-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathreadme.md.bak
77 lines (36 loc) · 2.17 KB
/
readme.md.bak
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# **JAAS (Java Authentication and Authorization Services)**
Simple example how to setup the JAAS KEYCLOACK adapter. The adapter uses Direct Access Grants method to gain access token from keycloack.
The application will validate (hardcoded) username and password against keycloack (or local debug LoginModule). And check if role exists.
In this example user and password are send in http to keycloack, a https url should be used to make it secure.
## Keycloack docker
For testing, the easiest way is to setup a keycloack docker container
```bash
docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1
```
## Setup keycloack for demo application
* Open 'http://localhost:8080'
* Login on administration console with username 'admin' and password 'admin'
<img src="\doc\images\login.png" alt="Login" />
* Add realm 'realm_demo'
* Add client 'keycloack-demo-client'
* Configure client with access type confidential and direct access grants enabled.
* The client secret can now be found on tab credentials
* Add the role 'example_role_read' to the client
* Add user 'testuser'
* Set password "testpassword' (as defined in LoginCallbackHandler.java)
* Add role ''example_role_read' to client
* Make sure 'keycloack.json' matches the values as set above
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jaas.adoc
https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/java-adapter-config.adoc