christoph/lecture-professional-software-development
1
Fork 0
Code Activity

add keycloak

Browse Source
This commit is contained in:
killerber4t
2020-03-03 16:44:05 +01:00
parent 382276348a
commit ec69171458
4 changed files with 108 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build.gradle
View File

@ -52,6 +52,8 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.keycloak:keycloak-spring-boot-starter:9.0.0'
implementation 'org.keycloak.bom:keycloak-adapter-bom:3.3.0.Final'
compileOnly 'org.projectlombok:lombok' compileOnly 'org.projectlombok:lombok'
developmentOnly 'org.springframework.boot:spring-boot-devtools' developmentOnly 'org.springframework.boot:spring-boot-devtools'
runtimeOnly 'com.h2database:h2' runtimeOnly 'com.h2database:h2'

18
src/main/java/mops/gruppen2/KeycloakConfig.java Normal file
View File

@ -0,0 +1,18 @@
package mops.gruppen2;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* WORKAROUND for https://issues.redhat.com/browse/KEYCLOAK-11282
* Bean should move into {@link SecurityConfig} once Bug has been resolved
*/
@Configuration
public class KeycloakConfig {
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}

81
src/main/java/mops/gruppen2/SecurityConfig.java Normal file
View File

@ -0,0 +1,81 @@
package mops.gruppen2;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(
new SessionRegistryImpl());
}
@Bean
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
proxyMode = ScopedProxyMode.TARGET_CLASS)
public AccessToken getAccessToken() {
HttpServletRequest request =
((ServletRequestAttributes) RequestContextHolder
.currentRequestAttributes()).getRequest();
return ((KeycloakPrincipal) request.getUserPrincipal())
.getKeycloakSecurityContext().getToken();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/actuator/**")
.hasRole("monitoring")
.anyRequest()
.permitAll();
}
/**
* Declaring this class enables us to use the Spring specific
* {@link org.springframework.security.access.annotation.Secured} annotation
* or the JSR-250 Java Standard
* {@link javax.annotation.security.RolesAllowed} annotation
* for Role-based authorization
*/
@Configuration
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
public static class MethodSecurityConfig
extends GlobalMethodSecurityConfiguration {
}
}

7
src/main/resources/application.properties
View File

@ -8,3 +8,10 @@ spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=root spring.datasource.username=root
spring.datasource.password=geheim spring.datasource.password=geheim
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
keycloak.principal-attribute=preferred_username
keycloak.auth-server-url=https://keycloak.cs.hhu.de/auth
keycloak.realm=MOPS
keycloak.resource=demo
keycloak.public-client=true