@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
SpringBoot
Wildfly
SpringBoot
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
Add Keycloak modules from adapter to Wildfly
Get adapter: keycloak-wildfly-adapter-dist-x.x.x.Final
Add keycloak extension to Wildfly
Install Keycloak on Wildfly
Add keycloak.json to WEB-INF directory
Add security constraint and login config to web.xml
Secure Application
<security-constraint>
<web-resource-collection>
<web-resource-name>Flight Plan</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>pilot</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
</login-config>
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
Add path to keycloak.json
Add spring security adapter library
Spring Security Adapter
compile "org.keycloak:keycloak-spring-security-adapter:$keycloakVersion"
keycloak:
configurationFile: classpath:keycloak.json
Add spring security configuration
Spring Security Adapter
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakConfiguration extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
super.configure(httpSecurity);
httpSecurity
.authorizeRequests()
.antMatchers("/*").hasAuthority("pilot");
}
}
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
Add keycloak configuration
Add keycloak spring boot starter
Spring Boot Starter
compile 'org.keycloak:keycloak-spring-boot-adapter:$keycloakVersion'
compile 'org.keycloak:keycloak-tomcat8-adapter:$keycloakVersion'
keycloak.realm: RealmName
keycloak.realmKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A.......
keycloak.auth-server-url: http://keycloak-host:8080/auth
keycloak.ssl-required: external
keycloak.resource: clientName
keycloak.public-client: true
keycloak.securityConstraints[0].securityCollections[0].name: securityCollectionName
keycloak.securityConstraints[0].securityCollections[0].authRoles[0]: roleName
keycloak.securityConstraints[0].securityCollections[0].patterns[0]: urlPattern
No support for Undertow :(
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
Spring RestTemplate
@Configuration
public class RestConfiguration {
@Autowired
KeycloakClientRequestFactory keycloakClientRequestFactory;
@Bean
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public RestTemplate restTemplate() {
return new KeycloakRestTemplate(keycloakClientRequestFactory);
}
}
@Configuration
public class RestConfiguration {
@Bean
public RestTemplate restTemplate() {
return new RestTemplate();
}
}
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service
JEE JAX-RS Client
public class RestClientProvider {
@Inject
HttpServletRequest httpServletRequest;
@Produces
public Client provideRestClient() {
return ClientBuilder
.newClient()
.register(new KeycloakAuthHeadersRequestFilter(httpServletRequest));
}
}
public class RestClientProvider {
@Produces
public Client provideRestClient() {
return ClientBuilder.newClient();
}
}
Spring RestTemplate
public class KeycloakAuthHeadersRequestFilter implements ClientRequestFilter {
private static final String AUTHORIZATION_HEADER = "Authorization";
private static final String TOKEN_TYPE = "Bearer ";
private final HttpServletRequest httpServletRequest;
public KeycloakAuthHeadersRequestFilter(HttpServletRequest httpServletRequest) {
this.httpServletRequest = httpServletRequest;
}
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
requestContext
.getHeaders()
.add(AUTHORIZATION_HEADER, TOKEN_TYPE + getTokenString());
}
private String getTokenString() {
KeycloakPrincipal keycloakPrincipal =
(KeycloakPrincipal) httpServletRequest.getUserPrincipal();
return keycloakPrincipal
.getKeycloakSecurityContext()
.getTokenString();
}
}
@BOZ
Traffic
parser
receiver
validator
trajectory
Flight Plan Service