Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.

README.adoc

Integration of Keycloak and Dropwizard

About

Summary

This project shows how JBoss Keycloak and Dropwizard can be used together.

To read this tutorial fully rendered, please visit: https://ahus1.github.io/keycloak-dropwizard-integration/tutorial.html.

JBoss Keycloak provides a standalone OAuth 2.0 and Open ID Connect server. It handles user credentials for your application, so you can focus on business requirements.

Dropwizard is a Java framework for developing ops-friendly, high-performance, RESTful web services.

TL;DR: The module keycloak-dropwizard-jaxrs-example shows how to use Dropwizard’s @Auth annotation with Keycloak using a full OAuth flow. If you have i.e. a JavaScript-Client and want to send only JWT Tokens, go directly to keycloak-dropwizard-bearermodule

At the time I write this there is no open source integration of the two, so I set up this project. See https://github.com/ahus1/keycloak-dropwizard-integration for the latest version.

How to use

The module keycloak-dropwizard-jaxrs is a ready-to-use Dropwizard module. The releases are available from Maven central.

The releases depend on a version of Dropwizard and Keycloak that was current at release time. To use a more recent release, please add them as an explicit dependency to your project, as this project will not release new versions on every minor or patch release of its dependencies.

Maven Central Build Status

  • Version 0.7.x is tested with Keycloak 1.9.x and Dropwizard 0.9.x

  • Version 0.8.x is tested with Keycloak 2.x.x and Dropwizard 0.9.x

  • Version 0.9.x is tested with Keycloak 2.x.x/3.x.x and Dropwizard 1.0.x

  • Version 1.0.x is tested with Keycloak 3.x.x and Dropwizard 1.1.x/1.2.x/1.3.x

  • Version 1.1.x is tested with Keycloak 4.x-11.x and Dropwizard 1.3.x/2.0.x

Warning

Starting with Dropwizard 2.0 and the included version of Jersey, a login performed during a POST for a form will not recover the contents of the POST. This is wired into Keycloak’s JettyAdapterSessionStore (that restores the content type and the parameters to the request), but Jersey’s InboundMessageContext that wants to read the information the request’s header and the body. See the shouldLoginFromPost() test case for an example.

pom.xml
<dependencies>
  <dependency>
    <groupId>de.ahus1.keycloak.dropwizard</groupId>
    <artifactId>keycloak-dropwizard</artifactId>
    <version>x.x.x</version>
  </dependency>
</dependencies>

The most recent development version (based on the master branch on GitHub) is available from the Sonatype OSS Snapshot Repository. To use it, include the following repository in your pom.xml.

pom.xml
<repositories>
    <repository>
        <id>snapshots-repo</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
        <releases><enabled>false</enabled></releases>
        <snapshots><enabled>true</enabled></snapshots>
    </repository>
</repositories>

Prerequisites

These examples need a local JBoss Keycloak instance with Realm test and user demo with password demo.

Please download the Keycloak distribution matching your keycloak-dropwizard-integration version from http://keycloak.org and extract it to a subfolder keycloak-server of this directory. Then call keycloak-server.bat to import an already configured realm. Using this startup file the configuration will be reset every time you start Keycloak.

Parts

This example will guide you through setting up JBoss Keycloak in several configurations:

For completeness and as a very simple getting started a standard Servlet configuration is also included (without and with Keycloak):

License

Copyright 2015-2020 Alexander Schwartz

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You can’t perform that action at this time.