spring-boot-undertow-spring-security/readme.adoc - camel-spring-boot-examples - Git at Google

 == Camel Example Undertow Spring Security with Keycloak

 This example shows the undertow component with spring security using one of the supported authentication providers: *Keycloak*

 The example starts up a spring-boot application that is authenticated via bearer token with keycloak server.

 === Setting up a Keycloak server

 Running configured keycloak server is required for this demo.

 To prepare Keycloak server, use _docker-compose_ according the following
 https://github.com/keycloak/keycloak-containers/tree/master/docker-compose-examples[examples].

 After logging into the Administration Console of the keycloak server:

 * Create a realm using import (exported file _realm-export.json_ is prepared in the  root of this example).
 It will create realm "example-app", with client _example-service_  and roles _role01_ and _role02_.
 * Create a user for each roles (_user01_ with role _role01_ and _user02_ with role _role02_).

 When the Keycloak server is configured and running, retrieve access tokens for both users.

 You can use following commands (use correct secrets and names) to retrieve both tokens:

  curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user01-name>" -d "password=<user01-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'

 and

  curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user02-name>" -d "password=<user02-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token | jq -r '.access_token'

 Keep both generated tokens for later use.

 === Running the example

 Now that everything is set up, you can run the example using

 ----
 mvn spring-boot:run
 ----

 _Notice that route contains allowedRoles parameter with value `role02`._

 You can verify that the endpoint (_http://localhost:8082/hi_) is secured with the Keycloak server
 by executing following requests:

 * Request without authentication token returns _401 Unauthorized_

  curl -I -X GET http://localhost:8082/hi

 * Request with the token for _user01_ (with _role01_) returns _403 Forbidden_

  curl -I -X GET -H "Authorization: Bearer <user01-token>" http://localhost:8082/hi

 * Request with the token for _user02_ (with _role02_) returns _200 OK_ and you can see a message
 in application console log: "_Hello <user01-name>!_"

  curl -I -X GET -H "Authorization: Bearer <user02-token>" http://localhost:8082/hi


 === Help and contributions

 If you hit any problem using Camel or have some feedback, then please
 https://camel.apache.org/support.html[let us know].

 We also love contributors, so
 https://camel.apache.org/contributing.html[get involved] :-)

 The Camel riders!
	== Camel Example Undertow Spring Security with Keycloak

	This example shows the undertow component with spring security using one of the supported authentication providers: Keycloak

	The example starts up a spring-boot application that is authenticated via bearer token with keycloak server.

	=== Setting up a Keycloak server

	Running configured keycloak server is required for this demo.

	To prepare Keycloak server, use _docker-compose_ according the following
	https://github.com/keycloak/keycloak-containers/tree/master/docker-compose-examples[examples].

	After logging into the Administration Console of the keycloak server:

	* Create a realm using import (exported file _realm-export.json_ is prepared in the root of this example).
	It will create realm "example-app", with client _example-service_ and roles _role01_ and _role02_.
	* Create a user for each roles (_user01_ with role _role01_ and _user02_ with role _role02_).

	When the Keycloak server is configured and running, retrieve access tokens for both users.

	You can use following commands (use correct secrets and names) to retrieve both tokens:

	curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user01-name>" -d "password=<user01-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token \| jq -r '.access_token'

	and

	curl -d "client_id=example-service" -d "client_secret=<client-secret>" -d "username=<user02-name>" -d "password=<user02-password>" -d "grant_type=password" http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token \| jq -r '.access_token'

	Keep both generated tokens for later use.

	=== Running the example

	Now that everything is set up, you can run the example using

	----
	mvn spring-boot:run
	----

	_Notice that route contains allowedRoles parameter with value `role02`._

	You can verify that the endpoint (_http://localhost:8082/hi_) is secured with the Keycloak server
	by executing following requests:

	* Request without authentication token returns _401 Unauthorized_

	curl -I -X GET http://localhost:8082/hi

	* Request with the token for _user01_ (with _role01_) returns _403 Forbidden_

	curl -I -X GET -H "Authorization: Bearer <user01-token>" http://localhost:8082/hi

	* Request with the token for _user02_ (with _role02_) returns _200 OK_ and you can see a message
	in application console log: "_Hello <user01-name>!_"

	curl -I -X GET -H "Authorization: Bearer <user02-token>" http://localhost:8082/hi


	=== Help and contributions

	If you hit any problem using Camel or have some feedback, then please
	https://camel.apache.org/support.html[let us know].

	We also love contributors, so
	https://camel.apache.org/contributing.html[get involved] :-)

	The Camel riders!