Skip to content

Latest commit

 

History

History
67 lines (38 loc) · 2.71 KB

readme.adoc

File metadata and controls

67 lines (38 loc) · 2.71 KB
Raw

Camel Example Undertow Spring Security with Keycloak

This example shows the undertow component with spring security using one of the supported authentication providers: Keycloak

The example starts up a spring-boot application that is authenticated via bearer token with keycloak server.

Setting up a Keycloak server

Running configured keycloak server is required for this demo.

To prepare Keycloak server, use docker-compose according the following examples.

After logging into the Administration Console of the keycloak server:

  • Create a realm using import (exported file realm-export.json is prepared in the root of this example). It will create realm "example-app", with client example-service and roles role01 and role02.

  • Create a user for each roles (user01 with role role01 and user02 with role role02).

When the Keycloak server is configured and running, retrieve access tokens for both users.

You can use following commands (use correct secrets and names) to retrieve both tokens:

curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user01-name>" -d "password=<user01-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'

and

curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user02-name>" -d "password=<user02-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'

Keep both generated tokens for later use.

Running the example

Now that everything is set up, you can run the example using

mvn spring-boot:run

Notice that route contains allowedRoles parameter with value role02.

You can verify that the endpoint (http://localhost:8082/hi) is secured with the Keycloak server by executing following requests:

  • Request without authentication token returns 401 Unauthorized

    curl -I -X GET http://localhost:8082/hi

  • Request with the token for user01 (with role01) returns 403 Forbidden

    curl -I -X GET -H "Authorization: Bearer <user01-token>" http://localhost:8082/hi

  • Request with the token for user02 (with role02) returns 200 OK and you can see a message in application console log: "Hello <user01-name>!"

    curl -I -X GET -H "Authorization: Bearer <user02-token>" http://localhost:8082/hi

Help and contributions

If you hit any problem using Camel or have some feedback, then please let us know.

We also love contributors, so get involved :-)

The Camel riders!