-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
integrate keycloak in springboot thymleaf
- Loading branch information
1 parent
e990162
commit b01682e
Showing
16 changed files
with
721 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
/mvnw text eol=lf | ||
*.cmd text eol=crlf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
HELP.md | ||
target/ | ||
!.mvn/wrapper/maven-wrapper.jar | ||
!**/src/main/**/target/ | ||
!**/src/test/**/target/ | ||
|
||
### STS ### | ||
.apt_generated | ||
.classpath | ||
.factorypath | ||
.project | ||
.settings | ||
.springBeans | ||
.sts4-cache | ||
|
||
### IntelliJ IDEA ### | ||
.idea | ||
*.iws | ||
*.iml | ||
*.ipr | ||
|
||
### NetBeans ### | ||
/nbproject/private/ | ||
/nbbuild/ | ||
/dist/ | ||
/nbdist/ | ||
/.nb-gradle/ | ||
build/ | ||
!**/src/main/**/build/ | ||
!**/src/test/**/build/ | ||
|
||
### VS Code ### | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
wrapperVersion=3.3.2 | ||
distributionType=only-script | ||
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
FROM openjdk:11-jdk-slim | ||
COPY target/*.jar app.jar | ||
ENTRYPOINT ["java","-jar","/app.jar"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
version: '3' | ||
|
||
services: | ||
keycloak: | ||
image: quay.io/keycloak/keycloak:latest | ||
environment: | ||
KEYCLOAK_ADMIN: admin | ||
KEYCLOAK_ADMIN_PASSWORD: admin | ||
ports: | ||
- "8088:8080" | ||
command: | ||
- start-dev | ||
|
||
app: | ||
build: . | ||
ports: | ||
- "8082:8082" | ||
depends_on: | ||
- keycloak |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
### If you don't want the SSO configuration | ||
```java | ||
package com.bansikah.keycloakdemo.config; | ||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
|
||
@Configuration | ||
@EnableWebSecurity | ||
public class SecurityConfig { | ||
|
||
@Bean | ||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | ||
http | ||
.authorizeHttpRequests(authorize -> authorize | ||
.requestMatchers("/").permitAll() | ||
.requestMatchers("/menu").authenticated() | ||
.anyRequest().authenticated() | ||
) | ||
.oauth2Login(oauth2 -> oauth2 | ||
.loginPage("/oauth2/authorization/keycloak") | ||
.defaultSuccessUrl("/menu", true) | ||
) | ||
.logout(logout -> logout | ||
.logoutSuccessHandler((request, response, authentication) -> { | ||
String keycloakLogout = "http://localhost:8088/realms/food-ordering-realm/protocol/openid-connect/logout"; | ||
String redirectUri = "http://localhost:8082/"; | ||
response.sendRedirect(keycloakLogout + "?redirect_uri=" + URLEncoder.encode(redirectUri, StandardCharsets.UTF_8)); | ||
}) | ||
); | ||
return http.build(); | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,259 @@ | ||
#!/bin/sh | ||
# ---------------------------------------------------------------------------- | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
# ---------------------------------------------------------------------------- | ||
|
||
# ---------------------------------------------------------------------------- | ||
# Apache Maven Wrapper startup batch script, version 3.3.2 | ||
# | ||
# Optional ENV vars | ||
# ----------------- | ||
# JAVA_HOME - location of a JDK home dir, required when download maven via java source | ||
# MVNW_REPOURL - repo url base for downloading maven distribution | ||
# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven | ||
# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output | ||
# ---------------------------------------------------------------------------- | ||
|
||
set -euf | ||
[ "${MVNW_VERBOSE-}" != debug ] || set -x | ||
|
||
# OS specific support. | ||
native_path() { printf %s\\n "$1"; } | ||
case "$(uname)" in | ||
CYGWIN* | MINGW*) | ||
[ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" | ||
native_path() { cygpath --path --windows "$1"; } | ||
;; | ||
esac | ||
|
||
# set JAVACMD and JAVACCMD | ||
set_java_home() { | ||
# For Cygwin and MinGW, ensure paths are in Unix format before anything is touched | ||
if [ -n "${JAVA_HOME-}" ]; then | ||
if [ -x "$JAVA_HOME/jre/sh/java" ]; then | ||
# IBM's JDK on AIX uses strange locations for the executables | ||
JAVACMD="$JAVA_HOME/jre/sh/java" | ||
JAVACCMD="$JAVA_HOME/jre/sh/javac" | ||
else | ||
JAVACMD="$JAVA_HOME/bin/java" | ||
JAVACCMD="$JAVA_HOME/bin/javac" | ||
|
||
if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then | ||
echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 | ||
echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 | ||
return 1 | ||
fi | ||
fi | ||
else | ||
JAVACMD="$( | ||
'set' +e | ||
'unset' -f command 2>/dev/null | ||
'command' -v java | ||
)" || : | ||
JAVACCMD="$( | ||
'set' +e | ||
'unset' -f command 2>/dev/null | ||
'command' -v javac | ||
)" || : | ||
|
||
if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then | ||
echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 | ||
return 1 | ||
fi | ||
fi | ||
} | ||
|
||
# hash string like Java String::hashCode | ||
hash_string() { | ||
str="${1:-}" h=0 | ||
while [ -n "$str" ]; do | ||
char="${str%"${str#?}"}" | ||
h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) | ||
str="${str#?}" | ||
done | ||
printf %x\\n $h | ||
} | ||
|
||
verbose() { :; } | ||
[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } | ||
|
||
die() { | ||
printf %s\\n "$1" >&2 | ||
exit 1 | ||
} | ||
|
||
trim() { | ||
# MWRAPPER-139: | ||
# Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. | ||
# Needed for removing poorly interpreted newline sequences when running in more | ||
# exotic environments such as mingw bash on Windows. | ||
printf "%s" "${1}" | tr -d '[:space:]' | ||
} | ||
|
||
# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties | ||
while IFS="=" read -r key value; do | ||
case "${key-}" in | ||
distributionUrl) distributionUrl=$(trim "${value-}") ;; | ||
distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; | ||
esac | ||
done <"${0%/*}/.mvn/wrapper/maven-wrapper.properties" | ||
[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties" | ||
|
||
case "${distributionUrl##*/}" in | ||
maven-mvnd-*bin.*) | ||
MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ | ||
case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in | ||
*AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; | ||
:Darwin*x86_64) distributionPlatform=darwin-amd64 ;; | ||
:Darwin*arm64) distributionPlatform=darwin-aarch64 ;; | ||
:Linux*x86_64*) distributionPlatform=linux-amd64 ;; | ||
*) | ||
echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 | ||
distributionPlatform=linux-amd64 | ||
;; | ||
esac | ||
distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" | ||
;; | ||
maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; | ||
*) MVN_CMD="mvn${0##*/mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; | ||
esac | ||
|
||
# apply MVNW_REPOURL and calculate MAVEN_HOME | ||
# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash> | ||
[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" | ||
distributionUrlName="${distributionUrl##*/}" | ||
distributionUrlNameMain="${distributionUrlName%.*}" | ||
distributionUrlNameMain="${distributionUrlNameMain%-bin}" | ||
MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" | ||
MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" | ||
|
||
exec_maven() { | ||
unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : | ||
exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" | ||
} | ||
|
||
if [ -d "$MAVEN_HOME" ]; then | ||
verbose "found existing MAVEN_HOME at $MAVEN_HOME" | ||
exec_maven "$@" | ||
fi | ||
|
||
case "${distributionUrl-}" in | ||
*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; | ||
*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; | ||
esac | ||
|
||
# prepare tmp dir | ||
if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then | ||
clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } | ||
trap clean HUP INT TERM EXIT | ||
else | ||
die "cannot create temp dir" | ||
fi | ||
|
||
mkdir -p -- "${MAVEN_HOME%/*}" | ||
|
||
# Download and Install Apache Maven | ||
verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." | ||
verbose "Downloading from: $distributionUrl" | ||
verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" | ||
|
||
# select .zip or .tar.gz | ||
if ! command -v unzip >/dev/null; then | ||
distributionUrl="${distributionUrl%.zip}.tar.gz" | ||
distributionUrlName="${distributionUrl##*/}" | ||
fi | ||
|
||
# verbose opt | ||
__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' | ||
[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v | ||
|
||
# normalize http auth | ||
case "${MVNW_PASSWORD:+has-password}" in | ||
'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; | ||
has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; | ||
esac | ||
|
||
if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then | ||
verbose "Found wget ... using wget" | ||
wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" | ||
elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then | ||
verbose "Found curl ... using curl" | ||
curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" | ||
elif set_java_home; then | ||
verbose "Falling back to use Java to download" | ||
javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" | ||
targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" | ||
cat >"$javaSource" <<-END | ||
public class Downloader extends java.net.Authenticator | ||
{ | ||
protected java.net.PasswordAuthentication getPasswordAuthentication() | ||
{ | ||
return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); | ||
} | ||
public static void main( String[] args ) throws Exception | ||
{ | ||
setDefault( new Downloader() ); | ||
java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); | ||
} | ||
} | ||
END | ||
# For Cygwin/MinGW, switch paths to Windows format before running javac and java | ||
verbose " - Compiling Downloader.java ..." | ||
"$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" | ||
verbose " - Running Downloader.java ..." | ||
"$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" | ||
fi | ||
|
||
# If specified, validate the SHA-256 sum of the Maven distribution zip file | ||
if [ -n "${distributionSha256Sum-}" ]; then | ||
distributionSha256Result=false | ||
if [ "$MVN_CMD" = mvnd.sh ]; then | ||
echo "Checksum validation is not supported for maven-mvnd." >&2 | ||
echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 | ||
exit 1 | ||
elif command -v sha256sum >/dev/null; then | ||
if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c >/dev/null 2>&1; then | ||
distributionSha256Result=true | ||
fi | ||
elif command -v shasum >/dev/null; then | ||
if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then | ||
distributionSha256Result=true | ||
fi | ||
else | ||
echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 | ||
echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 | ||
exit 1 | ||
fi | ||
if [ $distributionSha256Result = false ]; then | ||
echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 | ||
echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 | ||
exit 1 | ||
fi | ||
fi | ||
|
||
# unzip and move | ||
if command -v unzip >/dev/null; then | ||
unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" | ||
else | ||
tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" | ||
fi | ||
printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/mvnw.url" | ||
mv -- "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" | ||
|
||
clean || : | ||
exec_maven "$@" |
Oops, something went wrong.