This repo implements the concept of Authorization Services using Keycloak as Authorization Server.
You can see the presentation on this file.
- Java 8 or greater
- Apache Maven
- Git
- Docker
- Jq tool
Run this Docker command to create a mysql database.
$ docker run -p 8090:8080 -e KEYCLOAK_USER=carloselpapa10 -e KEYCLOAK_PASSWORD=123456 jboss/keycloak
User: carloselpapa10
PWD: 123456
Once you have installed Keycloak, import the realm located on this file.
$ mvn spring-boot:run
Get the access token value using jq tool.
$ export access_token=$(\
curl -X POST http://localhost:8090/auth/realms/spring-boot-quickstart/protocol/openid-connect/token \
-H 'Authorization: Basic Y2F2ZW5kYW5vYToxMjM0NTY=' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'username=alice&password=123456&grant_type=password&client_id=app-authz-rest-springboot&client_secret=b854f8c1-fc72-47ce-9299-b14ce004858e' | jq-win64.exe --raw-output '.access_token')'
Note that the user used to get the token is alice. Change it to jdoe or cavendanoa to see different results when requesting the Resource Server.
Check if the access_token variable contains the requested token.
$ echo $access_token
Default Resource '/'
$ curl -v -X GET http://localhost:8888/ -H "Authorization: Bearer "$access_token
Default Resource '/api/resourcea'
$ curl -v -X GET http://localhost:8888/api/resourcea -H "Authorization: Bearer "$access_token
Default Resource '/api/resourceb'
$ curl -v -X GET http://localhost:8888/api/resourceb -H "Authorization: Bearer "$access_token
Premium Resource - Scope: View '/api/premium'
curl -v -X GET http://localhost:8888/api/premium -H "Authorization: Bearer "$access_token
Premium Resource - Scope: Delete '/api/premium'
curl -v -X DELETE http://localhost:8888/api/premium -H "Authorization: Bearer "$access_token
Admin Resource - Scope: Delete '/api/admin'
curl -v -X GET http://localhost:8888/api/admin -H "Authorization: Bearer "$access_token