Keycloak

by

Example

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

SpringBoot

Wildfly

SpringBoot

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Secure Wildfly

Add Keycloak modules from adapter to Wildfly

Get adapter: keycloak-wildfly-adapter-dist-x.x.x.Final

Add keycloak extension to Wildfly

Install Keycloak on Wildfly

Secure Wildfly

Add keycloak.json to WEB-INF directory

Add security constraint and login config to web.xml

Secure Application

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Flight Plan</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
    	<auth-constraint>
	    <role-name>pilot</role-name>
	</auth-constraint>
</security-constraint>

<login-config>
	<auth-method>KEYCLOAK</auth-method>
</login-config>

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Secure Spring

Add path to keycloak.json

Add spring security adapter library

Spring Security Adapter

compile "org.keycloak:keycloak-spring-security-adapter:$keycloakVersion"
keycloak:
    configurationFile: classpath:keycloak.json

Secure Spring

Add spring security configuration

Spring Security Adapter

@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakConfiguration extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        httpSecurity
                .authorizeRequests()
                .antMatchers("/*").hasAuthority("pilot");
    }
}

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Secure Spring

Add keycloak configuration

Add keycloak spring boot starter

Spring Boot Starter

compile 'org.keycloak:keycloak-spring-boot-adapter:$keycloakVersion'
compile 'org.keycloak:keycloak-tomcat8-adapter:$keycloakVersion'
keycloak.realm: RealmName
keycloak.realmKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A.......
keycloak.auth-server-url: http://keycloak-host:8080/auth
keycloak.ssl-required: external
keycloak.resource: clientName
keycloak.public-client: true

keycloak.securityConstraints[0].securityCollections[0].name: securityCollectionName
keycloak.securityConstraints[0].securityCollections[0].authRoles[0]: roleName
keycloak.securityConstraints[0].securityCollections[0].patterns[0]: urlPattern

No support for Undertow :(

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Secure Rest

Spring RestTemplate

@Configuration
public class RestConfiguration {

    @Autowired
    KeycloakClientRequestFactory keycloakClientRequestFactory;

    @Bean
    @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
    public RestTemplate restTemplate() {
        return new KeycloakRestTemplate(keycloakClientRequestFactory);
    }
}
@Configuration
public class RestConfiguration {

    @Bean
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }
}

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Secure Rest

JEE JAX-RS Client

public class RestClientProvider {

    @Inject
    HttpServletRequest httpServletRequest;

    @Produces
    public Client provideRestClient() {
        return ClientBuilder
                .newClient()
                .register(new KeycloakAuthHeadersRequestFilter(httpServletRequest));
    }
}
public class RestClientProvider {

    @Produces
    public Client provideRestClient() {
        return ClientBuilder.newClient();
    }
}

Secure Rest

Spring RestTemplate

public class KeycloakAuthHeadersRequestFilter implements ClientRequestFilter {

    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String TOKEN_TYPE = "Bearer ";

    private final HttpServletRequest httpServletRequest;

    public KeycloakAuthHeadersRequestFilter(HttpServletRequest httpServletRequest) {
        this.httpServletRequest = httpServletRequest;
    }

    @Override
    public void filter(ClientRequestContext requestContext) throws IOException {
        requestContext
                .getHeaders()
                .add(AUTHORIZATION_HEADER, TOKEN_TYPE + getTokenString());
    }

    private String getTokenString() {
        KeycloakPrincipal keycloakPrincipal =
                (KeycloakPrincipal) httpServletRequest.getUserPrincipal();

        return keycloakPrincipal
                .getKeycloakSecurityContext()
                .getTokenString();
    }
}

@BOZ

Traffic

parser

receiver

validator

trajectory

Flight Plan Service

Thank You

Made with Slides.com