blob: 0251e601e8f132a235b7ccbe8ec67fbb2b32145d [file] [log] [blame]
== Camel Example Undertow Spring Security with Keycloak
This example shows the undertow component with spring security using one of the supported authentication providers: *Keycloak*
The example starts up a spring-boot application that is authenticated via bearer token with keycloak server.
=== Setting up a Keycloak server
Running configured keycloak server is required for this demo.
To prepare Keycloak server, use _docker-compose_ according the following[examples].
After logging into the Administration Console of the keycloak server:
* Create a realm using import (exported file _realm-export.json_ is prepared in the root of this example).
It will create realm "example-app", with client _example-service_ and roles _role01_ and _role02_.
* Create a user for each roles (_user01_ with role _role01_ and _user02_ with role _role02_).
When the Keycloak server is configured and running, retrieve access tokens for both users.
You can use following commands (use correct secrets and names) to retrieve both tokens:
curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user01-name>" -d "password=<user01-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'
curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user02-name>" -d "password=<user02-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'
Keep both generated tokens for later use.
=== Running the example
Now that everything is set up, you can run the example using
mvn spring-boot:run
_Notice that route contains allowedRoles parameter with value `role02`._
You can verify that the endpoint (_http://localhost:8082/hi_) is secured with the Keycloak server
by executing following requests:
* Request without authentication token returns _401 Unauthorized_
curl -I -X GET http://localhost:8082/hi
* Request with the token for _user01_ (with _role01_) returns _403 Forbidden_
curl -I -X GET -H "Authorization: Bearer <user01-token>" http://localhost:8082/hi
* Request with the token for _user02_ (with _role02_) returns _200 OK_ and you can see a message
in application console log: "_Hello <user01-name>!_"
curl -I -X GET -H "Authorization: Bearer <user02-token>" http://localhost:8082/hi
=== Help and contributions
If you hit any problem using Camel or have some feedback, then please[let us know].
We also love contributors, so[get involved] :-)
The Camel riders!