a4a7d023a7
Closes #28779 Signed-off-by: Douglas Palmer <dpalmer@redhat.com> |
||
---|---|---|
.. | ||
camel | ||
camel-fuse7-undertow | ||
customer-app-fuse | ||
cxf-jaxrs | ||
cxf-jaxrs-fuse7-undertow | ||
cxf-jaxws | ||
cxf-jaxws-fuse7-undertow | ||
external-config | ||
features | ||
fuse-admin | ||
product-app-fuse | ||
product-app-fuse7-undertow | ||
demorealm.json | ||
pom.xml | ||
README.md |
Keycloak Fuse demo
Currently Keycloak supports securing your web applications running inside JBoss Fuse or Apache Karaf. It leverages:
- Jetty9 adapter for both JBoss Fuse 6.3 and Apache Karaf 4, that include Jetty9 server under the covers and Jetty is used for running various kinds of web applications
- Jetty8 adapter for both JBoss Fuse 6.2 and Apache Karaf 3, that include Jetty8 server under the covers and Jetty is used for running various kinds of web applications
It's highly recommended to use the JBoss Fuse 6.3.0 Rollup 1 or newer for this tutorial.
WARNING: Running your applications inside standalone Apache Karaf may work, however we are testing just with JBoss Fuse 6.3.0 Rollup 1 and not with standalone Karaf server. Also we
did not test with Fuse versions older than 6.3.0 Rollup 1. So if you really want adapter on standalone Karaf server or older Fuse, it's up to you to figure exact steps to have it working.
The Fuse example is slightly modified version of Keycloak base demo applications. The main difference among base demo is that for Fuse demo are applications running on separate Fuse server. Keycloak server is supposed to run separately on Wildfly.
Fuse demo contains those basic applications:
- customer-app-fuse A WAR application that is deployed with pax-war extender
- product-app-fuse A servlet application deployed with pax-whiteboard extender
- camel Apache Camel endpoint running on separate Jetty engine on http://localhost:8383/admin-camel-endpoint. The customer-app-fuse invokes the endpoint to get data.
- cxf-jaxrs Apache CXF JAX-RS endpoint running on default Jetty on http://localhost:8181/cxf/customerservice. The customer-app-fuse invokes the endpoint to get data
- cxf-jaxws Apache CXF JAX-WS endpoint running on separate Jetty engine on http://localhost:8282/PersonServiceCF. The product-app-fuse invokes the endpoint to get data.
- external-config A WAR application with external adapter configuration not bundled within the application, but instead in
$FUSE_HOME/etc
directory.
Running of demo consists of 2 steps. First you need to run separate Keycloak server and then Fuse server with the applications
Base steps
- Run external instance of Keycloak server on WildFly . It's easiest to run and download Keycloak standalone server. Fuse demo suppose that server is running on http://localhost:8080/auth
- Import realm
demo
from the filedemorealm.json
onexamples/fuse/demorealm.json
. See here the details on how to import the realm - Then download Keycloak examples and build Fuse example, which is needed so the feature repository is added to your local maven repo:
unzip -q keycloak-examples-<VERSION>.zip
cd keycloak-examples-<VERSION>/fuse
mvn clean install
Running demo on JBoss Fuse 6.3.0 Rollup 1
You just need to download and run JBoss Fuse and then run those commands from the karaf terminal to install the needed features and Keycloak fuse demo (Replace Keycloak versions with the current Keycloak version number):
KEYCLOAK_VERSION="2.2.1.Final"
features:addurl mvn:org.keycloak/keycloak-osgi-features/$KEYCLOAK_VERSION/xml/features
features:addurl mvn:org.keycloak.testsuite/fuse-example-keycloak-features/$KEYCLOAK_VERSION/xml/features
features:install keycloak-fuse-6.3-example
After that you can test running on http://localhost:8181/customer-portal and login as "bburke@redhat.com" with password "password". Customer-portal is able to
receive the response from the endpoints provided by cxf-jaxrs
and camel
applications. Note that camel endpoint is available just for users with role admin
in this demo, so "bburke@redhat.com" can't access it. You may login as "admin" with password "password" in order to invoke camel endpoint.
From http://localhost:8181/product-portal you will see servlet endpoint, which invokes JAX-WS provided by cxf-jaxws
application.
Note that this demo also secures whole default CXF endpoint on http://localhost:8181/cxf hence every application running under it is secured too.
To have the external-config
example running, you can copy the file examples/fuse/external-config/external-config-keycloak.json
to the $FUSE_HOME/etc
directory.
Then go to http://localhost:8181/external-config/index.html to test the secured application.
How to secure your own application
See Docs for more details.
How to secure Fuse admin services
It's possible to secure fuse admin services with Keycloak too. See fuse-admin for info on how to secure Fuse admin console, remote SSH and JMX access with Keycloak.