91bdc4bde2
* [KEYCLOAK-3169] - UMA 2.0 Support * [KEYCLOAK-3169] - Changes to account service and more tests * [KEYCLOAK-3169] - Code cleanup and tests * [KEYCLOAK-3169] - Changes to account service and tests * [KEYCLOAK-3169] - Changes to account service and tests * [KEYCLOAK-3169] - More tests * [KEYCLOAK-3169] - Changes to adapter configuration * [KEYCLOAK-3169] - Reviewing UMA specs and more tests * [KEYCLOAK-3169] - Reviewing UMA specs and more tests * [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring * [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests * [KEYCLOAK-3169] - Changes to account my resources and policy enforcers * [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console * [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console * [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests * [KEYCLOAK-3169] - Removing more UMA 1.0 related code * [KEYCLOAK-3169] - Only submit requests if ticket exists * [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated * [KEYCLOAK-3169] - Removing unused code * [KEYCLOAK-3169] - Removing unused code * [KEYCLOAK-3169] - 403 response in case ticket is not created * [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent * [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients |
||
---|---|---|
.. | ||
src/main/webapp | ||
hello-world-authz-realm.json | ||
hello-world-authz-service.json | ||
pom.xml | ||
README.md |
About the Example Application
This is a simple application to get you started with Keycloak Authorization Services.
It provides a single page application which is protected by a policy enforcer that decides whether an user can access that page or not based on the permissions obtained from a Keycloak Server.
Create the Example Realm and a Resource Server
Considering that your Keycloak Server is up and running, log in to the Keycloak Administration Console.
Now, create a new realm based on the following configuration file:
examples/authz/hello-world-authz-service/hello-world-authz-realm.json
That will import a pre-configured realm with everything you need to run this example. For more details about how to import a realm into Keycloak, check the Keycloak's reference documentation.
After importing that file, you'll have a new realm called hello-world-authz
.
Now, let's import another configuration using the Administration Console in order to configure the client application hello-world-authz-service
as a resource server with all resources, scopes, permissions and policies.
Click on Clients
on the left side menu. Click on the hello-world-authz-service
on the client listing page. This will
open the Client Details
page. Once there, click on the Authorization
tab.
Click on the Select file
button, which means you want to import a resource server configuration. Now select the file that is located at:
examples/authz/hello-world-authz-service/hello-world-authz-service.json
Now click Upload
and the resource server will be updated accordingly.
Deploy and Run the Example Application
To deploy the example application, follow these steps:
cd examples/authz/hello-world-authz-service
mvn clean package wildfly:deploy
Now, try to access the client application using the following URL:
http://localhost:8080/hello-world-authz-service
If everything is correct, you will be redirect to Keycloak login page. You can login to the application with the following credentials:
- username: jdoe / password: jdoe
- username: alice / password: alice