=String.fromCharCode(255&c>>(-2*f&6)):0)e=b.indexOf(e);return h})}()},{}],5:[function(a){var b="undefined"!=typeof self?self:"undefined"!=typeof window?window:{},c=a("./lib/index");"function"==typeof b.window.define&&b.window.define.amd?b.window.define("jwt_decode",function(){return c}):b.window&&(b.window.jwt_decode=c)},{"./lib/index":2}]},{},[5]);


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/admin/albums.html:
--------------------------------------------------------------------------------
 1 | 
All Albums

 2 | 
 3 |     
 4 |         
 5 |             
 6 |         
 7 |     
 8 |     
 9 |         
10 |             
17 |         
18 |     
19 | 
{{key}}

11 |                 
16 |             

20 | 

21 | Back to main page
22 | 



--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/album/create.html:
--------------------------------------------------------------------------------
1 | 
Create an Album

2 | 
3 | 

4 |     Name: 
5 | 
6 |       
7 | 

8 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/album/detail.html:
--------------------------------------------------------------------------------
1 | 
{{album.name}}

2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/home.html:
--------------------------------------------------------------------------------
 1 | 
Welcome To Photoz, {{Identity.claims.name}}

 2 | 
Administration:  [All Albums]

 3 | 

 4 | 

 5 | 

 6 | Create Album | My Profile
 7 | 

 8 | 
Your Albums

 9 | You don't have any albums, yet.
10 | 
11 |     
12 |         
13 |     
14 | 
{{p.name}} - [X]

15 | 
Shared With Me

16 | You don't have any shares, yet.
17 | 
18 |     
19 |         
20 |     
21 | 
{{p.album.name}} - [X]

22 | 



--------------------------------------------------------------------------------
/app-authz-photoz/photoz-html5-client/src/main/webapp/partials/profile.html:
--------------------------------------------------------------------------------
 1 | 
My Profile

 2 | 
 3 | 

 4 |     
Name: {{profile.userName}}

 5 |     
Total of albums: {{profile.totalAlbums}}

 6 | 

 7 | 

 8 |     Back to main page
 9 | 

10 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-js-policies/pom.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
20 |     4.0.0
21 |     
22 |         org.keycloak.quickstarts
23 |         app-authz-photoz-parent
24 |         7.4.0.GA
25 |         ../pom.xml
26 |     
27 | 
28 |     photoz-js-policies
29 |     jar
30 |     Red Hat SSO Quickstarts: Photoz JS Policies
31 |     JS Policies
32 | 
33 |     
34 |         ${project.artifactId}
35 |         
36 |             
37 |                 src/main/resources
38 |                 true
39 |             
40 |         
41 |     
42 | 
43 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-js-policies/src/main/resources/META-INF/keycloak-scripts.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "policies": [
 3 |     {
 4 |       "name": "Only From @keycloak.org or Admin",
 5 |       "fileName": "only-keycloak-domain-or-admin.js",
 6 |       "description": "Defines that only users from @keycloak.org or Admins can do something"
 7 |     },
 8 |     {
 9 |       "name": "Only Owner Policy",
10 |       "fileName": "only-owner.js",
11 |       "description": "Defines that only the resource owner is allowed to do something"
12 |     },
13 |     {
14 |       "name": "Only From a Specific Client Address",
15 |       "fileName": "only-from-specific-client-address.js",
16 |       "description": "Defines that only clients from a specific address can do something"
17 |     }
18 |   ]
19 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-js-policies/src/main/resources/only-from-specific-client-address.js:
--------------------------------------------------------------------------------
1 | var contextAttributes = $evaluation.getContext().getAttributes();
2 | 
3 | if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')) {
4 |     $evaluation.grant();
5 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-js-policies/src/main/resources/only-keycloak-domain-or-admin.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.getContext();
2 | var identity = context.getIdentity();
3 | var attributes = identity.getAttributes();
4 | var email = attributes.getValue('email').asString(0);
5 | 
6 | if (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {
7 |     $evaluation.grant();
8 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-js-policies/src/main/resources/only-owner.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.context;
2 | var identity = context.identity;
3 | var permission = $evaluation.permission;
4 | var resource = permission.resource;
5 | 
6 | if (resource.owner == identity.id) {
7 |     $evaluation.grant();
8 | }


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/ErrorResponse.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.example.photoz;
 2 | 
 3 | import javax.ws.rs.WebApplicationException;
 4 | import javax.ws.rs.core.Response;
 5 | import java.util.HashMap;
 6 | import java.util.Map;
 7 | 
 8 | /**
 9 |  * @author Pedro Igor
10 |  */
11 | public class ErrorResponse extends WebApplicationException {
12 | 
13 |     private final Response.Status status;
14 | 
15 |     public ErrorResponse(String message) {
16 |         this(message, Response.Status.INTERNAL_SERVER_ERROR);
17 |     }
18 | 
19 |     public ErrorResponse(String message, Response.Status status) {
20 |         super(message, status);
21 |         this.status = status;
22 |     }
23 | 
24 |     @Override
25 |     public Response getResponse() {
26 |         Map errorResponse = new HashMap();
27 | 
28 |         errorResponse.put("message", getMessage());
29 | 
30 |         return Response.status(status).entity(errorResponse).build();
31 |     }
32 | }
33 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/PhotozApplication.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.example.photoz;
 2 | 
 3 | import javax.ws.rs.ApplicationPath;
 4 | import javax.ws.rs.core.Application;
 5 | 
 6 | /**
 7 |  * Basic auth app.
 8 |  */
 9 | @ApplicationPath("/")
10 | public class PhotozApplication extends Application {
11 | 
12 | }
13 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/SharedAlbum.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.album;
18 | 
19 | import java.util.ArrayList;
20 | import java.util.List;
21 | 
22 | import org.keycloak.example.photoz.entity.Album;
23 | 
24 | public class SharedAlbum {
25 | 
26 |     private Album album;
27 |     private List scopes;
28 | 
29 |     public SharedAlbum(Album album) {
30 |         this.album = album;
31 |     }
32 | 
33 |     public Album getAlbum() {
34 |         return album;
35 |     }
36 | 
37 |     public List getScopes() {
38 |         return scopes;
39 |     }
40 | 
41 |     public void addScope(String scope) {
42 |         if (scopes == null) {
43 |             scopes = new ArrayList();
44 |         }
45 |         scopes.add(scope);
46 |     }
47 | }
48 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Resources.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.util;
18 | 
19 | import javax.annotation.PostConstruct;
20 | import javax.annotation.PreDestroy;
21 | import javax.enterprise.context.ApplicationScoped;
22 | import javax.enterprise.context.RequestScoped;
23 | import javax.enterprise.inject.Produces;
24 | import javax.persistence.EntityManager;
25 | import javax.persistence.EntityManagerFactory;
26 | import javax.persistence.Persistence;
27 | 
28 | /**
29 |  * @author Pedro Igor
30 |  */
31 | @ApplicationScoped
32 | public class Resources {
33 | 
34 |     private EntityManagerFactory entityManagerFactory;
35 | 
36 |     @PostConstruct
37 |     public void init() {
38 |         entityManagerFactory = Persistence.createEntityManagerFactory("primary");
39 |     }
40 | 
41 |     @PreDestroy
42 |     public void dispose() {
43 |         entityManagerFactory.close();
44 |     }
45 | 
46 |     @RequestScoped
47 |     @Produces
48 |     public EntityManager createEntityManager() {
49 |         return entityManagerFactory.createEntityManager();
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Transaction.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.util;
18 | 
19 | import javax.interceptor.InterceptorBinding;
20 | import java.lang.annotation.Retention;
21 | import java.lang.annotation.Target;
22 | 
23 | import static java.lang.annotation.ElementType.TYPE;
24 | import static java.lang.annotation.RetentionPolicy.RUNTIME;
25 | 
26 | /**
27 |  * @author Pedro Igor
28 |  */
29 | @InterceptorBinding
30 | @Target({ TYPE })
31 | @Retention(RUNTIME)
32 | public @interface Transaction {
33 | }
34 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/resources/META-INF/beans.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 6 |     
 7 |         org.keycloak.example.photoz.util.TransactionInterceptor
 8 |     
 9 | 
10 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 7 | 	
 8 | 
 9 | 		org.keycloak.example.photoz.entity.Album
10 | 		org.keycloak.example.photoz.entity.Photo
11 | 
12 | 		
13 | 			
14 | 			
15 | 			
16 | 			
17 | 			
18 | 			
19 | 			
20 | 		
21 | 	
22 | 
23 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/webapp/META-INF/jboss-deployment-structure.xml:
--------------------------------------------------------------------------------
 1 | 
18 | 
19 | 
20 |     
21 |         
22 |             
23 |             
24 |         
25 |     
26 | 
27 | 
28 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 6 | 
 7 | 	photoz-restful-api
 8 | 
 9 | 	
10 | 		
11 | 			All Resources
12 | 			/*
13 | 		
14 | 		
15 | 			user
16 | 		
17 | 	
18 | 
19 | 	
20 | 		
21 | 			All Resources
22 | 			/*
23 | 		
24 | 		
25 | 			admin
26 | 		
27 | 	
28 | 
29 | 	
30 | 		KEYCLOAK
31 | 		photoz
32 | 	
33 | 
34 | 	
35 | 		admin
36 | 	
37 | 
38 | 	
39 | 		user
40 | 	
41 | 
42 | 


--------------------------------------------------------------------------------
/app-authz-photoz/photoz-testsuite/src/test/java/org/keycloak/quickstart/uma/page/ConsentPage.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2018 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | 
18 | package org.keycloak.quickstart.uma.page;
19 | 
20 | import org.jboss.arquillian.test.api.ArquillianResource;
21 | import org.openqa.selenium.WebDriver;
22 | import org.openqa.selenium.WebElement;
23 | import org.openqa.selenium.support.FindBy;
24 | 
25 | /**
26 |  * A {@code {@link org.jboss.arquillian.graphene.page.Page}} representing the consent page.
27 |  *
28 |  * @author Stefan Guilhen
29 |  */
30 | public class ConsentPage {
31 | 
32 |     @ArquillianResource
33 |     protected WebDriver driver;
34 | 
35 |     @FindBy(id = "kc-login")
36 |     private WebElement submitButton;
37 | 
38 |     @FindBy(id = "kc-cancel")
39 |     private WebElement cancelButton;
40 | 
41 |     public void confirm() {
42 |         submitButton.click();
43 |     }
44 | 
45 |     public void cancel() {
46 |         cancelButton.click();
47 |     }
48 | 
49 |     public boolean isCurrent() {
50 |         return driver.getTitle().equalsIgnoreCase("Log in to photoz");
51 |     }
52 | }
53 | 


--------------------------------------------------------------------------------
/app-authz-rest-employee/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  *
 4 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *     http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  *
18 |  */
19 | package org.keycloak.quickstart.springboot;
20 | 
21 | import org.springframework.boot.SpringApplication;
22 | import org.springframework.boot.autoconfigure.SpringBootApplication;
23 | 
24 | /**
25 |  * @author Pedro Igor
26 |  */
27 | @SpringBootApplication
28 | public class MyApplication {
29 | 
30 | 	public static void main(String[] args) throws Exception {
31 | 		SpringApplication.run(MyApplication.class, args);
32 | 	}
33 | }
34 | 


--------------------------------------------------------------------------------
/app-authz-rest-employee/src/main/java/org/keycloak/quickstart/springboot/web/ApplicationController.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  *
 4 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *     http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  *
18 |  */
19 | package org.keycloak.quickstart.springboot.web;
20 | 
21 | import org.springframework.web.bind.annotation.PathVariable;
22 | import org.springframework.web.bind.annotation.RequestMapping;
23 | import org.springframework.web.bind.annotation.RequestMethod;
24 | import org.springframework.web.bind.annotation.RestController;
25 | 
26 | /**
27 |  * @author Pedro Igor
28 |  */
29 | @RestController
30 | public class ApplicationController {
31 | 
32 |     @RequestMapping(value = "/api/{employee}", method = RequestMethod.GET)
33 |     public Employee salary(@PathVariable String employee) {
34 |         return new Employee(employee);
35 |     }
36 | 
37 |     public static class Employee {
38 | 
39 |         private final String name;
40 | 
41 |         public Employee(String name) {
42 |             this.name = name;
43 |         }
44 | 
45 |         public String getName() {
46 |             return name;
47 |         }
48 |     }
49 | }
50 | 


--------------------------------------------------------------------------------
/app-authz-rest-employee/src/main/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | server.port = 8080
 3 | keycloak.realm=spring-boot-quickstart
 4 | keycloak.auth-server-url=http://localhost:8180/auth
 5 | keycloak.ssl-required=external
 6 | keycloak.resource=app-authz-rest-employee
 7 | keycloak.bearer-only=true
 8 | keycloak.credentials.secret=secret
 9 | keycloak.securityConstraints[0].authRoles[0]=user
10 | keycloak.securityConstraints[0].securityCollections[0].name=protected
11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
12 | keycloak.policy-enforcer-config.enforcement-mode=ENFORCING
13 | keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath}
14 | 
15 | # Turn off the logs
16 | logging.level.root=OFF
17 | logging.level.org.springframework.boot=OFF
18 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-rest-employee/src/test/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | server.port = 8080
 3 | keycloak.realm=spring-boot-quickstart
 4 | keycloak.auth-server-url=http://localhost:8180/auth
 5 | keycloak.ssl-required=external
 6 | keycloak.resource=app-authz-rest-employee
 7 | keycloak.bearer-only=true
 8 | keycloak.credentials.secret=secret
 9 | keycloak.securityConstraints[0].authRoles[0]=user
10 | keycloak.securityConstraints[0].securityCollections[0].name=protected
11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
12 | keycloak.policy-enforcer-config.enforcement-mode=ENFORCING
13 | keycloak.policy-enforcer-config.claimInformationPointConfig.claims[http.uri]={request.relativePath}
14 | 
15 | # Turn off the logs
16 | logging.level.root=OFF
17 | logging.level.org.springframework.boot=OFF
18 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-rest-springboot/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  *
 4 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *     http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  *
18 |  */
19 | package org.keycloak.quickstart.springboot;
20 | 
21 | import org.springframework.boot.SpringApplication;
22 | import org.springframework.boot.autoconfigure.SpringBootApplication;
23 | 
24 | /**
25 |  * @author Pedro Igor
26 |  */
27 | @SpringBootApplication
28 | public class MyApplication {
29 | 
30 | 	public static void main(String[] args) throws Exception {
31 | 		SpringApplication.run(MyApplication.class, args);
32 | 	}
33 | }
34 | 


--------------------------------------------------------------------------------
/app-authz-rest-springboot/src/main/java/org/keycloak/quickstart/springboot/web/ApplicationController.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  *
 4 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *     http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  *
18 |  */
19 | package org.keycloak.quickstart.springboot.web;
20 | 
21 | import org.springframework.web.bind.annotation.RequestMapping;
22 | import org.springframework.web.bind.annotation.RequestMethod;
23 | import org.springframework.web.bind.annotation.RestController;
24 | 
25 | /**
26 |  * @author Pedro Igor
27 |  */
28 | @RestController
29 | public class ApplicationController {
30 | 
31 |     @RequestMapping(value = "/api/resourcea", method = RequestMethod.GET)
32 |     public String handleResourceA() {
33 |         return createResponse();
34 |     }
35 | 
36 |     @RequestMapping(value = "/api/resourceb", method = RequestMethod.GET)
37 |     public String handleResourceB() {
38 |         return createResponse();
39 |     }
40 | 
41 |     @RequestMapping(value = "/api/premium", method = RequestMethod.GET)
42 |     public String handlePremiumResource() {
43 |         return createResponse();
44 |     }
45 | 
46 |     @RequestMapping(value = "/api/admin", method = RequestMethod.GET)
47 |     public String handleAdminResource() {
48 |         return createResponse();
49 |     }
50 | 
51 |     private String createResponse() {
52 |         return "Access Granted";
53 |     }
54 | }
55 | 


--------------------------------------------------------------------------------
/app-authz-rest-springboot/src/main/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | server.port = 8080
 3 | keycloak.realm=spring-boot-quickstart
 4 | keycloak.auth-server-url=http://localhost:8180/auth
 5 | keycloak.ssl-required=external
 6 | keycloak.resource=app-authz-rest-springboot
 7 | keycloak.bearer-only=true
 8 | keycloak.credentials.secret=secret
 9 | keycloak.securityConstraints[0].authRoles[0]=user
10 | keycloak.securityConstraints[0].securityCollections[0].name=protected
11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
12 | keycloak.policy-enforcer-config.lazy-load-paths=true
13 | keycloak.policy-enforcer-config.paths[0].path=/api/admin
14 | keycloak.policy-enforcer-config.paths[0].claimInformationPointConfig.claims[some-claim]={request.parameter['parameter-a']}
15 | 
16 | # Turn off the logs
17 | logging.level.root=OFF
18 | logging.level.org.springframework.boot=OFF
19 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-rest-springboot/src/test/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | server.port = 8080
 3 | keycloak.realm=spring-boot-quickstart
 4 | keycloak.auth-server-url=http://localhost:8180/auth
 5 | keycloak.ssl-required=external
 6 | keycloak.resource=app-authz-rest-springboot
 7 | keycloak.bearer-only=true
 8 | keycloak.credentials.secret=secret
 9 | keycloak.securityConstraints[0].authRoles[0]=user
10 | keycloak.securityConstraints[0].securityCollections[0].name=protected
11 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
12 | keycloak.policy-enforcer-config.lazy-load-paths=true
13 | keycloak.policy-enforcer-config.paths[0].path=/api/admin
14 | keycloak.policy-enforcer-config.paths[0].claimInformationPointConfig.claims[some-claim]={request.parameter['parameter-a']}
15 | 
16 | # Turn off the logs
17 | logging.level.root=OFF
18 | logging.level.org.springframework.boot=OFF
19 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/java/org/keycloak/quickstart/springsecurity/web/MyApplication.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.springsecurity.web;
 2 | 
 3 | import org.springframework.boot.SpringApplication;
 4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
 5 | 
 6 | @SpringBootApplication
 7 | public class MyApplication {
 8 | 
 9 |     public static void main(String[] args) throws Throwable {
10 |         SpringApplication.run(MyApplication.class, args);
11 |     }
12 | 
13 | }
14 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | # Turn off the logs
2 | logging.level.root=OFF
3 | logging.level.org.springframework.boot=OFF
4 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/keycloak.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "realm": "spring-security-quickstart",
 3 |   "auth-server-url": "http://localhost:8180/auth",
 4 |   "ssl-required": "external",
 5 |   "resource": "app-authz-spring-security",
 6 |   "credentials": {
 7 |     "secret": "secret"
 8 |   },
 9 |   "policy-enforcer": {
10 |     "on-deny-redirect-to": "/accessDenied"
11 |   }
12 | }


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/templates/access-denied.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Access Denied
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Users are redirect to this page when they lack permissions to access a resource

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/templates/alice.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Alice Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Only Alice is allowed to access this resource

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/templates/home.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Home Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      
Welcome, ${identity.name}

12 | 
13 |      
Logout

14 |      

15 | 
16 |      
Any authenticated user with a role "user" can access this resource

17 |      
Only users with a role "user-premium" can access this resource

18 | 
19 |      <#if identity.hasResourcePermission('Alice Resource')>
20 |         
Only user "alice" can access this resource

21 |      
22 | 
23 |      
You have permissions to access the following resources:

24 | 
25 |      
    
26 |          <#list identity.permissions as permission>
27 |              
  • 
28 |                 
    ${permission.resourceName}
    
29 |             
    • 
30 |          
31 |      

32 | 

33 | 
34 | 
35 | 
36 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/templates/premium.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Premium Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Access to this page is enforced by permissions associated with resource "Premium Resource"

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/main/resources/templates/protected.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Protected Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Access to this page is enforced by permissions associated with resource "Protected Resource"

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-spring-security/src/test/resources/application.properties:
--------------------------------------------------------------------------------
1 | # Turn off the logs
2 | logging.level.root=OFF
3 | logging.level.org.springframework.boot=OFF
4 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/java/org/keycloak/quickstart/springboot/MyApplication.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  *
 4 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *     http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  *
18 |  */
19 | package org.keycloak.quickstart.springboot;
20 | 
21 | import org.springframework.boot.SpringApplication;
22 | import org.springframework.boot.autoconfigure.SpringBootApplication;
23 | 
24 | /**
25 |  * @author Pedro Igor
26 |  */
27 | @SpringBootApplication
28 | public class MyApplication {
29 | 
30 | 	public static void main(String[] args) throws Exception {
31 | 		SpringApplication.run(MyApplication.class, args);
32 | 	}
33 | }
34 | 


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | spring.freemarker.cache=false
 3 | server.port = 8080
 4 | keycloak.realm=spring-boot-quickstart
 5 | keycloak.auth-server-url=http://localhost:8180/auth
 6 | keycloak.ssl-required=external
 7 | keycloak.resource=app-authz-springboot
 8 | keycloak.public-client=false
 9 | keycloak.credentials.secret=secret
10 | keycloak.securityConstraints[0].authRoles[0] = user
11 | keycloak.securityConstraints[0].securityCollections[0].name = protected
12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /*
13 | 
14 | # This configuration enables the policy enforcer in order to protect resources served by this application.
15 | # During the boot, the policy enforcer is going to fetch all protected resources in Keycloak and automatically configure your application.
16 | # Note that protected resources in Keycloak are defined with a URI which maps to a set of resources in this application.
17 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
18 | 
19 | # Turn off the logs
20 | logging.level.root=OFF
21 | logging.level.org.springframework.boot=OFF
22 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/application.properties.path.entitlements:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | spring.freemarker.cache=false
 3 | server.port = 8080
 4 | keycloak.realm=spring-boot-quickstart
 5 | keycloak.auth-server-url=http://localhost:8180/auth
 6 | keycloak.ssl-required=external
 7 | keycloak.resource=app-authz-springboot
 8 | keycloak.public-client=false
 9 | keycloak.credentials.secret=secret
10 | keycloak.securityConstraints[0].authRoles[0]=user
11 | keycloak.securityConstraints[0].securityCollections[0].name=protected
12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
13 | 
14 | # This configuration enables the policy enforcer in order to protect resources served by this application.
15 | # During the boot, the policy enforcer is going to fetch only the paths defined below and associate these paths with specific
16 | resources defined in Keycloak.
17 | # When defining paths in the configuration, you are not really required to specify a URI for protected resources in Keycloak.
18 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
19 | keycloak.policy-enforcer-config.paths[0].name=Default Resource
20 | keycloak.policy-enforcer-config.paths[0].path=/*
21 | keycloak.policy-enforcer-config.paths[1].name=Protected Resource
22 | keycloak.policy-enforcer-config.paths[1].path=/protected/*
23 | 
24 | # This is a special path definition where a pattern is used to map different resources in Keycloak.
25 | # With this configuration is possible to enforce access for resources based on a type.
26 | keycloak.policy-enforcer-config.paths[2].name=User Resource
27 | keycloak.policy-enforcer-config.paths[2].path=/protected/{user_name}
28 | 
29 | 
30 | keycloak.policy-enforcer-config.paths[3].name=Premium Resource
31 | keycloak.policy-enforcer-config.paths[3].path=/protected/premium


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/templates/access-denied.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Access Denied
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Users are redirect to this page when they lack permissions to access a resource

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/templates/home.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Home Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      
Welcome, ${identity.name}

12 | 
13 |      
Logout

14 |      

15 | 
16 |      
Any authenticated user with a role "user" can access this resource

17 |      
Only users with a role "user-premium" can access this resource

18 | 
19 |      
You have permissions to access the following resources:

20 | 
21 |      
    
22 |          <#list identity.permissions as permission>
23 |              
  • 
24 |                 
    ${permission.resourceName}
    
25 |             
    • 
26 |          
27 |      

28 | 

29 | 
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/templates/premium.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Premium Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Access to this page is enforced by permissions associated with resource "Premium Resource"

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-springboot/src/main/resources/templates/protected.ftl:
--------------------------------------------------------------------------------
 1 | <#import "/spring.ftl" as spring />
 2 | <#assign xhtmlCompliant = true in spring>
 3 | 
 4 | 
 5 | 
 6 |     Protected Page
 7 | 
 8 | 
 9 | 
10 | 

11 |      Logout
12 | 

13 | 
14 | 
Access to this page is enforced by permissions associated with resource "Protected Resource"

15 | 
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/app-authz-springboot/src/test/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.connection-timeout=5000
 2 | spring.freemarker.cache=false
 3 | server.port = 8080
 4 | keycloak.realm=spring-boot-quickstart
 5 | keycloak.auth-server-url=http://localhost:8180/auth
 6 | keycloak.ssl-required=external
 7 | keycloak.resource=app-authz-springboot
 8 | keycloak.public-client=false
 9 | keycloak.credentials.secret=secret
10 | keycloak.securityConstraints[0].authRoles[0]=user
11 | keycloak.securityConstraints[0].securityCollections[0].name=protected
12 | keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
13 | 
14 | # This configuration enables the policy enforcer in order to protect resources served by this application.
15 | # During the boot, the policy enforcer is going to fetch only the paths defined below and associate these paths with specific
16 | resources defined in Keycloak.
17 | # When defining paths in the configuration, you are not really required to specify a URI for protected resources in Keycloak.
18 | keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
19 | keycloak.policy-enforcer-config.paths[0].name=Default Resource
20 | keycloak.policy-enforcer-config.paths[0].path=/*
21 | keycloak.policy-enforcer-config.paths[1].name=Protected Resource
22 | keycloak.policy-enforcer-config.paths[1].path=/protected/*
23 | 
24 | # This is a special path definition where a pattern is used to map different resources in Keycloak.
25 | # With this configuration is possible to enforce access for resources based on a type.
26 | keycloak.policy-enforcer-config.paths[2].name=User Resource
27 | keycloak.policy-enforcer-config.paths[2].path=/protected/{user_name}
28 | 
29 | 
30 | keycloak.policy-enforcer-config.paths[3].name=Premium Resource
31 | keycloak.policy-enforcer-config.paths[3].path=/protected/premium
32 | 
33 | # Turn off the logs
34 | logging.level.root=OFF
35 | logging.level.org.springframework.boot=OFF
36 | spring.main.banner-mode=OFF


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 6 | 
 7 | 	photoz-html5-client
 8 | 
 9 | 
10 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/index.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 |     
 6 |     Photoz HTML5 Client
 7 | 
 8 |     
 9 |     
10 |     
11 |     
12 |     
13 | 
14 |     
15 |     
16 |     
17 |     
18 | 
19 | 
20 | 
21 | 
22 | Show Requesting Party Token  | Show Access Token  | Request Entitlements | My Account | Sign Out
23 | 
24 | 

25 |     

26 | 

27 | 
28 | 

29 | 
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/keycloak.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "photoz",
3 |   "auth-server-url" : "http://localhost:8180/auth",
4 |   "ssl-required" : "external",
5 |   "resource" : "photoz-html5-client",
6 |   "public-client" : true
7 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/lib/jwt-decode.min.js:
--------------------------------------------------------------------------------
1 | !function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);throw new Error("Cannot find module '"+g+"'")}var j=c[g]={exports:{}};b[g][0].call(j.exports,function(a){var c=b[g][1][a];return e(c?c:a)},j,j.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g>8-f%1*8)){if(e=a.charCodeAt(f+=.75),e>255)throw d;c=c<<8|e}return h}),a.atob||(a.atob=function(a){if(a=a.replace(/=+$/,""),a.length%4==1)throw d;for(var c,e,f=0,g=0,h="";e=a.charAt(g++);~e&&(c=f%4?64*c+e:e,f++%4)?h+=String.fromCharCode(255&c>>(-2*f&6)):0)e=b.indexOf(e);return h})}()},{}],5:[function(a){var b="undefined"!=typeof self?self:"undefined"!=typeof window?window:{},c=a("./lib/index");"function"==typeof b.window.define&&b.window.define.amd?b.window.define("jwt_decode",function(){return c}):b.window&&(b.window.jwt_decode=c)},{"./lib/index":2}]},{},[5]);


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/admin/albums.html:
--------------------------------------------------------------------------------
 1 | 
All Albums

 2 | 
 3 |     
 4 |         
 5 |             
 6 |         
 7 |     
 8 |     
 9 |         
10 |             
17 |         
18 |     
19 | 
{{key}}

11 |                 
16 |             

20 | 

21 | Back to main page
22 | 



--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/album/create.html:
--------------------------------------------------------------------------------
1 | 
Create an Album

2 | 
3 | 

4 |     Name: 
5 | 
6 |       
7 | 

8 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/album/detail.html:
--------------------------------------------------------------------------------
1 | 
{{album.name}}

2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/home.html:
--------------------------------------------------------------------------------
 1 | 
Welcome To Photoz, {{Identity.claims.name}}

 2 | 
Administration:  [All Albums]

 3 | 

 4 | 

 5 | 

 6 | Create Album | My Profile
 7 | 

 8 | 
Your Albums

 9 | You don't have any albums, yet.
10 | 
11 |     
12 |         
13 |     
14 | 
{{p.name}} - [X]

15 | 
Shared With Me

16 | You don't have any shares, yet.
17 | 
18 |     
19 |         
20 |     
21 | 
{{p.album.name}} - [X]Request Delete Access

22 | 



--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-html5-client/src/main/webapp/partials/profile.html:
--------------------------------------------------------------------------------
 1 | 
My Profile

 2 | 
 3 | 

 4 |     
Name: {{profile.userName}}

 5 |     
Total of albums: {{profile.totalAlbums}}

 6 | 

 7 | 

 8 |     Back to main page
 9 | 

10 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-js-policies/pom.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
20 |     4.0.0
21 |     
22 |         org.keycloak.quickstarts
23 |         app-authz-uma-photoz-parent
24 |         7.4.0.GA
25 |         ../pom.xml
26 |     
27 | 
28 |     photoz-uma-js-policies
29 |     jar
30 |     Red Hat SSO Quickstarts: Photoz JS Policies
31 |     JS Policies
32 | 
33 |     
34 |         ${project.artifactId}
35 |         
36 |             
37 |                 src/main/resources
38 |                 true
39 |             
40 |         
41 |     
42 | 
43 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-js-policies/src/main/resources/META-INF/keycloak-scripts.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "policies": [
 3 |     {
 4 |       "name": "Only From @keycloak.org or Admin",
 5 |       "fileName": "only-keycloak-domain-or-admin.js",
 6 |       "description": "Defines that only users from @keycloak.org or Admins can do something"
 7 |     },
 8 |     {
 9 |       "name": "Only Owner Policy",
10 |       "fileName": "only-owner.js",
11 |       "description": "Defines that only the resource owner is allowed to do something"
12 |     },
13 |     {
14 |       "name": "Only From a Specific Client Address",
15 |       "fileName": "only-from-specific-client-address.js",
16 |       "description": "Defines that only clients from a specific address can do something"
17 |     }
18 |   ]
19 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-from-specific-client-address.js:
--------------------------------------------------------------------------------
1 | var contextAttributes = $evaluation.getContext().getAttributes();
2 | 
3 | if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')) {
4 |     $evaluation.grant();
5 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-keycloak-domain-or-admin.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.getContext();
2 | var identity = context.getIdentity();
3 | var attributes = identity.getAttributes();
4 | var email = attributes.getValue('email').asString(0);
5 | 
6 | if (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {
7 |     $evaluation.grant();
8 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-js-policies/src/main/resources/only-owner.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.context;
2 | var identity = context.identity;
3 | var permission = $evaluation.permission;
4 | var resource = permission.resource;
5 | 
6 | if (resource.owner == identity.id) {
7 |     $evaluation.grant();
8 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/ErrorResponse.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.example.photoz;
 2 | 
 3 | import javax.ws.rs.WebApplicationException;
 4 | import javax.ws.rs.core.Response;
 5 | import java.util.HashMap;
 6 | import java.util.Map;
 7 | 
 8 | /**
 9 |  * @author Pedro Igor
10 |  */
11 | public class ErrorResponse extends WebApplicationException {
12 | 
13 |     private final Response.Status status;
14 | 
15 |     public ErrorResponse(String message) {
16 |         this(message, Response.Status.INTERNAL_SERVER_ERROR);
17 |     }
18 | 
19 |     public ErrorResponse(String message, Response.Status status) {
20 |         super(message, status);
21 |         this.status = status;
22 |     }
23 | 
24 |     @Override
25 |     public Response getResponse() {
26 |         Map errorResponse = new HashMap();
27 | 
28 |         errorResponse.put("message", getMessage());
29 | 
30 |         return Response.status(status).entity(errorResponse).build();
31 |     }
32 | }
33 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/PhotozApplication.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.example.photoz;
 2 | 
 3 | import javax.ws.rs.ApplicationPath;
 4 | import javax.ws.rs.core.Application;
 5 | 
 6 | /**
 7 |  * Basic auth app.
 8 |  */
 9 | @ApplicationPath("/")
10 | public class PhotozApplication extends Application {
11 | 
12 | }
13 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/SharedAlbum.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2017 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.album;
18 | 
19 | import java.util.ArrayList;
20 | import java.util.List;
21 | 
22 | import org.keycloak.example.photoz.entity.Album;
23 | 
24 | public class SharedAlbum {
25 | 
26 |     private Album album;
27 |     private List scopes;
28 | 
29 |     public SharedAlbum(Album album) {
30 |         this.album = album;
31 |     }
32 | 
33 |     public Album getAlbum() {
34 |         return album;
35 |     }
36 | 
37 |     public List getScopes() {
38 |         return scopes;
39 |     }
40 | 
41 |     public void addScope(String scope) {
42 |         if (scopes == null) {
43 |             scopes = new ArrayList();
44 |         }
45 |         scopes.add(scope);
46 |     }
47 | }
48 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Resources.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.util;
18 | 
19 | import javax.annotation.PostConstruct;
20 | import javax.annotation.PreDestroy;
21 | import javax.enterprise.context.ApplicationScoped;
22 | import javax.enterprise.context.RequestScoped;
23 | import javax.enterprise.inject.Produces;
24 | import javax.persistence.EntityManager;
25 | import javax.persistence.EntityManagerFactory;
26 | import javax.persistence.Persistence;
27 | 
28 | /**
29 |  * @author Pedro Igor
30 |  */
31 | @ApplicationScoped
32 | public class Resources {
33 | 
34 |     private EntityManagerFactory entityManagerFactory;
35 | 
36 |     @PostConstruct
37 |     public void init() {
38 |         entityManagerFactory = Persistence.createEntityManagerFactory("primary");
39 |     }
40 | 
41 |     @PreDestroy
42 |     public void dispose() {
43 |         entityManagerFactory.close();
44 |     }
45 | 
46 |     @RequestScoped
47 |     @Produces
48 |     public EntityManager createEntityManager() {
49 |         return entityManagerFactory.createEntityManager();
50 |     }
51 | }
52 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/Transaction.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.example.photoz.util;
18 | 
19 | import javax.interceptor.InterceptorBinding;
20 | import java.lang.annotation.Retention;
21 | import java.lang.annotation.Target;
22 | 
23 | import static java.lang.annotation.ElementType.TYPE;
24 | import static java.lang.annotation.RetentionPolicy.RUNTIME;
25 | 
26 | /**
27 |  * @author Pedro Igor
28 |  */
29 | @InterceptorBinding
30 | @Target({ TYPE })
31 | @Retention(RUNTIME)
32 | public @interface Transaction {
33 | }
34 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/resources/META-INF/beans.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 6 |     
 7 |         org.keycloak.example.photoz.util.TransactionInterceptor
 8 |     
 9 | 
10 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 7 | 	
 8 | 
 9 | 		org.keycloak.example.photoz.entity.Album
10 | 		org.keycloak.example.photoz.entity.Photo
11 | 
12 | 		
13 | 			
14 | 			
15 | 			
16 | 			
17 | 			
18 | 			
19 | 			
20 | 		
21 | 	
22 | 
23 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/webapp/META-INF/jboss-deployment-structure.xml:
--------------------------------------------------------------------------------
 1 | 
18 | 
19 | 
20 |     
21 |         
22 |             
23 |             
24 |         
25 |     
26 | 
27 | 
28 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/webapp/WEB-INF/keycloak.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "realm": "photoz",
 3 |   "auth-server-url": "http://localhost:8180/auth",
 4 |   "ssl-required": "external",
 5 |   "resource": "photoz-restful-api",
 6 |   "bearer-only" : true,
 7 |   "credentials": {
 8 |     "secret": "secret"
 9 |   },
10 |   "policy-enforcer": {
11 |     "enforcement-mode": "PERMISSIVE",
12 |     "user-managed-access": {},
13 |     "paths": [
14 |       {
15 |         "name" : "Album Resource",
16 |         "path" : "/album/{id}",
17 |         "methods" : [
18 |           {
19 |             "method": "DELETE",
20 |             "scopes" : ["album:delete"]
21 |           },
22 |           {
23 |             "method": "GET",
24 |             "scopes" : ["album:view"]
25 |           }
26 |         ]
27 |       },
28 |       {
29 |         "name" : "Album Resource",
30 |         "path" : "/album/shares",
31 |         "enforcement-mode": "DISABLED"
32 |       },
33 |       {
34 |         "path" : "/profile"
35 |       },
36 |       {
37 |         "name" : "Admin Resources",
38 |         "path" : "/admin/*"
39 |       }
40 |     ]
41 |   }
42 | }


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 6 | 
 7 | 	photoz-restful-api
 8 | 
 9 | 	
10 | 		
11 | 			All Resources
12 | 			/*
13 | 		
14 | 		
15 | 			user
16 | 		
17 | 	
18 | 
19 | 	
20 | 		
21 | 			All Resources
22 | 			/*
23 | 		
24 | 		
25 | 			admin
26 | 		
27 | 	
28 | 
29 | 	
30 | 		KEYCLOAK
31 | 		photoz
32 | 	
33 | 
34 | 	
35 | 		admin
36 | 	
37 | 
38 | 	
39 | 		user
40 | 	
41 | 
42 | 


--------------------------------------------------------------------------------
/app-authz-uma-photoz/photoz-testsuite/src/test/java/org/keycloak/quickstart/uma/page/ConsentPage.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2018 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | 
18 | package org.keycloak.quickstart.uma.page;
19 | 
20 | import org.jboss.arquillian.test.api.ArquillianResource;
21 | import org.openqa.selenium.WebDriver;
22 | import org.openqa.selenium.WebElement;
23 | import org.openqa.selenium.support.FindBy;
24 | 
25 | /**
26 |  * A {@code {@link org.jboss.arquillian.graphene.page.Page}} representing the consent page.
27 |  *
28 |  * @author Stefan Guilhen
29 |  */
30 | public class ConsentPage {
31 | 
32 |     @ArquillianResource
33 |     protected WebDriver driver;
34 | 
35 |     @FindBy(id = "kc-login")
36 |     private WebElement submitButton;
37 | 
38 |     @FindBy(id = "kc-cancel")
39 |     private WebElement cancelButton;
40 | 
41 |     public void confirm() {
42 |         submitButton.click();
43 |     }
44 | 
45 |     public void cancel() {
46 |         cancelButton.click();
47 |     }
48 | 
49 |     public boolean isCurrent() {
50 |         return driver.getTitle().equalsIgnoreCase("Log in to photoz");
51 |     }
52 | }
53 | 


--------------------------------------------------------------------------------
/app-jee-html5/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "app-html5",
 3 |     "rootUrl": "http://localhost:8080/app-html5",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8080/app-html5/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8080"
10 |     ],
11 |     "publicClient": true
12 | }
13 | 


--------------------------------------------------------------------------------
/app-jee-html5/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "quickstart",
3 |   "auth-server-url": "http://localhost:8180/auth",
4 |   "ssl-required": "external",
5 |   "resource": "app-html5",
6 |   "public-client": true
7 | }


--------------------------------------------------------------------------------
/app-jee-html5/src/main/webapp/index.html:
--------------------------------------------------------------------------------
 1 | 
17 | 
18 | 
19 | 
20 |     
21 |     Keycloak Example App
22 | 
23 |     
24 | 
25 |     
26 |     
27 | 
28 | 
29 | 
30 |     

31 |         
34 | 
35 |         
39 | 
40 |         

41 |             
42 |             
43 |             
44 | 
45 |             

46 |         

47 |     

48 | 
49 | 
50 | 
51 | 


--------------------------------------------------------------------------------
/app-jee-html5/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 | 
18 |     
20 |     
21 | 
22 |     
23 |     
24 |         
26 |         
27 |             127.0.0.1
28 |             9990
29 |             ${basedir}/target/wildfly-${version.wildfly}
30 |         
31 |     
32 | 
33 |     
34 |         phantomjs
35 |     
36 | 
37 | 


--------------------------------------------------------------------------------
/app-jee-jsp/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "app-jsp",
 3 |     "rootUrl": "http://localhost:8080/app-jsp",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8080/app-jsp/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8080"
10 |     ],
11 |     "publicClient": false,
12 |     "secret": "578262e1-9181-4721-baec-7cc913331c1f"
13 | }
14 | 


--------------------------------------------------------------------------------
/app-jee-jsp/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "quickstart",
3 |   "auth-server-url": "http://localhost:8180/auth",
4 |   "ssl-required": "external",
5 |   "resource": "app-jsp",
6 |   "credentials": {
7 |     "secret": "5bad43ac-0dac-4272-a723-ab7a3cef49b9"
8 |   }
9 | }


--------------------------------------------------------------------------------
/app-jee-jsp/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
22 |     
23 |         
24 |             app
25 |             /protected.jsp
26 |         
27 |         
28 |             *
29 |         
30 |     
31 | 
32 |     
33 |         KEYCLOAK
34 |     
35 | 
36 |     
37 |         *
38 |     
39 | 
40 | 


--------------------------------------------------------------------------------
/app-jee-jsp/src/main/webapp/protected.jsp:
--------------------------------------------------------------------------------
 1 | 
17 | 
18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%>
19 | <%@ taglib prefix="c" 
20 |            uri="http://java.sun.com/jsp/jstl/core" %>
21 | 
22 | 
23 |     
24 |         
25 |         Keycloak Example App
26 | 
27 |         
28 |     
29 |     
30 |         
31 |     
32 | 
33 | 


--------------------------------------------------------------------------------
/app-jee-jsp/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 | 
18 |     
20 |     
21 | 
22 |     
23 |     
24 |         
26 |         
27 |             127.0.0.1
28 |             9990
29 |             ${basedir}/target/wildfly-${version.wildfly}
30 |         
31 |     
32 | 
33 |     
34 |         phantomjs
35 |     
36 | 
37 | 


--------------------------------------------------------------------------------
/app-profile-jee-html5/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "app-profile-html5",
 3 |     "rootUrl": "http://localhost:8080/app-profile-html5",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8080/app-profile-html5/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8080"
10 |     ],
11 |     "publicClient": true
12 | }
13 | 


--------------------------------------------------------------------------------
/app-profile-jee-html5/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "quickstart",
3 |   "auth-server-url": "http://localhost:8180/auth",
4 |   "resource": "app-profile-html5",
5 |   "public-client": true
6 | }
7 | 


--------------------------------------------------------------------------------
/app-profile-jee-html5/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 | 
18 |     
20 |     
21 | 
22 |     
23 |     
24 |         
26 |         
27 |             127.0.0.1
28 |             9990
29 |             ${basedir}/target/wildfly-${version.wildfly}
30 |         
31 |     
32 | 
33 |     
34 |         phantomjs
35 |     
36 | 
37 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "app-profile-jsp",
 3 |     "rootUrl": "http://localhost:8080/app-profile-jsp",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8080/app-profile-jsp/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8080"
10 |     ],
11 |     "publicClient": false,
12 |     "secret": "578262e1-9181-4721-baec-7cc913331c1f"
13 | }
14 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/config/keycloak-example.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "realm": "quickstart",
 3 |   "auth-server-url": "http://localhost:8180/auth",
 4 |   "ssl-required": "external",
 5 |   "resource": "app-profile-jsp",
 6 |   "credentials": {
 7 |     "secret": "578262e1-9181-4721-baec-7cc913331c1f"
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml:
--------------------------------------------------------------------------------
1 | 
2 |     
3 |         
4 |             
5 |             
6 |         
7 |     
8 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
22 |     
23 |         
24 |             app
25 |             /profile.jsp
26 |         
27 |         
28 |             *
29 |         
30 |     
31 | 
32 |     
33 |         KEYCLOAK
34 |     
35 | 
36 |     
37 |         *
38 |     
39 | 
40 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
 1 | 
17 | 
18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1" %>
19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
20 | 
21 | 
22 | 
23 |     
24 |     Keycloak Example App
25 | 
26 |     
27 | 
28 | 
29 | 
30 | <% controller.handleLogout(request); %>
31 | 
32 | 
33 | 
34 |     
35 | 
36 | 
37 | 

38 |     

39 |         
40 |     

41 | 
42 |     

43 |         
Please login

44 |     

45 | 

46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/app-profile-jee-jsp/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 | 
18 |     
20 |     
21 | 
22 |     
23 |     
24 |         
26 |         
27 |             127.0.0.1
28 |             9990
29 |             ${basedir}/target/wildfly-${version.wildfly}
30 |         
31 |     
32 | 
33 |     
34 |         phantomjs
35 |     
36 | 
37 | 


--------------------------------------------------------------------------------
/app-profile-jee-vanilla/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "app-profile-vanilla",
 3 |     "rootUrl": "http://localhost:8080/vanilla",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8080/vanilla/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8080"
10 |     ],
11 |     "publicClient": false,
12 |     "secret": "578262e1-9181-4721-baec-7cc913331c1f"
13 | }
14 | 


--------------------------------------------------------------------------------
/app-profile-jee-vanilla/src/main/java/org/keycloak/quickstart/profilejee/Controller.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 |  * and other contributors as indicated by the @author tags.
 4 |  *
 5 |  * Licensed under the Apache License, Version 2.0 (the "License");
 6 |  * you may not use this file except in compliance with the License.
 7 |  * You may obtain a copy of the License at
 8 |  *
 9 |  * http://www.apache.org/licenses/LICENSE-2.0
10 |  *
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.profilejee;
18 | 
19 | import javax.servlet.ServletException;
20 | import javax.servlet.http.HttpServletRequest;
21 | 
22 | /**
23 |  * Controller simplifies access to the server environment from the JSP.
24 |  *
25 |  * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc.
26 |  */
27 | public class Controller {
28 | 
29 |     public void handleLogout(HttpServletRequest req) throws ServletException {
30 |         if (req.getParameter("logout") != null) {
31 |             req.logout();
32 |         }
33 |     }
34 | 
35 |     public boolean isLoggedIn(HttpServletRequest req) {
36 |         return req.getUserPrincipal() != null;
37 |     }
38 | 
39 | }
40 | 


--------------------------------------------------------------------------------
/app-profile-jee-vanilla/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
22 | 
23 |     vanilla
24 | 
25 |     
26 |         
27 |             app-profile-jee
28 |             /profile.jsp
29 |         
30 |         
31 |             *
32 |         
33 |     
34 | 
35 |     
36 |         BASIC
37 |     
38 | 
39 |     
40 |         *
41 |     
42 | 
43 | 
44 | 
45 | 


--------------------------------------------------------------------------------
/app-profile-jee-vanilla/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
 1 | 
17 | 
18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%>
19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
20 | 
21 | 
22 |     
23 |         
24 |         Keycloak Example App
25 | 
26 |         
27 |     
28 |     
29 |         
30 |         <% controller.handleLogout(request); %>
31 |         
32 |         
33 |         
34 |             
35 |         
36 | 
37 |         

38 |             

39 |                 
40 |             

41 | 
42 |             

43 |                 
Please login

44 |             

45 |         

46 |     
47 | 
48 | 


--------------------------------------------------------------------------------
/app-profile-saml-jee-jsp/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
22 |     
23 |         
24 |             app
25 |             /profile.jsp
26 |         
27 |         
28 |             user
29 |         
30 |     
31 | 
32 |     
33 |         KEYCLOAK-SAML
34 |     
35 | 
36 |     
37 |         user
38 |     
39 | 
40 | 


--------------------------------------------------------------------------------
/app-profile-saml-jee-jsp/src/main/webapp/index.jsp:
--------------------------------------------------------------------------------
 1 | 
17 | 
18 | <%@page contentType="text/html" pageEncoding="ISO-8859-1"%>
19 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
20 | 
21 | 
22 |     
23 |         
24 |         Keycloak Example App
25 | 
26 |         
27 |     
28 |     
29 |         
30 |         
31 |         
32 |         
33 |             
34 |         
35 | 
36 |         

37 |             

38 |                 
39 |             

40 | 
41 |             

42 |                 
Please login

43 |             

44 |         

45 |     
46 | 
47 | 


--------------------------------------------------------------------------------
/app-profile-saml-jee-jsp/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
22 | 
23 | 
24 |     
26 |     
27 | 
28 |     
29 |     
30 |         
32 |         
33 |             127.0.0.1
34 |             9990
35 |             ${basedir}/target/wildfly-${version.wildfly}
36 |             ../../../test-classes/standalone-test.xml
37 |         
38 |     
39 | 
40 |     
41 |         phantomjs
42 |     
43 | 
44 | 


--------------------------------------------------------------------------------
/authz-js-policies/pom.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
20 |     4.0.0
21 |     
22 |         org.keycloak.quickstarts
23 |         keycloak-quickstart-parent
24 |         7.4.0.GA
25 |         ../pom.xml
26 |     
27 | 
28 |     authz-js-policies
29 |     jar
30 |     Red Hat SSO Quickstarts: JS Policies
31 |     JS Policies used by Authorization Services Quickstarts
32 | 
33 |     
34 |         ${project.artifactId}
35 |         
36 |             
37 |                 src/main/resources
38 |                 true
39 |             
40 |         
41 |     
42 | 
43 | 


--------------------------------------------------------------------------------
/authz-js-policies/src/main/resources/META-INF/keycloak-scripts.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "policies": [
 3 |     {
 4 |       "name": "Match User From Requested Uri",
 5 |       "fileName": "match-user-from-uri.js",
 6 |       "description": "A policy that extracts the username from a request URI and check if it matches the current identity"
 7 |     },
 8 |     {
 9 |       "name": "Claim-Based",
10 |       "fileName": "pushed-claim-from-request.js",
11 |       "description": "A policy that makes decision based on the value of a context attribute"
12 |     },
13 |     {
14 |       "name": "Always Grant",
15 |       "fileName": "always-grant.js",
16 |       "description": "A policy that always grants access"
17 |     },
18 |     {
19 |       "name": "Only Owner",
20 |       "fileName": "only-owner.js",
21 |       "description": "A policy that always grants access to resource owners"
22 |     }
23 |   ]
24 | }


--------------------------------------------------------------------------------
/authz-js-policies/src/main/resources/always-grant.js:
--------------------------------------------------------------------------------
1 | // by default, grants any permission associated with this policy
2 | $evaluation.grant();


--------------------------------------------------------------------------------
/authz-js-policies/src/main/resources/match-user-from-uri.js:
--------------------------------------------------------------------------------
 1 | var context = $evaluation.getContext();
 2 | var attributes = context.getAttributes();
 3 | var httpUri = attributes.getValue('http.uri');
 4 | 
 5 | if (httpUri) {
 6 |     var uriParts = httpUri.asString(0).split('/');
 7 |     var identity = context.getIdentity();
 8 |     var username = identity.getAttributes().getValue('preferred_username').asString(0);
 9 | 
10 |     if (uriParts[2] == username) {
11 |         $evaluation.grant();
12 |     }
13 | }


--------------------------------------------------------------------------------
/authz-js-policies/src/main/resources/only-owner.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.context;
2 | var identity = context.identity;
3 | var permission = $evaluation.permission;
4 | var resource = permission.resource;
5 | 
6 | if (resource.owner == identity.id) {
7 |     $evaluation.grant();
8 | }


--------------------------------------------------------------------------------
/authz-js-policies/src/main/resources/pushed-claim-from-request.js:
--------------------------------------------------------------------------------
1 | var context = $evaluation.context;
2 | 
3 | var attributes = context.attributes;
4 | 
5 | if (attributes.containsValue('some-claim', 'claim-value')) {
6 |     $evaluation.grant();
7 | }


--------------------------------------------------------------------------------
/config/partial-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "roles": {
 3 |     "realm" : [{
 4 |         "name": "user"
 5 |      }]
 6 |   },
 7 | 
 8 |   "users": [{
 9 |     "username" : "user",
10 |     "enabled": true,
11 |     "credentials" : [{ 
12 |       "type" : "password",
13 |       "value" : "password" 
14 |     }],
15 |     "realmRoles": ["user"],
16 |     "clientRoles": {
17 |       "account": ["view-profile", "manage-account"]
18 |     }
19 |   }]
20 | }
21 | 


--------------------------------------------------------------------------------
/docs/pull_request_template.md:
--------------------------------------------------------------------------------
1 | 
4 | 


--------------------------------------------------------------------------------
/docs/test-development.md:
--------------------------------------------------------------------------------
 1 | # Writing tests
 2 | 
 3 | We focus primarily on integration/functional level tests. Unit tests are avoided and only recommended for isolated
 4 | classes such as small utils. We do not use any mocking frameworks and we will not accept any contributions that adds a 
 5 | mocking framework.
 6 | 
 7 | When writing tests please follow the same approach as we have taken in the other tests. There are many ways to 
 8 | test software and we have chosen ours, so please appreciate that.
 9 | 
10 | The main tests are provided in `src/test/java` for each Quickstart folder. Most of the integration tests are there.
11 | 
12 | Any test inside the quickstarts should be reasonable and straightforward to understand. But feedback for improvements are always welcome.
13 | 
14 | When developing your test depending on the feature or enhancement you are testing you may find it best to add to an
15 | existing test, or to write a test from scratch. For the latter, we recommend finding another test that is close to what 
16 | you need and use that as a basis.
17 | 
18 | 
19 | # Running integration tests
20 | 
21 | By default, the integration tests for each quickstart, expect this initial admin user to have `admin` as username and `admin` as password. This is configurable in each `ArquillianTest` class.
22 | 
23 | ```
24 | static {
25 |     try {
26 |         importTestRealm("admin", "admin", "/quickstart-realm.json");
27 |     } catch (IOException e) {
28 |         e.printStackTrace();
29 |     }
30 | }
31 | ```
32 | 
33 | If you don't have access to admin's credentials, please import the `quickstart-realm.json` from `src/test/resources`.
34 | 
35 | To run integration tests for JBoss EAP managed quickstarts use the following command:
36 | ```
37 | mvn clean install -Pwildfly-managed -Denforcer.skip=true
38 | ```
39 | 
40 | If you want to run the tests for a quickstart that doesn't need JBoss EAP, you have to use appropriate profile. See a particular quickstart's README for more details.
41 | 


--------------------------------------------------------------------------------
/fuse63/app-war/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "fuse-app-jsp",
 3 |     "adminUrl": "http://localhost:8181/app-war-jsp",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8181/app-war-jsp/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8181"
10 |     ],
11 |     "publicClient": false,
12 |     "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79"
13 | }
14 | 


--------------------------------------------------------------------------------
/fuse63/app-war/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "auth-server-url": "http://localhost:8180/auth",
4 |   "ssl-required": "external",
5 |   "resource": "fuse-app-jsp",
6 |   "credentials": {
7 |     "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79"
8 |   }
9 | }


--------------------------------------------------------------------------------
/fuse63/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ProtectedServlet.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.fuse.appjee;
 2 | 
 3 | import java.io.IOException;
 4 | 
 5 | import javax.servlet.ServletException;
 6 | import javax.servlet.http.HttpServlet;
 7 | import javax.servlet.http.HttpServletRequest;
 8 | import javax.servlet.http.HttpServletResponse;
 9 | 
10 | /**
11 |  * @author Marek Posolda
12 |  */
13 | public class ProtectedServlet extends HttpServlet {
14 | 
15 |     @Override
16 |     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
17 |         req.getRequestDispatcher("index.jsp").forward(req, resp);
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/fuse63/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ServiceLocator.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.fuse.appjee;
 2 | 
 3 | import java.net.MalformedURLException;
 4 | import java.net.URL;
 5 | import java.util.logging.Logger;
 6 | 
 7 | import javax.servlet.http.HttpServletRequest;
 8 | 
 9 | /**
10 |  * @author Marko Strukelj
11 |  */
12 | public class ServiceLocator {
13 | 
14 |     private static final Logger log = Logger.getLogger(ServiceLocator.class.getName());
15 | 
16 |     public static URL getServiceUrl(HttpServletRequest req) {
17 | 
18 |         String uri = null;
19 |         try {
20 |             uri = System.getProperty("service.url");
21 |             if (uri != null) {
22 |                 return new URL(uri);
23 |             }
24 | 
25 |             uri = System.getenv("SERVICE_URL");
26 |             if (uri != null) {
27 |                 return new URL(uri);
28 |             }
29 | 
30 |             URL requestUrl = new URL(req.getRequestURL().toString());
31 | 
32 |             String host = requestUrl.getHost();
33 |             String schema = requestUrl.getProtocol();
34 |             String port = requestUrl.getPort() != -1 ? (":" + requestUrl.getPort()) : "";
35 | 
36 |             uri = schema + "://" + host + port + "/service";
37 |             return new URL(uri);
38 | 
39 |         } catch (MalformedURLException e) {
40 |             throw new RuntimeException("Malformed url: " + uri);
41 |         } finally {
42 |             log.info("Service url: " + uri);
43 |         }
44 |     }
45 | }
46 | 


--------------------------------------------------------------------------------
/fuse63/app-war/src/main/webapp/WEB-INF/jetty-web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
19 | 
20 | 
21 |     
22 |         
23 |             
24 |             
25 |         
26 |     
27 | 


--------------------------------------------------------------------------------
/fuse63/features/README.md:
--------------------------------------------------------------------------------
1 | JBoss Fuse Features
2 | ===================
3 | This module contains the Karaf feature `keycloak-fuse63-quickstarts`, which is used by `server` module to install all the other Keycloak Fuse Quickstart applications into the JBoss Fuse server.
4 | 


--------------------------------------------------------------------------------
/fuse63/features/src/main/resources/features.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
19 | 
20 | 
21 |     
22 |         
The Keycloak Fuse example

23 |         war
24 |         camel
25 |         camel-jetty
26 |         cxf
27 |         keycloak
28 |         keycloak-jetty9-adapter
29 |         mvn:org.keycloak.quickstarts/keycloak-fuse63-app-war-jsp/${project.version}/war
30 |         mvn:org.keycloak.quickstarts/keycloak-fuse63-service-camel/${project.version}
31 |         mvn:org.keycloak.quickstarts/keycloak-fuse63-service-cxf-jaxrs/${project.version}
32 |     
33 | 
34 | 


--------------------------------------------------------------------------------
/fuse63/server/src/main/resources/install-features.cli:
--------------------------------------------------------------------------------
1 | features:addurl mvn:org.keycloak/keycloak-osgi-features/${version.keycloak}/xml/features
2 | features:addurl mvn:org.keycloak.quickstarts/keycloak-fuse63-features/${project.version}/xml/features
3 | features:install keycloak-fuse63-quickstarts
4 | 


--------------------------------------------------------------------------------
/fuse63/server/src/main/resources/install-features.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "JAVA_HOME=$JAVA_HOME"
 3 | 
 4 | ./start
 5 | 
 6 | echo "Karaf container starting"
 7 | sleep 5
 8 | 
 9 | TIMEOUT=5
10 | DELAY=1
11 | T=0
12 | 
13 | RESULT=0
14 | 
15 | until [ $T -gt $TIMEOUT ]
16 | do
17 |   if ./client info; then
18 |     echo "Server is reachable."
19 | 
20 | 
21 |     echo "Updating Config"
22 |     ./client -f update-config.cli
23 |     if [ $? -ne 0 ]; then
24 |       echo "Call update-config.cli failed!";
25 |       RESULT=1;
26 |     else
27 |       ./client config:list | grep org.ops4j.pax.url.mvn.
28 |     fi
29 | 
30 |     echo "Installing features."
31 |     ./client -f install-features.cli
32 |     if [ $? -ne 0 ]; then
33 |       echo "Call install-features.cli failed!";
34 |       RESULT=1;
35 |     fi
36 |     exit $RESULT
37 |   else
38 |     echo "Server is not reachable. Waiting."
39 |     sleep $DELAY
40 |     let T=$T+$DELAY
41 |   fi
42 | done
43 | 


--------------------------------------------------------------------------------
/fuse63/server/src/main/resources/update-config.cli:
--------------------------------------------------------------------------------
1 | config:edit org.ops4j.pax.url.mvn
2 | config:propset org.ops4j.pax.url.mvn.localRepository ${user.home}/.m2/repository
3 | config:update
4 | 
5 | features:refreshurl
6 | 
7 | dev:system-property service.url ${service.url}
8 | 


--------------------------------------------------------------------------------
/fuse63/server/src/main/resources/users.properties:
--------------------------------------------------------------------------------
1 | karaf = karaf,_g_:admingroup
2 | _g_\:admingroup = group,admin,manager,viewer,webconsole
3 | 


--------------------------------------------------------------------------------
/fuse63/service-camel/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |   "clientId": "fuse-service-camel",
3 |   "enabled": true,
4 |   "bearerOnly": true,
5 |   "adminUrl": "http://localhost:8383/service"
6 | }
7 | 


--------------------------------------------------------------------------------
/fuse63/service-camel/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "fuse-service-camel"
7 | }


--------------------------------------------------------------------------------
/fuse63/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/CamelHelloProcessor.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.camel;
18 | 
19 | import javax.servlet.http.HttpServletRequest;
20 | 
21 | import org.apache.camel.Exchange;
22 | import org.apache.camel.Processor;
23 | import org.keycloak.KeycloakPrincipal;
24 | import org.keycloak.util.JsonSerialization;
25 | 
26 | /**
27 |  * @author Marek Posolda
28 |  */
29 | public class CamelHelloProcessor implements Processor {
30 | 
31 |     @Override
32 |     public void process(Exchange exchange) throws Exception {
33 |         HttpServletRequest req = exchange.getIn().getBody(HttpServletRequest.class);
34 | 
35 |         // KeycloakPrincipal encapsulates informations like token etc
36 |         KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal) req.getUserPrincipal();
37 | 
38 |         String suffix = (String) exchange.getIn().getHeader("id");
39 | 
40 |         exchange.getOut().setHeader(Exchange.CONTENT_TYPE, "application/json");
41 |         Message message = new Message("camel - " + suffix);
42 |         String jsonResponse = JsonSerialization.writeValueAsString(message);
43 |         exchange.getOut().setBody(jsonResponse);
44 |     }
45 | }
46 | 


--------------------------------------------------------------------------------
/fuse63/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/Message.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.camel;
18 | 
19 | 
20 | public class Message {
21 | 
22 |     private String message;
23 | 
24 |     public Message(String message) {
25 |         this.message = message;
26 |     }
27 | 
28 |     public String getMessage() {
29 |         return message;
30 |     }
31 | 
32 |     public void setMessage(String message) {
33 |         this.message = message;
34 |     }
35 | 
36 | }
37 | 


--------------------------------------------------------------------------------
/fuse63/service-camel/src/main/resources/config/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse63/service-camel/src/main/resources/config/.gitkeep


--------------------------------------------------------------------------------
/fuse63/service-cxf-jaxrs/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |   "clientId": "fuse-service-cxf",
3 |   "enabled": true,
4 |   "bearerOnly": true
5 | }
6 | 


--------------------------------------------------------------------------------
/fuse63/service-cxf-jaxrs/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "fuse-service-cxf"
7 | }


--------------------------------------------------------------------------------
/fuse63/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Message.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.cxf.rs;
18 | 
19 | public class Message {
20 | 
21 |     private String message;
22 | 
23 |     public Message(String message) {
24 |         this.message = message;
25 |     }
26 | 
27 |     public String getMessage() {
28 |         return message;
29 |     }
30 | 
31 |     public void setMessage(String message) {
32 |         this.message = message;
33 |     }
34 | 
35 | }
36 | 


--------------------------------------------------------------------------------
/fuse63/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Resource.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.cxf.rs;
18 | 
19 | import javax.servlet.http.HttpServletResponse;
20 | import javax.ws.rs.GET;
21 | import javax.ws.rs.Path;
22 | import javax.ws.rs.Produces;
23 | import javax.ws.rs.core.Context;
24 | import javax.ws.rs.core.HttpHeaders;
25 | import javax.ws.rs.core.MediaType;
26 | 
27 | @Path("/")
28 | public class Resource {
29 | 
30 |     @GET
31 |     @Produces(MediaType.APPLICATION_JSON)
32 |     @Path("public")
33 |     public Message getPublic(@Context HttpHeaders header, @Context HttpServletResponse response){
34 |         response.setHeader("Access-Control-Allow-Origin", "*");
35 |         return new Message("cxf - public");
36 |     }
37 | 
38 |     @GET
39 |     @Produces(MediaType.APPLICATION_JSON)
40 |     @Path("secured")
41 |     public Message getSecured() {
42 |         return new Message("cxf - secured");
43 |     }
44 | 
45 |     @GET
46 |     @Produces(MediaType.APPLICATION_JSON)
47 |     @Path("admin")
48 |     public Message getAdmin() {
49 |         return new Message("cxf - admin");
50 |     }
51 | 
52 | }
53 | 


--------------------------------------------------------------------------------
/fuse63/service-cxf-jaxrs/src/main/resources/config/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse63/service-cxf-jaxrs/src/main/resources/config/.gitkeep


--------------------------------------------------------------------------------
/fuse70/app-war/config/client-import.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "clientId": "fuse-app-jsp",
 3 |     "adminUrl": "http://localhost:8181/app-war-jsp",
 4 |     "enabled": true,
 5 |     "redirectUris": [
 6 |         "http://localhost:8181/app-war-jsp/*"
 7 |     ],
 8 |     "webOrigins": [
 9 |         "http://localhost:8181"
10 |     ],
11 |     "publicClient": false,
12 |     "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79"
13 | }
14 | 


--------------------------------------------------------------------------------
/fuse70/app-war/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "auth-server-url": "http://localhost:8180/auth",
4 |   "ssl-required": "external",
5 |   "resource": "fuse-app-jsp",
6 |   "credentials": {
7 |     "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79"
8 |   }
9 | }


--------------------------------------------------------------------------------
/fuse70/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ProtectedServlet.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.fuse.appjee;
 2 | 
 3 | import java.io.IOException;
 4 | 
 5 | import javax.servlet.ServletException;
 6 | import javax.servlet.http.HttpServlet;
 7 | import javax.servlet.http.HttpServletRequest;
 8 | import javax.servlet.http.HttpServletResponse;
 9 | 
10 | /**
11 |  * @author Marek Posolda
12 |  */
13 | public class ProtectedServlet extends HttpServlet {
14 | 
15 |     @Override
16 |     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
17 |         req.getRequestDispatcher("index.jsp").forward(req, resp);
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/fuse70/app-war/src/main/java/org/keycloak/quickstart/fuse/appjee/ServiceLocator.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.fuse.appjee;
 2 | 
 3 | import java.net.MalformedURLException;
 4 | import java.net.URL;
 5 | import java.util.logging.Logger;
 6 | 
 7 | import javax.servlet.http.HttpServletRequest;
 8 | 
 9 | /**
10 |  * @author Marko Strukelj
11 |  */
12 | public class ServiceLocator {
13 | 
14 |     private static final Logger log = Logger.getLogger(ServiceLocator.class.getName());
15 | 
16 |     public static URL getServiceUrl(HttpServletRequest req) {
17 | 
18 |         String uri = null;
19 |         try {
20 |             uri = System.getProperty("service.url");
21 |             if (uri != null) {
22 |                 return new URL(uri);
23 |             }
24 | 
25 |             uri = System.getenv("SERVICE_URL");
26 |             if (uri != null) {
27 |                 return new URL(uri);
28 |             }
29 | 
30 |             URL requestUrl = new URL(req.getRequestURL().toString());
31 | 
32 |             String host = requestUrl.getHost();
33 |             String schema = requestUrl.getProtocol();
34 |             String port = requestUrl.getPort() != -1 ? (":" + requestUrl.getPort()) : "";
35 | 
36 |             uri = schema + "://" + host + port + "/service";
37 |             return new URL(uri);
38 | 
39 |         } catch (MalformedURLException e) {
40 |             throw new RuntimeException("Malformed url: " + uri);
41 |         } finally {
42 |             log.info("Service url: " + uri);
43 |         }
44 |     }
45 | }
46 | 


--------------------------------------------------------------------------------
/fuse70/features/README.md:
--------------------------------------------------------------------------------
1 | JBoss Fuse Features
2 | ===================
3 | This module contains the Karaf feature `keycloak-fuse70-quickstarts`, which is used by `server` module to install all the other Keycloak Fuse Quickstart applications into the JBoss Fuse server.
4 | 


--------------------------------------------------------------------------------
/fuse70/features/src/main/resources/features.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
18 | 
19 | 
20 | 
21 |     
22 |         
The Keycloak Fuse 7.0 example

23 |         war
24 |         camel
25 |         cxf
26 |         keycloak-pax-http-undertow
27 |         mvn:org.keycloak.quickstarts/keycloak-fuse70-app-war-jsp/${project.version}/war
28 |         mvn:org.keycloak.quickstarts/keycloak-fuse70-service-camel/${project.version}
29 |         mvn:org.keycloak.quickstarts/keycloak-fuse70-service-cxf-jaxrs/${project.version}
30 |     
31 | 
32 | 


--------------------------------------------------------------------------------
/fuse70/server/src/main/resources/install-features.cli:
--------------------------------------------------------------------------------
1 | features:addurl mvn:org.keycloak/keycloak-osgi-features/${version.keycloak}/xml/features
2 | features:addurl mvn:org.keycloak.quickstarts/keycloak-fuse70-features/${project.version}/xml/features
3 | features:install keycloak-fuse70-quickstarts
4 | 


--------------------------------------------------------------------------------
/fuse70/server/src/main/resources/install-features.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "JAVA_HOME=$JAVA_HOME"
 3 | 
 4 | ./start
 5 | 
 6 | echo "Karaf container starting"
 7 | sleep 5
 8 | 
 9 | TIMEOUT=5
10 | DELAY=1
11 | T=0
12 | 
13 | RESULT=0
14 | 
15 | until [ $T -gt $TIMEOUT ]
16 | do
17 |   if ./client info; then
18 |     echo "Server is reachable."
19 | 
20 | 
21 |     echo "Updating Config"
22 |     ./client -f update-config.cli
23 |     if [ $? -ne 0 ]; then
24 |       echo "Call update-config.cli failed!";
25 |       RESULT=1;
26 |     else
27 |       ./client config:list | grep org.ops4j.pax.url.mvn.
28 |     fi
29 | 
30 |     echo "Installing features."
31 |     ./client -f install-features.cli
32 |     if [ $? -ne 0 ]; then
33 |       echo "Call install-features.cli failed!";
34 |       RESULT=1;
35 |     fi
36 |     exit $RESULT
37 |   else
38 |     echo "Server is not reachable. Waiting."
39 |     sleep $DELAY
40 |     let T=$T+$DELAY
41 |   fi
42 | done
43 | 


--------------------------------------------------------------------------------
/fuse70/server/src/main/resources/update-config.cli:
--------------------------------------------------------------------------------
1 | config:edit org.ops4j.pax.url.mvn
2 | config:propset org.ops4j.pax.url.mvn.localRepository ${user.home}/.m2/repository
3 | config:update
4 | 
5 | features:refreshurl
6 | 
7 | dev:system-property service.url ${service.url}
8 | 


--------------------------------------------------------------------------------
/fuse70/server/src/main/resources/users.properties:
--------------------------------------------------------------------------------
1 | karaf = karaf,_g_:admingroup
2 | _g_\:admingroup = group,admin,manager,viewer,webconsole,ssh
3 | 


--------------------------------------------------------------------------------
/fuse70/service-camel/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |   "clientId": "fuse-service-camel",
3 |   "enabled": true,
4 |   "bearerOnly": true,
5 |   "adminUrl": "http://localhost:8383/service"
6 | }
7 | 


--------------------------------------------------------------------------------
/fuse70/service-camel/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "fuse-service-camel"
7 | }


--------------------------------------------------------------------------------
/fuse70/service-camel/src/main/java/org/keycloak/quickstart/fuse/camel/Message.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.camel;
18 | 
19 | 
20 | public class Message {
21 | 
22 |     private String message;
23 | 
24 |     public Message(String message) {
25 |         this.message = message;
26 |     }
27 | 
28 |     public String getMessage() {
29 |         return message;
30 |     }
31 | 
32 |     public void setMessage(String message) {
33 |         this.message = message;
34 |     }
35 | 
36 | }
37 | 


--------------------------------------------------------------------------------
/fuse70/service-camel/src/main/resources/config/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse70/service-camel/src/main/resources/config/.gitkeep


--------------------------------------------------------------------------------
/fuse70/service-cxf-jaxrs/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |   "clientId": "fuse-service-cxf",
3 |   "enabled": true,
4 |   "bearerOnly": true
5 | }
6 | 


--------------------------------------------------------------------------------
/fuse70/service-cxf-jaxrs/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "master",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "fuse-service-cxf"
7 | }


--------------------------------------------------------------------------------
/fuse70/service-cxf-jaxrs/src/main/java/org/keycloak/quickstart/fuse/cxf/rs/Message.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.fuse.cxf.rs;
18 | 
19 | public class Message {
20 | 
21 |     private String message;
22 | 
23 |     public Message(String message) {
24 |         this.message = message;
25 |     }
26 | 
27 |     public String getMessage() {
28 |         return message;
29 |     }
30 | 
31 |     public void setMessage(String message) {
32 |         this.message = message;
33 |     }
34 | 
35 | }
36 | 


--------------------------------------------------------------------------------
/fuse70/service-cxf-jaxrs/src/main/resources/config/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer/redhat-sso-quickstarts/e4069f5f54b730f9833533dd5459b3d4d5eacdfe/fuse70/service-cxf-jaxrs/src/main/resources/config/.gitkeep


--------------------------------------------------------------------------------
/maven-settings.xml:
--------------------------------------------------------------------------------
 1 | 
 5 | 
 6 |   
 7 |     org.jenkins-ci.tools
 8 |   
 9 | 
10 |   
11 |     
12 |       jboss-public-repository
13 |       
14 |         
15 |           jboss-public-repository-group
16 |           JBoss Public Maven Repository Group
17 |           http://repository.jboss.org/nexus/content/groups/public/
18 |           default
19 |           
20 |             true
21 |             never
22 |           
23 |           
24 |             true
25 |             never
26 |           
27 |         
28 |       
29 |       
30 |         
31 |           jboss-public-repository-group
32 |           JBoss Public Maven Repository Group
33 |           http://repository.jboss.org/nexus/content/groups/public/
34 |           default
35 |           
36 |             true
37 |             never
38 |           
39 |           
40 |             true
41 |             never
42 |           
43 |         
44 |       
45 |     
46 |   
47 | 
48 |   
49 |     jboss-public-repository
50 |   
51 | 
52 | 
53 | 


--------------------------------------------------------------------------------
/scripts/generate_keycloak_json.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -x
 2 | 
 3 | ## This is a helper script for generating "keycloak.json" files from "keycloak-example.json".
 4 | ## Use this to test your changes against the Enforcer Plugin.
 5 | 
 6 | for f in $(find . -type f -name 'keycloak-example.json'); do
 7 |    cp "$f" "${f%-example.json}.json"
 8 | done
 9 | 
10 | for f in $(find . -type f -name 'keycloak-saml-example.xml'); do
11 |    cp "$f" "${f%-example.xml}.xml"
12 | done
13 | 


--------------------------------------------------------------------------------
/scripts/ssorepo.txt:
--------------------------------------------------------------------------------
 1 |     
 2 |         
 3 |             jboss-enterprise-maven-repository
 4 |             https://maven.repository.redhat.com/ga/
 5 |             
 6 |                 true
 7 |             
 8 |             
 9 |                 false
10 |             
11 |         
12 |     
13 | 


--------------------------------------------------------------------------------
/scripts/start-server.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | . scripts/version.sh
 4 | 
 5 | set -v
 6 | 
 7 | function waitForServer {
 8 |   # Give the server some time to start up. Look for a well-known
 9 |   # bit of text in the log file. Try at most 50 times before giving up.
10 |   C=50
11 |   while [ $C -gt 0 ]
12 |   do
13 |     grep "Keycloak ${VERSION} (WildFly Core .*) started" keycloak.log
14 |     if [ $? -eq 0 ]; then
15 |       echo "Server started."
16 |       C=0
17 |     else
18 |       echo -n "."
19 |       C=$(( $C - 1 ))
20 |     fi
21 |     sleep 1
22 |   done
23 | }
24 | 
25 | ARCHIVE="${KEYCLOAK}.tar.gz"
26 | DIST="keycloak-server-dist"
27 | URL="https://repo1.maven.org/maven2/org/keycloak/$DIST/${VERSION}/$DIST-${VERSION}.tar.gz"
28 | # Download keycloak server if we don't already have it
29 | if [[ $TRAVIS_BRANCH = "latest" ]];
30 | then
31 |   curl -o $ARCHIVE $URL
32 |   tar xzf $ARCHIVE
33 |   rm -f $ARCHIVE
34 | else
35 |   KEYCLOAK="keycloak-server"
36 | fi
37 | 
38 | cp authz-js-policies/target/authz-js-policies.jar $KEYCLOAK/standalone/deployments 
39 | $KEYCLOAK/bin/add-user-keycloak.sh -u admin -p admin
40 | # Start the server
41 | $KEYCLOAK/bin/standalone.sh -Djava.net.preferIPv4Stack=true \
42 |                             -Djboss.socket.binding.port-offset=100 > keycloak.log 2>&1 &
43 | 
44 | waitForServer
45 | 


--------------------------------------------------------------------------------
/scripts/stop-server.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | . scripts/version.sh
4 | 
5 | ${KEYCLOAK}/bin/jboss-cli.sh --connect controller=127.0.0.1:10090 command=:shutdown
6 | 


--------------------------------------------------------------------------------
/scripts/version.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | export VERSION=`curl -s https://repo1.maven.org/maven2/org/keycloak/keycloak-server-dist/ | sed -e 's/<[^>]*>//g' | grep -i final | cut -d '/' -f1 | tail -n1`
4 | export KEYCLOAK="keycloak-${VERSION}"
5 | 


--------------------------------------------------------------------------------
/service-jee-jaxrs/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |     "clientId": "service-jaxrs",
3 |     "enabled": true,
4 |     "bearerOnly": true
5 | }
6 | 


--------------------------------------------------------------------------------
/service-jee-jaxrs/config/keycloak-example.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "quickstart",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "service-jaxrs"
7 | }


--------------------------------------------------------------------------------
/service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Application.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.jaxrs;
18 | 
19 | import javax.ws.rs.ApplicationPath;
20 | 
21 | @ApplicationPath("/")
22 | public class Application extends javax.ws.rs.core.Application {
23 | }
24 | 


--------------------------------------------------------------------------------
/service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Message.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.jaxrs;
18 | 
19 | public class Message {
20 | 
21 |     private String message;
22 | 
23 |     public Message(String message) {
24 |         this.message = message;
25 |     }
26 | 
27 |     public String getMessage() {
28 |         return message;
29 |     }
30 | 
31 |     public void setMessage(String message) {
32 |         this.message = message;
33 |     }
34 | 
35 | }
36 | 


--------------------------------------------------------------------------------
/service-jee-jaxrs/src/main/java/org/keycloak/quickstart/jaxrs/Resource.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.jaxrs;
18 | 
19 | import javax.servlet.http.HttpServletResponse;
20 | import javax.ws.rs.GET;
21 | import javax.ws.rs.Path;
22 | import javax.ws.rs.Produces;
23 | import javax.ws.rs.core.Context;
24 | import javax.ws.rs.core.HttpHeaders;
25 | import javax.ws.rs.core.MediaType;
26 | 
27 | @Path("/")
28 | public class Resource {
29 | 
30 |     @GET
31 |     @Produces(MediaType.APPLICATION_JSON)
32 |     @Path("public")
33 |     public Message getPublic(@Context HttpHeaders header, @Context HttpServletResponse response){
34 |         response.setHeader("Access-Control-Allow-Origin", "*");
35 |         return new Message("public");
36 |     }
37 | 
38 |     @GET
39 |     @Produces(MediaType.APPLICATION_JSON)
40 |     @Path("secured")
41 |     public Message getSecured() {
42 |         return new Message("secured");
43 |     }
44 | 
45 |     @GET
46 |     @Produces(MediaType.APPLICATION_JSON)
47 |     @Path("admin")
48 |     public Message getAdmin() {
49 |         return new Message("admin");
50 |     }
51 | 
52 | }
53 | 


--------------------------------------------------------------------------------
/service-jee-jaxrs/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 | 
18 |     
20 |     
21 | 
22 |     
23 |     
24 |         
26 |         
27 |             always
28 |             127.0.0.1
29 |             9990
30 |             ${basedir}/target/wildfly-${version.wildfly}
31 |         
32 |     
33 | 
34 | 
35 | 


--------------------------------------------------------------------------------
/service-nodejs/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |     "clientId": "service-nodejs",
3 |     "enabled": true,
4 |     "bearerOnly": true
5 | }
6 | 


--------------------------------------------------------------------------------
/service-nodejs/keycloak.json:
--------------------------------------------------------------------------------
1 | {
2 |   "realm": "quickstart",
3 |   "bearer-only": true,
4 |   "auth-server-url": "http://localhost:8180/auth",
5 |   "ssl-required": "external",
6 |   "resource": "service-nodejs"
7 | }


--------------------------------------------------------------------------------
/service-nodejs/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "service-nodejs",
 3 |   "version": "0.0.1",
 4 |   "scripts": {
 5 |     "start": "node app.js",
 6 |     "test": "tape test/*.js"
 7 |   },
 8 |   "dependencies": {
 9 |     "keycloak-connect": "keycloak/keycloak-nodejs-connect",
10 |     "body-parser": "^1.13.3",
11 |     "express": "^4.13.3",
12 |     "express-session": "^1.14.2",
13 |     "cors": "^2.8.1"
14 |   },
15 |   "devDependencies": {
16 |     "keycloak-request-token": "^0.1.0",
17 |     "keycloak-client-registration": "^0.1.0",
18 |     "eslint": "^3.3.1",
19 |     "eslint-config-semistandard": "^7.0.0-beta.0",
20 |     "eslint-config-standard": "^6.0.0",
21 |     "eslint-plugin-promise": "^3.3.0",
22 |     "eslint-plugin-react": "^6.1.2",
23 |     "eslint-plugin-standard": "^2.0.0",
24 |     "ink-docstrap": "^1.1.4",
25 |     "jsdoc": "^3.4.0",
26 |     "jshint": "^2.9.1",
27 |     "tape": "^4.5.1",
28 |     "roi": "^0.15.0"
29 |   }
30 | }
31 | 


--------------------------------------------------------------------------------
/service-nodejs/test/config.js:
--------------------------------------------------------------------------------
 1 | var baseUrl = 'http://localhost:8180/auth';
 2 | 
 3 | module.exports = {
 4 |   registration: {
 5 |     endpoint: baseUrl + '/realms/quickstart/clients-registrations',
 6 |     accessToken: ''
 7 |   },
 8 |   baseUrl: baseUrl,
 9 |   token: {
10 |     username: 'alice',
11 |     password: 'password',
12 |     grant_type: 'password',
13 |     client_id: 'test-cli',
14 |     realmName: 'quickstart'
15 |   },
16 |   testClient: {
17 |     clientId: 'test-cli',
18 |     consentRequired: "false",
19 |     publicClient: "true",
20 |     standardFlowEnabled: "false",
21 |     directAccessGrantsEnabled: "true",
22 |     fullScopeAllowed: "true"
23 |   }
24 | };
25 | 


--------------------------------------------------------------------------------
/service-springboot-rest/config/client-import.json:
--------------------------------------------------------------------------------
1 | {
2 |     "clientId": "service-springboot",
3 |     "enabled": true,
4 |     "bearerOnly": true
5 | }
6 | 


--------------------------------------------------------------------------------
/service-springboot-rest/src/main/java/org/keycloak/quickstart/springboot/service/ProductService.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * JBoss, Home of Professional Open Source
 3 |  * Copyright 2016, Red Hat, Inc. and/or its affiliates, and individual
 4 |  * contributors by the @authors tag. See the copyright.txt in the
 5 |  * distribution for a full listing of individual contributors.
 6 |  *
 7 |  * Licensed under the Apache License, Version 2.0 (the "License");
 8 |  * you may not use this file except in compliance with the License.
 9 |  * You may obtain a copy of the License at
10 |  * http://www.apache.org/licenses/LICENSE-2.0
11 |  * Unless required by applicable law or agreed to in writing, software
12 |  * distributed under the License is distributed on an "AS IS" BASIS,
13 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 |  * See the License for the specific language governing permissions and
15 |  * limitations under the License.
16 |  */
17 | package org.keycloak.quickstart.springboot.service;
18 | 
19 | import java.util.Arrays;
20 | import java.util.List;
21 | import org.springframework.stereotype.Component;
22 | 
23 | @Component
24 | public class ProductService {
25 | 
26 |     public List getProducts() {
27 |         return Arrays.asList(
28 |                 "alpha", "bravo", "charlie", "delta", "echo", "foxtrot");
29 |     }
30 | 
31 |     public String getPublic() {
32 |         return "public";
33 |     }
34 | 
35 | }
36 | 


--------------------------------------------------------------------------------
/service-springboot-rest/src/main/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.port = 8081
 2 | keycloak.realm=quickstart
 3 | keycloak.auth-server-url=http://localhost:8180/auth
 4 | keycloak.ssl-required=external
 5 | keycloak.resource=service-springboot
 6 | keycloak.public-client=true
 7 | keycloak.bearer-only=true
 8 | keycloak.securityConstraints[0].securityCollections[0].name = protected resource
 9 | keycloak.securityConstraints[0].authRoles[0] = user
10 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /products
11 | keycloak.securityConstraints[0].securityCollections[0].patterns[1] = /products/


--------------------------------------------------------------------------------
/service-springboot-rest/src/test/resources/application.properties:
--------------------------------------------------------------------------------
 1 | server.compression.enabled: true
 2 | server.compression.min-response-size: 1
 3 | server.connection-timeout=5000
 4 | server.port = 8081
 5 | keycloak.realm=quickstart
 6 | keycloak.auth-server-url=http://localhost:8180/auth
 7 | keycloak.ssl-required=external
 8 | keycloak.resource=test-demo
 9 | keycloak.public-client=true
10 | keycloak.bearer-only=true
11 | keycloak.securityConstraints[0].securityCollections[0].name = protected resource
12 | keycloak.securityConstraints[0].authRoles[0] = user
13 | keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /products
14 | 
15 | # Turn off the logs
16 | logging.level.root=OFF
17 | logging.level.org.springframework.boot=OFF
18 | spring.main.banner-mode=OFF
19 | 


--------------------------------------------------------------------------------
/set-version.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | NEW_VERSION=$1
 4 | 
 5 | LATEST_KEYCLOAK_VERSION=`curl -s "http://search.maven.org/solrsearch/select?q=g:org.keycloak%20AND%20a:keycloak-parent&rows=1&wt=json" | jq -r .response.docs[0].latestVersion`
 6 | 
 7 | mvn versions:update-parent -Dversion.keycloak=$LATEST_KEYCLOAK_VERSION -DparentVersion=$NEW_VERSION -DgenerateBackupPoms=false -Pbump-version
 8 | mvn versions:set -Dversion.keycloak=$LATEST_KEYCLOAK_VERSION -DnewVersion=$NEW_VERSION -DgenerateBackupPoms=false -DgroupId=org.keycloak* -DartifactId=* -Pbump-version
 9 | 
10 | sed -i "s|keycloak/keycloak:.*|keycloak/keycloak:$NEW_VERSION|" kubernetes-examples/keycloak.yaml
11 | sed -i "s|keycloak/keycloak:.*|keycloak/keycloak:$NEW_VERSION|" openshift-examples/keycloak.yaml
12 | 


--------------------------------------------------------------------------------
/travis-run-tests.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | if [ $1 == "group1" ]; then
 4 |   for i in `mvn -q --also-make exec:exec -Dexec.executable="pwd" | awk -F '/' '{if (NR > 1) print $NF}'`;
 5 |   do
 6 |     # FIXME Workaround to skip Angular.js app on Travis CI while we figure out the best way to fix the issues with Selenium
 7 |     if [ "$i" = "app-angular2" -o "$i" = "app-authz-uma-photoz" -o "$i" = "app-authz-photoz" -o "$i" = "photoz-html5-client" -o "$i" = "photoz-js-policies" -o "$i" = "photoz-restful-api" -o "$i" = "photoz-testsuite" -o "$i" = "app-profile-jee-html5" ]; then
 8 |       continue
 9 |     fi
10 |     mvn -B -s maven-settings.xml clean install -Pwildfly-managed -Denforcer.skip=true -f $i
11 |   done
12 | fi
13 | 
14 | if [ $1 == "group2" ]; then
15 |   mvn -B -s maven-settings.xml test -Pwildfly-managed -f action-token-authenticator/pom.xml /dev/null&
28 |   cd ../app-springboot
29 |   mvn -B -s ../maven-settings.xml clean test -Pspring-boot
30 | fi
31 | 
32 | if [ $1 == "group5" ]; then
33 |   mvn -B -s maven-settings.xml test -Pkeycloak-remote -f user-storage-jpa
34 |   mvn -B -s maven-settings.xml test -Pkeycloak-remote -f user-storage-simple
35 | fi
36 | if [ $1 == "group6" ] && [ $TRAVIS_PULL_REQUEST == "false" ]; then
37 |  ./productize.sh
38 |   exit 0
39 | fi  
40 | if [ $1 == "group7" ]; then
41 |   mvn -B -s maven-settings.xml test -Pkeycloak-remote -f event-listener-sysout
42 |   mvn -B -s maven-settings.xml test -Pkeycloak-remote -f event-store-mem
43 | fi
44 | 


--------------------------------------------------------------------------------
/travis-server.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | 
 3 | REPO="https://github.com/keycloak/keycloak.git"
 4 | 
 5 | echo "Building $TRAVIS_BRANCH"
 6 | 
 7 | if [[ $TRAVIS_BRANCH != "latest" ]]; then
 8 |   # Temporarily commented 
 9 |   # git clone --depth 1 $REPO  > /dev/null 2>&1 && cd keycloak
10 |   # Clone Keycloak repo
11 |   git clone $REPO  > /dev/null 2>&1 && cd keycloak
12 | 
13 |   # The exact version of Keycloak based on Maven
14 |   VERSION=`grep -A1 "keycloak-parent" pom.xml | grep ".*$" | awk -F'[><]' '{print $3}'`
15 | 
16 |   # Build the repository based on jboss-public-repository
17 |   mvn -s ../maven-settings.xml clean install --no-snapshot-updates -Pdistribution -DskipTestsuite -DskipTests=true -B -V
18 | 
19 |   # Extract and start the Keycloak server distribution
20 |   mkdir ../keycloak-server && tar xzf distribution/server-dist/target/keycloak-$VERSION.tar.gz -C ../keycloak-server --strip-components 1
21 |   cd .. && ./scripts/start-server.sh
22 | 
23 |   else
24 |   ./scripts/start-server.sh
25 | fi
26 | 


--------------------------------------------------------------------------------
/user-storage-jpa/src/main/resources/META-INF/persistence.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 7 |     
 8 |         java:jboss/datasources/ExampleXADS
 9 | 
10 |         org.keycloak.quickstart.storage.user.UserEntity
11 | 
12 |         
13 |             
14 |             
15 |         
16 |     
17 | 
18 | 


--------------------------------------------------------------------------------
/user-storage-jpa/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory:
--------------------------------------------------------------------------------
1 | org.keycloak.quickstart.storage.user.EjbExampleUserStorageProviderFactory


--------------------------------------------------------------------------------
/user-storage-jpa/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 |     
18 |     
19 |         
20 |             127.0.0.1
21 |             10090
22 |             admin
23 |             admin
24 |         
25 |     
26 | 
27 |     
28 |         phantomjs
29 |     
30 | 
31 | 


--------------------------------------------------------------------------------
/user-storage-simple/src/main/resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory:
--------------------------------------------------------------------------------
1 | org.keycloak.quickstart.readonly.PropertyFileUserStorageProviderFactory
2 | org.keycloak.quickstart.writeable.PropertyFileUserStorageProviderFactory


--------------------------------------------------------------------------------
/user-storage-simple/src/main/resources/users.properties:
--------------------------------------------------------------------------------
 1 | #
 2 | # Copyright 2016 Red Hat, Inc. and/or its affiliates
 3 | # and other contributors as indicated by the @author tags.
 4 | #
 5 | # Licensed under the Apache License, Version 2.0 (the "License");
 6 | # you may not use this file except in compliance with the License.
 7 | # You may obtain a copy of the License at
 8 | #
 9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | 
18 | tbrady=superbowl


--------------------------------------------------------------------------------
/user-storage-simple/src/test/java/org/keycloak/quickstart/util/StorageManager.java:
--------------------------------------------------------------------------------
 1 | package org.keycloak.quickstart.util;
 2 | 
 3 | import java.io.FileWriter;
 4 | import java.io.IOException;
 5 | import java.nio.file.Files;
 6 | import java.nio.file.Path;
 7 | import java.util.Properties;
 8 | 
 9 | /**
10 |  * @author Bruno Oliveira
11 |  */
12 | public class StorageManager {
13 | 
14 |     private static final String TMP_DIR_PREFIX = "user_storage_";
15 |     private static final Properties props = new Properties();
16 |     private static Path file;
17 | 
18 |     public static String getPropertyFile() {
19 |         return file.toFile().getAbsoluteFile().toString();
20 |     }
21 | 
22 |     public static void createStorage() {
23 |         try {
24 |             Path path = Files.createTempDirectory(TMP_DIR_PREFIX);
25 |             file = path.resolve("example-users.properties");
26 |         } catch (IOException e) {
27 |             e.printStackTrace();
28 |         }
29 |     }
30 | 
31 |     public static void addUser(String user, String password) {
32 |         try {
33 |             props.setProperty(user, password);
34 |             FileWriter writer = new FileWriter(file.toFile());
35 |             props.store(writer, "Added user");
36 |             writer.close();
37 |         } catch (IOException e) {
38 |             e.printStackTrace();
39 |         }
40 |     }
41 | 
42 |     public static void deleteStorage() {
43 |         try {
44 |             Files.delete(file);
45 |         } catch (IOException e) {
46 |             e.printStackTrace();
47 |         }
48 |     }
49 | }
50 | 


--------------------------------------------------------------------------------
/user-storage-simple/src/test/resources/arquillian.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
12 | 
16 | 
17 |     
18 |     
19 |         
20 |             127.0.0.1
21 |             10090
22 |             admin
23 |             admin
24 |         
25 |     
26 | 
27 |     
28 |         phantomjs
29 |     
30 | 
31 | 


--------------------------------------------------------------------------------