Moved Keycloak example from Java to YAML (#39)
Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
diff --git a/keycloak-security-rest/README.adoc b/keycloak-security-rest/README.adoc
index 5d5d0c7..4053618 100644
--- a/keycloak-security-rest/README.adoc
+++ b/keycloak-security-rest/README.adoc
@@ -19,14 +19,7 @@
== Dependencies
-This example requires the `camel-keycloak` component which is automatically loaded via the dependency declaration in the `RestApi.java` file:
-
-[source,java]
-----
-// camel-k: dependency=camel:keycloak
-----
-
-This ensures that the Keycloak security policy classes are available at runtime.
+This example requires the `camel-keycloak` component.
== Install JBang
@@ -155,7 +148,7 @@
[source,sh]
----
-$ camel run *
+$ jbang -Dcamel.jbang.version=4.15.0-SNAPSHOT camel@apache/camel run *
----
The application will start on port 8080 with the following endpoints:
@@ -238,36 +231,23 @@
The example uses a Keycloak security policy to validate JWT tokens and enforce role-based access control.
-The policy is created in the `configure()` method of the `RestApi.java` file and requires the `admin` role:
+The policy is defined as a bean in the `rest-api.camel.yaml` file and requires the `admin` role:
-[source,java]
+[source,yaml]
----
-KeycloakSecurityPolicy policy = new KeycloakSecurityPolicy();
-policy.setServerUrl(keycloakServerUrl);
-policy.setRealm(realm);
-policy.setClientId(clientId);
-policy.setClientSecret(clientSecret);
-policy.setRequiredRoles(Arrays.asList("admin"));
+- beans:
+ - name: keycloakPolicy
+ type: org.apache.camel.component.keycloak.security.KeycloakSecurityPolicy
+ properties:
+ serverUrl: "{{keycloak.server.url}}"
+ realm: "{{keycloak.realm}}"
+ clientId: "{{keycloak.client.id}}"
+ clientSecret: "{{keycloak.client.secret}}"
+ requiredRoles:
+ - "admin"
----
-The policy references configuration properties from `application.properties` using `@PropertyInject`:
-
-[source,java]
-----
-@PropertyInject("keycloak.server.url")
-private String keycloakServerUrl;
-
-@PropertyInject("keycloak.realm")
-private String realm;
-
-@PropertyInject("keycloak.client.id")
-private String clientId;
-
-@PropertyInject("keycloak.client.secret")
-private String clientSecret;
-----
-
-Configuration properties in `application.properties`:
+The bean references configuration properties from `application.properties`:
[source,properties]
----
@@ -279,19 +259,28 @@
=== Route Protection
-Routes are protected by adding the policy to the route. The policy will validate the JWT token and check that the user has the required `admin` role:
+Routes are protected by adding a policy reference. The policy will validate the JWT token and check that the user has the required `admin` role:
-[source,java]
+[source,yaml]
----
-from("platform-http:/api/protected")
- .routeId("protected-api")
- .policy(policy)
- .setBody()
- .simple("{\n" +
- " \"message\": \"This is a protected endpoint, admin role required\",\n" +
- " \"timestamp\": \"${date:now:yyyy-MM-dd'T'HH:mm:ss}\"\n" +
- "}")
- .setHeader("Content-Type", constant("application/json"));
+- route:
+ id: protected-api
+ from:
+ uri: "platform-http:/api/protected"
+ steps:
+ - policy:
+ ref: keycloakPolicy
+ - setBody:
+ simple: |
+ {
+ "message": "This is a protected endpoint, admin role required",
+ "timestamp": "${date:now:yyyy-MM-dd'T'HH:mm:ss}"
+ }
+ - setHeader:
+ name: Content-Type
+ constant: application/json
+ - log:
+ message: "Protected API called"
----
If a user without the `admin` role tries to access this endpoint, they will receive a 403 Forbidden response.
diff --git a/keycloak-security-rest/RestApi.java b/keycloak-security-rest/RestApi.java
deleted file mode 100644
index eb50a49..0000000
--- a/keycloak-security-rest/RestApi.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import java.util.Arrays;
-
-import org.apache.camel.PropertyInject;
-import org.apache.camel.builder.RouteBuilder;
-import org.apache.camel.component.keycloak.security.KeycloakSecurityPolicy;
-
-/**
- * Keycloak Security REST API Example
- *
- * This example demonstrates how to secure REST APIs using Apache Camel with Keycloak
- * authentication and authorization. It uses the platform-http component to create REST
- * endpoints protected by Keycloak security policies.
- */
-public class RestApi extends RouteBuilder {
-
- @PropertyInject("keycloak.server.url")
- private String keycloakServerUrl;
-
- @PropertyInject("keycloak.realm")
- private String realm;
-
- @PropertyInject("keycloak.client.id")
- private String clientId;
-
- @PropertyInject("keycloak.client.secret")
- private String clientSecret;
-
- @Override
- public void configure() throws Exception {
-
- KeycloakSecurityPolicy policy = new KeycloakSecurityPolicy();
- policy.setServerUrl(keycloakServerUrl);
- policy.setRealm(realm);
- policy.setClientId(clientId);
- policy.setClientSecret(clientSecret);
- policy.setRequiredRoles(Arrays.asList("admin"));
-
- // Public endpoint - no authentication required
- from("platform-http:/api/public")
- .routeId("public-api")
- .setBody()
- .simple("{\n" +
- " \"message\": \"This is a public endpoint, no authentication required\",\n" +
- " \"timestamp\": \"${date:now:yyyy-MM-dd'T'HH:mm:ss}\"\n" +
- "}")
- .setHeader("Content-Type", constant("application/json"))
- .log("Public API called");
-
- // Protected endpoint - requires admin role
- from("platform-http:/api/protected")
- .routeId("protected-api")
- .policy(policy)
- .setBody()
- .simple("{\n" +
- " \"message\": \"This is a protected endpoint, admin role required\",\n" +
- " \"timestamp\": \"${date:now:yyyy-MM-dd'T'HH:mm:ss}\"\n" +
- "}")
- .setHeader("Content-Type", constant("application/json"))
- .log("Protected API called");
- }
-}
diff --git a/keycloak-security-rest/rest-api.camel.yaml b/keycloak-security-rest/rest-api.camel.yaml
new file mode 100644
index 0000000..83a05a0
--- /dev/null
+++ b/keycloak-security-rest/rest-api.camel.yaml
@@ -0,0 +1,67 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+# camel-k: dependency=camel:keycloak
+
+# Bean definition for Keycloak security policy
+- beans:
+ - name: keycloakPolicy
+ type: org.apache.camel.component.keycloak.security.KeycloakSecurityPolicy
+ properties:
+ serverUrl: "{{keycloak.server.url}}"
+ realm: "{{keycloak.realm}}"
+ clientId: "{{keycloak.client.id}}"
+ clientSecret: "{{keycloak.client.secret}}"
+ requiredRoles: "admin"
+
+# Public endpoint - no authentication required
+- route:
+ id: public-api
+ from:
+ uri: "platform-http:/api/public"
+ steps:
+ - setBody:
+ simple: |
+ {
+ "message": "This is a public endpoint, no authentication required",
+ "timestamp": "${date:now:yyyy-MM-dd'T'HH:mm:ss}"
+ }
+ - setHeader:
+ name: Content-Type
+ constant: application/json
+ - log:
+ message: "Public API called"
+
+# Protected endpoint - requires admin role
+- route:
+ id: protected-api
+ from:
+ uri: "platform-http:/api/protected"
+ steps:
+ - policy:
+ ref: keycloakPolicy
+ - setBody:
+ simple: |
+ {
+ "message": "This is a protected endpoint, admin role required",
+ "timestamp": "${date:now:yyyy-MM-dd'T'HH:mm:ss}"
+ }
+ - setHeader:
+ name: Content-Type
+ constant: application/json
+ - log:
+ message: "Protected API called"
