keycloak-example added

2026-05-30 10:50:42 +00:00 · 2020-09-22 22:07:38 +04:00
parent 4b261185f5
commit 7a85d8d068
8 changed files with 1895 additions and 0 deletions
@@ -13,3 +13,4 @@
 * *spring-mail-integration-demo* - пример работы с SpringMail через SpringIntegration
 * *spring-mail-rabbitmq-demo* - пример взаимодействия приложений через RabbitMQ
 * *liquibase-demo* - пример работы с liquibase
+* keycloak-example - пример аутентификации/авторизации с помощью сервера keycloak
@@ -0,0 +1,21 @@
+version: "3"
+services:
+  keycloak-container:
+    image: quay.io/keycloak/keycloak:11.0.0
+    
+    command: 
+    
+      -Djboss.socket.binding.port-offset=2
+      
+    restart: always
+    
+    environment:
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      KEYCLOAK_IMPORT: /tmp/realm.json
+      
+    ports:
+      - 8082:8082
+      
+    volumes:
+      - ./realm.json:/tmp/realm.json
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.3.3.RELEASE</version>
+		<relativePath/> <!-- lookup parent from repository -->
+	</parent>
+	<groupId>ru.otus</groupId>
+	<artifactId>resource-app</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<name>resource-app</name>
+	<description>KeyCloack resource app example</description>
+
+	<properties>
+		<java.version>11</java.version>
+		<maven.compiler.source>11</maven.compiler.source>
+		<maven.compiler.target>11</maven.compiler.target>
+	</properties>
+
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.keycloak.bom</groupId>
+				<artifactId>keycloak-adapter-bom</artifactId>
+				<version>11.0.0</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-spring-boot-starter</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>org.junit.vintage</groupId>
+					<artifactId>junit-vintage-engine</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
@@ -0,0 +1,16 @@
+package ru.otus.resourceapp;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+//https://www.baeldung.com/spring-boot-keycloak
+//https://www.baeldung.com/keycloak-custom-user-attributes
+//https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-springboot
+@SpringBootApplication
+public class ResourceAppApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(ResourceAppApplication.class, args);
+	}
+
+}
@@ -0,0 +1,51 @@
+package ru.otus.resourceapp.config;
+
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+@Configuration
+@EnableWebSecurity
+@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
+class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        var keycloakAuthenticationProvider = keycloakAuthenticationProvider();
+        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+        auth.authenticationProvider(keycloakAuthenticationProvider);
+    }
+
+    @Bean
+    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
+        return new KeycloakSpringBootConfigResolver();
+    }
+
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .authorizeRequests()
+                .antMatchers("/secret*").hasRole("user")
+                .anyRequest().permitAll();
+    }
+}
@@ -0,0 +1,28 @@
+package ru.otus.resourceapp.controllers;
+
+import org.keycloak.KeycloakPrincipal;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@RestController
+public class CommonController {
+
+    @GetMapping(path = "/")
+    public String commonData() {
+        return "Абсолютно свободные данные";
+    }
+
+    @SuppressWarnings("rawtypes")
+    @GetMapping(path = "/secret")
+    public String secretData(Principal principal) {
+        var authenticationToken = (KeycloakAuthenticationToken) principal;
+        var kp = (KeycloakPrincipal) authenticationToken.getPrincipal();
+        var token = kp.getKeycloakSecurityContext().getToken();
+
+        return "Жутко секретные данные для пользователя: " + token.getPreferredUsername() +
+                ", \n остальные данные: " + token.getOtherClaims();
+    }
+}
@@ -0,0 +1,5 @@
+keycloak:
+  auth-server-url: http://localhost:8082/auth
+  realm: KCExample
+  resource: resource-app
+  public-client: true