trying to use keycloak in a stateless way

tailosoft · Jan 30, 2019 · fb548ff · fb548ff
1 parent 2d664fe
commit fb548ff
Show file tree

Hide file tree

Showing 61 changed files with 1,742 additions and 569 deletions.
diff --git a/.jhipster/Task.json b/.jhipster/Task.json
@@ -0,0 +1,30 @@
+{
+    "name": "Task",
+    "fields": [
+        {
+            "fieldName": "name",
+            "fieldType": "String",
+            "fieldValidateRules": [
+                "required"
+            ]
+        },
+        {
+            "fieldName": "description",
+            "fieldType": "String",
+            "fieldValidateRules": [
+                "required"
+            ]
+        }
+    ],
+    "relationships": [],
+    "changelogDate": "20181217152237",
+    "entityTableName": "task",
+    "dto": "no",
+    "pagination": "no",
+    "service": "no",
+    "jpaMetamodelFiltering": false,
+    "fluentMethods": true,
+    "clientRootFolder": "",
+    "applications": "*",
+    "microserviceName": "micro"
+}
diff --git a/build.gradle b/build.gradle
@@ -193,7 +193,7 @@ dependencies {
     compile "com.fasterxml.jackson.module:jackson-module-afterburner"
     compile "com.ryantenney.metrics:metrics-spring"
     compile "com.hazelcast:hazelcast"
-    compile "com.hazelcast:hazelcast-hibernate53"
+    compile "com.hazelcast:hazelcast-hibernate53:1.3.0"
     compile "com.hazelcast:hazelcast-spring"
     compile "javax.cache:cache-api"
     compile "org.hibernate:hibernate-core"
@@ -237,9 +237,11 @@ dependencies {
     compile "org.springframework.security:spring-security-config"
     compile "org.springframework.security:spring-security-data"
     compile "org.springframework.security:spring-security-web"
-    compile "org.springframework.security.oauth:spring-security-oauth2"
-    compile "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure"
-    compile "org.springframework.security:spring-security-jwt"
+//    compile "org.springframework.security.oauth:spring-security-oauth2"
+//    compile "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure"
+    compile "org.springframework.security:spring-security-oauth2-jose"
+    compile "org.springframework.security:spring-security-oauth2-resource-server"
+
     compile ("io.springfox:springfox-swagger2") {
         exclude module: 'mapstruct'
     }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -21,6 +21,7 @@
     "@ng-bootstrap/ng-bootstrap": "4.0.0",
     "bootstrap": "4.1.3",
     "core-js": "2.5.7",
+    "keycloak-js": "^4.7.0",
     "moment": "2.22.2",
     "ng-jhipster": "0.5.4",
     "ngx-cookie": "2.0.1",

diff --git a/src/main/docker/jhipster-registry.yml b/src/main/docker/jhipster-registry.yml
@@ -10,7 +10,7 @@ services:
         # See https://www.jhipster.tech/microservices-architecture/#registry_app_configuration
         environment:
             - _JAVA_OPTIONS=-Xmx512m -Xms256m
-            - SPRING_PROFILES_ACTIVE=dev,swagger,oauth2
+            - SPRING_PROFILES_ACTIVE=dev,swagger
             - SPRING_SECURITY_USER_PASSWORD=admin
             - JHIPSTER_REGISTRY_PASSWORD=admin
             - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
@@ -19,10 +19,5 @@ services:
             # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
             # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
             # For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
-            - SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI=http://keycloak:9080/auth/realms/jhipster/protocol/openid-connect/token
-            - SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI=http://keycloak:9080/auth/realms/jhipster/protocol/openid-connect/auth
-            - SECURITY_OAUTH2_CLIENT_CLIENT_ID=jhipster-registry
-            - SECURITY_OAUTH2_CLIENT_CLIENT_SECRET=jhipster-registry
-            - SECURITY_OAUTH2_RESOURCE_USER_INFO_URI=http://keycloak:9080/auth/realms/jhipster/protocol/openid-connect/userinfo
         ports:
             - 8761:8761
diff --git a/src/main/docker/keycloak.yml b/src/main/docker/keycloak.yml
@@ -1,8 +1,8 @@
 version: '2'
 services:
   keycloak:
-    image: jboss/keycloak:4.6.0.Final
-    command: ["-b", "0.0.0.0", "-Dkeycloak.migration.action=import", "-Dkeycloak.migration.provider=dir", "-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config", "-Dkeycloak.migration.strategy=OVERWRITE_EXISTING", "-Djboss.socket.binding.port-offset=1000"]
+    image: jboss/keycloak:4.8.3.Final
+    command: ["-b", "0.0.0.0", "-Dkeycloak.migration.action=import", "-Dkeycloak.migration.provider=dir", "-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config", "-Dkeycloak.migration.strategy=IGNORE_EXISTING", "-Djboss.socket.binding.port-offset=1000"]
     volumes:
       - ./realm-config:/opt/jboss/keycloak/realm-config
     environment:

diff --git a/src/main/docker/realm-config/jhipster-realm.json b/src/main/docker/realm-config/jhipster-realm.json
@@ -655,7 +655,7 @@
             "clientAuthenticatorType": "client-secret",
             "secret": "web_app",
             "redirectUris": ["http://localhost:8080/*", "http://localhost:8100/*", "http://127.0.0.1:8761/*", "http://localhost:9000/*"],
-            "webOrigins": ["http://localhost:8080/*", "http://localhost:8100/*", "http://127.0.0.1:8761/*", "http://localhost:9000/*"],
+            "webOrigins": ["http://localhost:8080", "http://localhost:8100", "http://127.0.0.1:8761", "http://localhost:9000"],
             "notBefore": 0,
             "bearerOnly": false,
             "consentRequired": false,
@@ -684,6 +684,20 @@
             "authenticationFlowBindingOverrides": {},
             "fullScopeAllowed": true,
             "nodeReRegistrationTimeout": -1,
+            "protocolMappers": [
+                {
+                    "id": "1827dad9-40e2-44ed-90ca-0bc1fd4b0f9c",
+                    "name": "audience",
+                    "protocol": "openid-connect",
+                    "protocolMapper": "oidc-audience-mapper",
+                    "consentRequired": false,
+                    "config": {
+                        "included.client.audience": "web_app",
+                        "id.token.claim": "true",
+                        "access.token.claim": "true"
+                    }
+                }
+            ],
             "defaultClientScopes": ["jhipster", "role_list", "profile", "email"],
             "optionalClientScopes": ["address", "phone", "offline_access"]
         },

diff --git a/src/main/java/com/mycompany/myapp/client/AuthorizedFeignClient.java b/src/main/java/com/mycompany/myapp/client/AuthorizedFeignClient.java
diff --git a/src/main/java/com/mycompany/myapp/client/OAuth2InterceptedFeignConfiguration.java b/src/main/java/com/mycompany/myapp/client/OAuth2InterceptedFeignConfiguration.java
diff --git a/src/main/java/com/mycompany/myapp/client/TokenRelayRequestInterceptor.java b/src/main/java/com/mycompany/myapp/client/TokenRelayRequestInterceptor.java
diff --git a/src/main/java/com/mycompany/myapp/client/UserFeignClientInterceptor.java b/src/main/java/com/mycompany/myapp/client/UserFeignClientInterceptor.java
@@ -0,0 +1,18 @@
+package com.mycompany.myapp.client;
+
+import com.mycompany.myapp.security.SecurityUtils;
+import feign.RequestInterceptor;
+import feign.RequestTemplate;
+import org.springframework.stereotype.Component;
+
+@Component
+public class UserFeignClientInterceptor implements RequestInterceptor {
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+    private static final String BEARER = "Bearer";
+
+    @Override
+    public void apply(RequestTemplate template) {
+        SecurityUtils.getCurrentUserJWT()
+            .ifPresent(s -> template.header(AUTHORIZATION_HEADER,String.format("%s %s", BEARER, s)));
+    }
+}
diff --git a/src/main/java/com/mycompany/myapp/config/OAuth2Configuration.java b/src/main/java/com/mycompany/myapp/config/OAuth2Configuration.java