Giters

suyambuganesh / embedded-spring-boot-keycloak-server

Keycloak JAX-RS application embedded in a Spring-Boot App.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Embedded Keycloak Server running in a Spring Boot App

This project provides an embedded Authentication and Authorization Server based on Keycloak and Spring Boot.
The idea is to have a variant of Keycloak-X but based on Spring Boot instead of Quarkus.

Keycloak is embedded by hosting it's JAX-RS Application in a Spring-Boot environment.

Modules

embedded-spring-boot-keycloak-server-support

This module contains the necessary bits to embed a Keycloak server in a Spring Boot app.

embedded-spring-boot-keycloak-server-plain

This module contains the raw embed a Keycloak server in a Spring Boot app without additional customizations.

embedded-spring-boot-keycloak-server-custom

This module contains the embed a Keycloak server in a Spring Boot app with additional customizations.

Build

To build the embedded Spring Boot Keycloak Server, run the following command: Note: we use the install goal to install the artifacts into the local maven repository
in order to be able to consume the artifacts in our customization project.

mvn clean install

Run

To run the plain embedded keycloak server app, you can execute the following command:

java -jar embedded-spring-boot-keycloak-server-plain/target/*.jar

The embedded Keycloak server is now reachable via http://localhost:8080/auth

Configuration

The Keycloak server part can be configured via Spring Boot configuration mechanism.
See embedded-spring-boot-keycloak-server-plain/application.yml for a list of configurable settings.

Customizing

The embedded-spring-boot-keycloak-server-custom example project demonstrates how one can use the
embedded-spring-boot-keycloak-server-support library to create an embedded Keycloak server with additional
customizations like Keycloak extensions and a custom theme.

Clustering

The embedded Keycloak server uses JGroups for Peer-to-Peer cluster communication and Infinispan for
managing distributed caches like SSO-Sessions etc.

JGroups Clustering can be configured via the jgroups.xml configuration file.
Infinispan distributed caches can be configured via the infinispan.xml configuration file.

By default JGroups is configured with TCPPING discovery which requires a list of initial hostnames to join a cluster. If you want another JGroups discovery mechanism like, e.g. dnsping or kube_ping, then you just need to adapt the jgroups.xml configuration file. Note that some discovery strategies like kube_ping need additional jars in the classpath.

Note, that you need to use a centralized database if you want to really leverage a clustered embedded Keycloak.

To see the clustering in action, you can run the following command on two nodes:

Run on Node1:

java  -Djgroups.tcpping.initial_hosts='node1[7800],node2[7800]' -jar target/*.jar

Run on Node2:

java  -Djgroups.tcpping.initial_hosts='node1[7800],node2[7800]' -jar target/*.jar

If the clustering works you should see messages like:

2020-04-19 11:29:16.665  INFO 17055 --- [PN,neumann-3283] org.infinispan.CLUSTER                   : ISPN000094: Received new cluster view for channel ISPN: [neumann-3283|1] (2) [neumann-3283, gauss-45273]
2020-04-19 11:29:16.668  INFO 17055 --- [PN,neumann-3283] org.infinispan.CLUSTER                   : ISPN100000: Node gauss-45273 joined the cluster
2020-04-19 11:29:17.005  INFO 17055 --- [e-thread--p2-t2] org.infinispan.CLUSTER                   : [Context=org.infinispan.CONFIG] ISPN100002: Starting rebalance with members [neumann-3283, gauss-45273], phase READ_OLD_WRITE_ALL, topology id 2
...

About

Keycloak JAX-RS application embedded in a Spring-Boot App.

License:Apache License 2.0

Languages

Language:Java 100.0%