Skip to content

Instantly share code, notes, and snippets.

@thomasdarimont

thomasdarimont/application.yml

Last active November 14, 2019 17:40
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thomasdarimont/6a693b1c4a281517aa82166d0bc87fb6 to your computer and use it in GitHub Desktop.
Save thomasdarimont/6a693b1c4a281517aa82166d0bc87fb6 to your computer and use it in GitHub Desktop.
Download ZIP
Hello OAuth Groovy example (Keycloak + Spring Security OAuth)
Raw
readme.md

Simple Spring Security OAuth Example with Keycloak

Start keycloak

docker run \
  -d \
  -e KEYCLOAK_USER=admin \
  -e KEYCLOAK_PASSWORD=admin \
  --name keycloak-demo \
  -p 8081:8080 \
  jboss/keycloak:3.0.0.Final

Goto the Admin Console

Browse to http://localhost:8081/auth

Create a new realm spring-security-sso

Import the demo client

Goto realm -> Clients -> Create -> Import -> Select demo.json

After the import goto Clients -> demo -> credentials and copy the client secret. We'll need this for the application.yml in a few minutes.

Create a test user "tester"

You need to set firstname and lastname (e.g. Theo Tester) since this will be used in the app as the principal.name by default. Set a password on the credentials tab -> use "test", temporary: off then click "reset password".

Now we're ready with keycloak.

Install the spring boot cli

Run the app

spring run hello-oauth.groovy

Goto localhost:8080

You'll be redirected to the Keycloak login. After login you get back to the application and see your greeting.

You should see something like: Hello Theo Tester

That's it.

Have fun!

Cheers, Thomas

Raw
application.yml
security:
oauth2:
client:
# clientId in keycloak
clientId: demo
# clientSecret in keycloak
clientSecret: xxxx
# From Authorization Server's metadata
# Keycloak realm is spring-security-sso
accessTokenUri: http://localhost:8081/auth/realms/spring-security-sso/protocol/openid-connect/token
userAuthorizationUri: http://localhost:8081/auth/realms/spring-security-sso/protocol/openid-connect/auth
clientAuthenticationScheme: form
resource:
# from your Auth Server's metadata, check .well-known/openid-configuration if not in .well-known/oauth-authorization-server
userInfoUri: http://localhost:8081/auth/realms/spring-security-sso/protocol/openid-connect/userinfo
preferTokenInfo: false
Raw
demo.json
{
"id": "65488c37-d3e4-4ee3-b1a1-76e404c6658a",
"clientId": "demo",
"baseUrl": "http://localhost:8080",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://localhost:8080/*"
],
"webOrigins": [
"http://localhost:8080"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.multivalued.roles": "false",
"saml.force.post.binding": "false",
"saml.encrypt": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"saml.authnstatement": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"saml.onetimeuse.condition": "false"
},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "f0085db6-d0c1-47d5-8eaa-02e8c3d9c793",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${familyName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "a4a108d4-8c63-492f-893a-b441f2529b64",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
},
{
"id": "39ef8193-3227-4e80-8005-d13a0e004397",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${givenName}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "b6edaa07-cb36-42f5-9ffa-d7e443b06cd6",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": true,
"consentText": "${fullName}",
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"id": "8eb418ad-f663-4e50-bcf8-0a7b7ebf3ec8",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${email}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "056da5b0-c399-4037-bff1-b72a45a120ca",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": true,
"consentText": "${username}",
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
}
],
"useTemplateConfig": false,
"useTemplateScope": false,
"useTemplateMappers": false
}
Raw
hello-oauth.groovy
@Grab('spring-boot-starter-security')
@EnableOAuth2Sso
@RestController
class Application {
@RequestMapping('/')
String home(java.security.Principal user) {
'Hello ' + user.name
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment