Skip to content
/ keycloak-samples Public

Samples for Keycloak including an frontend app and a backend

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sonerd/keycloak-samples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
etc
etc
 
 
favourites-api
favourites-api
 
 
favourites-app
favourites-app
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
pom.xml
pom.xml
 
 
run.sh
run.sh
 
 

Repository files navigation

Samples

Prerequisites

  • java 1.8
  • docker
  • maven

Favourites API

The sample favourite API (resource server in context of OAuth) shows how a backend application can be secured with Bearer Tokens issued by keycloak (authorisation server in context of OAuth). The sample has an /favourites/{username} endpoint which returns the favourites for the specified user. To call this endpoint an access token which includes a specific role is required. The access token can be retrieved by calling the token endpoint provided by keycloak:

POST the client_id, grant_type, client_secret, username and password as form parameters to following endpoint:

http://auth.company.com/auth/realms/my-apps/protocol/openid-connect/token

The response will include an access_token which can be copied and passed as Authorization Bearer <access_token> header parameter to call /favourites/{username}.

This project also includes an integration test FavouritesResourceIntegrationTest based on testcontainers (www.testcontainers.org). The integration test is preparing the keycloak with a given realm setting which includes the needed realm, clients, roles and users to test the authentication and authorization. You can run FavouritesResourceIntegrationTest on your local machine.

The security setup of the project is done by using spring-security.

Favourites App

This app includes a frontend (public client) secured by keycloak. In case you open a secured resource in the browser you will redirected to keycloak to login. After successful login you will be redirected back to the requested resource.

The security setup of the project is done by using the keycloak adapters for spring-boot and spring-security.

How to run

The samples are running behind nginx reverse proxy as you can see in the docker-compose.yaml. To access the apps by the configured URLs add this lines to your hosts file:

127.0.0.1       favourites-api.company.com
127.0.0.1       favourites-app.company.com
127.0.0.1       auth.company.com

To run the samples just execute the run.sh which will start keycloak with the needed realm settings, the favourites-app and the favourites-api. All applications are behind a nginx reverse proxy.

  • To open keycloak admin console go to http://auth.company.com/auth/admin/master/console/#/realms/my-apps in your browser.
  • To open the favourites-app go to http://favourites-app.company.com in your browser. When you click the My favourites you will be redirected to keycloak for login.
  • The user peter/password is allowed to access the requested page
  • The user tom/password is not allowed to access the requested page which result in a redirection to a custom access denied page

About

Samples for Keycloak including an frontend app and a backend

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages