You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@isis.apache.org by da...@apache.org on 2023/01/25 10:11:05 UTC

[isis-app-simpleapp] branch jpa-2.0.0-M9-keycloak created (now 30e00cc)

This is an automated email from the ASF dual-hosted git repository.

danhaywood pushed a change to branch jpa-2.0.0-M9-keycloak
in repository https://gitbox.apache.org/repos/asf/isis-app-simpleapp.git


      at 30e00cc  updates as per https://isis.apache.org/security/2.0.0-M9/keycloak/about.html tutorial.

This branch includes the following new commits:

     new 30e00cc  updates as per https://isis.apache.org/security/2.0.0-M9/keycloak/about.html tutorial.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[isis-app-simpleapp] 01/01: updates as per https://isis.apache.org/security/2.0.0-M9/keycloak/about.html tutorial.

Posted by da...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

danhaywood pushed a commit to branch jpa-2.0.0-M9-keycloak
in repository https://gitbox.apache.org/repos/asf/isis-app-simpleapp.git

commit 30e00cc59792152852fbf544e913ae176092fd0f
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Wed Jan 25 10:07:53 2023 +0000

    updates as per https://isis.apache.org/security/2.0.0-M9/keycloak/about.html tutorial.
    
    NB: logout fails, I've raised a ticket https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=87&selectedIssue=CAUSEWAY-3341
---
 webapp/pom.xml                                        |  5 +++++
 .../src/main/java/domainapp/webapp/AppManifest.java   |  4 ++++
 .../src/main/resources/config/application.properties  | 19 +++++++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/webapp/pom.xml b/webapp/pom.xml
index e155208..92a65ef 100644
--- a/webapp/pom.xml
+++ b/webapp/pom.xml
@@ -65,6 +65,11 @@
         </dependency>
 
         <!-- isis -->
+        <dependency>
+            <groupId>org.apache.isis.security</groupId>
+            <artifactId>isis-security-keycloak</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.isis.mavendeps</groupId>
             <artifactId>isis-mavendeps-webapp</artifactId>
diff --git a/webapp/src/main/java/domainapp/webapp/AppManifest.java b/webapp/src/main/java/domainapp/webapp/AppManifest.java
index 4329382..d2dacc5 100644
--- a/webapp/src/main/java/domainapp/webapp/AppManifest.java
+++ b/webapp/src/main/java/domainapp/webapp/AppManifest.java
@@ -1,5 +1,7 @@
 package domainapp.webapp;
 
+import org.apache.isis.security.bypass.authorization.AuthorizorBypass;
+import org.apache.isis.security.keycloak.IsisModuleSecurityKeycloak;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.PropertySource;
@@ -50,6 +52,8 @@ import domainapp.webapp.quartz.QuartzModule;
 
         IsisModuleExtFlywayImpl.class,
 
+        IsisModuleSecurityKeycloak.class,
+
         IsisModuleExtSecmanPersistenceJpa.class,
         IsisModuleExtSecmanEncryptionJbcrypt.class,
         IsisModuleExtSessionLogPersistenceJpa.class,
diff --git a/webapp/src/main/resources/config/application.properties b/webapp/src/main/resources/config/application.properties
index 4d5b3ec..4e38766 100644
--- a/webapp/src/main/resources/config/application.properties
+++ b/webapp/src/main/resources/config/application.properties
@@ -44,3 +44,22 @@ decorator.datasource.p6spy.multiline=true
 
 # Use logging for default listeners [slf4j, sysout, file, custom]
 decorator.datasource.p6spy.logging=sysout
+
+
+isis.security.keycloak.realm=simpleapp
+isis.security.keycloak.base-url=http://localhost:9090/auth
+
+kc.realm-url=${isis.security.keycloak.base-url}/realms/${isis.security.keycloak.realm}
+
+spring.security.oauth2.client.registration.simpleapp.client-id=simpleapp-client
+spring.security.oauth2.client.registration.simpleapp.client-name=Simple App
+spring.security.oauth2.client.registration.simpleapp.client-secret=e4659814-eabb-49fd-b5ca-40fc732db540
+
+spring.security.oauth2.client.registration.simpleapp.provider=keycloak
+spring.security.oauth2.client.registration.simpleapp.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.simpleapp.scope=openid, profile
+spring.security.oauth2.client.registration.simpleapp.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+spring.security.oauth2.client.provider.keycloak.authorization-uri=${kc.realm-url}/protocol/openid-connect/auth
+spring.security.oauth2.client.provider.keycloak.jwk-set-uri=${kc.realm-url}/protocol/openid-connect/certs
+spring.security.oauth2.client.provider.keycloak.token-uri=${kc.realm-url}/protocol/openid-connect/token
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username