Skip to content

Latest commit

 

History

History
106 lines (77 loc) · 5.32 KB

README.md

File metadata and controls

106 lines (77 loc) · 5.32 KB
Raw

Spring Security Multiple Issuers

Build codecov Codacy Badge BCH compliance Quality Gate Status Technical Debt Coverage Lines of Code Maven Central License: MIT

Overview

This repo is used to try and demonstrate how to configure a spring 0Auth2 resource server to work with more than one authorization provider / issuer uri. In this particular case we are using two different instances of keycloak.

Running tests

./gradlew clean spotlessApply build integrationTest

Running locally

To start up two different instances of keycloak with their own realms and users you can run the docker compose command:

docker-compose up -d

This will bring up two local instances of keycloak:

  • The first on http://localhost:8097 that contains a realm demo-realm-1 and two users demo-user-1 and demo-user-2 both with passwords pwd
  • The second on http://localhost:8098 that contains a realm demo-realm-2 and two users demo-user-3 and demo-user-4 both with passwords pwd

To run the service and have it use both instances of keycloak to perform token validation you can run:

./gradlew bootRun

This will start the service on port 8099. If you want to test being able to call the service using either keycloak instance as the token issuer then you can import the postman collection at postman/spring-security-multiple-issuers.postman_collection.json and use the two example requests under each issuer sub folder, each folder is configured with the to generate a token against each keycloak instance.

  • For the first keycloak instance you can use usernames demo-user-1 and demo-user-2 both with the password pwd
  • For the second keycloak instance you can use usernames demo-user-3 and demo-user-4 both with the password pwd

Building docker image locally

To build the docker image locally you can run the following commands:

./gradlew clean buildImage currentVersion

This will build a docker image using the current version number that will also be printed to the console by this command.

Running docker image locally

To run the docker image locally you can run the following command, assuming you have run the command to build the docker image locally beforehand:

docker-compose --profile local-app-docker up -d

This will start the service on port 8099 in the same way the ./gradlew bootRun command does, the only difference in this case is that the application is running inside docker, rather than directly on the local machine.

Note in order for this example to work locally you will also need to updated your /etc/hosts file to add the following two entries:

127.0.0.1       keycloak-1
127.0.0.1       keycloak-2

You will also need to update the postman collection so that the Auth URL and Access Token URL so they both use the appropriate keycloak host name rather than just localhost e.g:

  • http://keycloak-1:8097
  • http://keycloak-2:8098

if you do not do the two steps defined above the authentication will fail because the issuer (iss) claim in the token will not match the issuer uri configured inside the application.

Useful Commands

// cleans build directories
// prints currentVersion
// formats code
// builds code
// runs tests
// checks dependency versions
./gradlew clean currentVersion dependencyUpdates spotlessApply build