add keycloak
This commit is contained in:
killerber4t
@ -52,6 +52,8 @@ dependencies {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web'
|
||||
implementation 'org.keycloak:keycloak-spring-boot-starter:9.0.0'
|
||||
implementation 'org.keycloak.bom:keycloak-adapter-bom:3.3.0.Final'
|
||||
compileOnly 'org.projectlombok:lombok'
|
||||
developmentOnly 'org.springframework.boot:spring-boot-devtools'
|
||||
runtimeOnly 'com.h2database:h2'
|
||||
|
||||
18
src/main/java/mops/gruppen2/KeycloakConfig.java
Normal file
18
src/main/java/mops/gruppen2/KeycloakConfig.java
Normal file
@ -0,0 +1,18 @@
|
||||
package mops.gruppen2;
|
||||
|
||||
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
/**
|
||||
* WORKAROUND for https://issues.redhat.com/browse/KEYCLOAK-11282
|
||||
* Bean should move into {@link SecurityConfig} once Bug has been resolved
|
||||
*/
|
||||
|
||||
@Configuration
|
||||
public class KeycloakConfig {
|
||||
@Bean
|
||||
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
|
||||
return new KeycloakSpringBootConfigResolver();
|
||||
}
|
||||
}
|
||||
81
src/main/java/mops/gruppen2/SecurityConfig.java
Normal file
81
src/main/java/mops/gruppen2/SecurityConfig.java
Normal file
@ -0,0 +1,81 @@
|
||||
package mops.gruppen2;
|
||||
|
||||
import org.keycloak.KeycloakPrincipal;
|
||||
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
|
||||
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
|
||||
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.*;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
|
||||
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
||||
KeycloakAuthenticationProvider keycloakAuthenticationProvider
|
||||
= keycloakAuthenticationProvider();
|
||||
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
|
||||
auth.authenticationProvider(keycloakAuthenticationProvider);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||
return new RegisterSessionAuthenticationStrategy(
|
||||
new SessionRegistryImpl());
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
|
||||
proxyMode = ScopedProxyMode.TARGET_CLASS)
|
||||
public AccessToken getAccessToken() {
|
||||
HttpServletRequest request =
|
||||
((ServletRequestAttributes) RequestContextHolder
|
||||
.currentRequestAttributes()).getRequest();
|
||||
return ((KeycloakPrincipal) request.getUserPrincipal())
|
||||
.getKeycloakSecurityContext().getToken();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
super.configure(http);
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/actuator/**")
|
||||
.hasRole("monitoring")
|
||||
.anyRequest()
|
||||
.permitAll();
|
||||
}
|
||||
|
||||
/**
|
||||
* Declaring this class enables us to use the Spring specific
|
||||
* {@link org.springframework.security.access.annotation.Secured} annotation
|
||||
* or the JSR-250 Java Standard
|
||||
* {@link javax.annotation.security.RolesAllowed} annotation
|
||||
* for Role-based authorization
|
||||
*/
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(
|
||||
prePostEnabled = true,
|
||||
securedEnabled = true,
|
||||
jsr250Enabled = true)
|
||||
public static class MethodSecurityConfig
|
||||
extends GlobalMethodSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
@ -8,3 +8,10 @@ spring.datasource.driverClassName=org.h2.Driver
|
||||
spring.datasource.username=root
|
||||
spring.datasource.password=geheim
|
||||
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
|
||||
|
||||
|
||||
keycloak.principal-attribute=preferred_username
|
||||
keycloak.auth-server-url=https://keycloak.cs.hhu.de/auth
|
||||
keycloak.realm=MOPS
|
||||
keycloak.resource=demo
|
||||
keycloak.public-client=true
|
||||
|
||||
Reference in New Issue
Block a user