• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• devconf2019-authz-master
  • devconf2019-app
    • src
      • main
        • resources
          • resources
            • styles.css
          • templates
            • car-detail.ftl
            • cars.ftl
            • token.ftl
          • application.properties
        • java
          • org
            • keycloak
              • quickstarts
                • devconf2019
                  • app
                    • web
                      • CarsAppController.java
                    • util
                      • AppTokenUtil.java
                    • config
                      • AuthzClientRequestFactory.java
                      • UMAErrorHandler.java
                      • AppConfig.java
                      • SecurityConfig.java
                      • RptStore.java
                    • service
                      • ObjectMapperProvider.java
                      • CarsClientService.java
                    • CarsApp.java
    • pom.xml
  • cars-realm.json
  • pom.xml
  • LICENSE
  • README.md
  • devconf2019-service
    • src
      • main
        • resources
          • application.properties
        • java
          • org
            • keycloak
              • quickstarts
                • devconf2019
                  • web
                    • CarsServiceController.java
                  • util
                    • ImgUtil.java
                    • ServiceTokenUtil.java
                  • config
                    • KeycloakUMAConfigResolver.java
                  • service
                    • InMemoryCarsDB.java
                    • CarRepresentation.java
                    • OwnerRepresentation.java
                    • CarsAuthzService.java
                    • CarsService.java
                  • CarsServiceApp.java
      • test
        • java
          • org
            • keycloak
              • quickstarts
                • ImgTest.java
    • images
    • pom.xml
  • .gitignore

package org.keycloak.quickstarts.devconf2019.app.config;

import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

/**
 * Application security configuration.
 *
 */
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper();
        grantedAuthorityMapper.setPrefix("ROLE_");
        grantedAuthorityMapper.setConvertToUpperCase(true);
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthorityMapper);
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }


    @Autowired
    public AuthzClientRequestFactory keycloakClientRequestFactory;

    @Autowired
    public RptStore rptStore;

    @Bean
    @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
    public KeycloakRestTemplate keycloakRestTemplate() {
        KeycloakRestTemplate restTemplate = new KeycloakRestTemplate(keycloakClientRequestFactory);
        restTemplate.setErrorHandler(new UMAErrorHandler(keycloakClientRequestFactory, rptStore));
        return restTemplate;
    }

    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Bean
    public KeycloakConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .authorizeRequests()
                .antMatchers("/app", "/app/", "/app*", "/app/**").hasRole("USER")
                .anyRequest().permitAll();

    }

}