Giters

vicboma1 / sample-spring-security-microservices

Demo illustrating the usage of Spring Security in microservices built on top of Spring Boot and Spring Cloud

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

test Hits

Spring Cloud Gateway OAuth2 with Keycloak

Original article and sources code - SPRING CLOUD GATEWAY OAUTH2 WITH KEYCLOAK by Piotr Minkowski. I've automated Keycloak population with Clients and Client Scopes and introduced further changes.

Clone source code

git@github.com:AndriyKalashnykov/sample-spring-security-microservices.git

cd sample-spring-security-microservices

Configure and Run Keycloak

Script will run Keycloak Docker container and create Client Scope TEST along with Clients: spring-with-test-scope and spring-without-test-scope

./scripts/run-keycloak.sh

The automation magic

# removed for brevity
docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user spring --password spring123 && \
docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh create -x "client-scopes" -r master -s name=TEST -s protocol=openid-connect && \
docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh create clients -r master -s clientId=spring-without-test-scope -s enabled=true -s clientAuthenticatorType=client-secret -s secret=f6fc369d-49ce-4132-8282-5b5d413eba23 -s 'redirectUris=["*"]' && \
docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh create clients -r master -s clientId=spring-with-test-scope -s enabled=true -s clientAuthenticatorType=client-secret -s secret=c6480137-1526-4c3e-aed3-295aabcb7609  -s 'redirectUris=["*"]' -s 'defaultClientScopes=["TEST", "web-origins", "profile", "roles", "email"]'
# removed for brevity

Clients are created with same values of client-secret as in ./gateway/src/manin/java/resources/application.yaml

spring:
  security:
    oauth2:
      client:
        ...
        registration:
          keycloak-with-test-scope:
            ...
            client-id: spring-with-test-scope
            client-secret: c6480137-1526-4c3e-aed3-295aabcb7609
          keycloak-without-test-scope:
            ...
            client-id: spring-without-test-scope
            client-secret: f6fc369d-49ce-4132-8282-5b5d413eba23

Now you can log into Keycloak web UI at http://localhost:8888/ user : spring password: spring123

Run callme service

cd ./callme/
mvn clean package -DskipTests spring-boot:run

Run gateway service

cd ./gateway/
mvn clean package -DskipTests spring-boot:run

Log into gateway service

Now you can log into gateway service Keycloak web UI at http://localhost:8060/ user : spring password: spring123

About

Demo illustrating the usage of Spring Security in microservices built on top of Spring Boot and Spring Cloud

Languages

Language:Shell 61.1%Language:Java 38.9%