This is an automated email from the ASF dual-hosted git repository. danhaywood pushed a commit to branch jpa-2.0.0-M9-keycloak in repository https://gitbox.apache.org/repos/asf/isis-app-simpleapp.git
commit 30e00cc59792152852fbf544e913ae176092fd0f Author: danhaywood <[email protected]> AuthorDate: Wed Jan 25 10:07:53 2023 +0000 updates as per https://isis.apache.org/security/2.0.0-M9/keycloak/about.html tutorial. NB: logout fails, I've raised a ticket https://issues.apache.org/jira/secure/RapidBoard.jspa?rapidView=87&selectedIssue=CAUSEWAY-3341 --- webapp/pom.xml | 5 +++++ .../src/main/java/domainapp/webapp/AppManifest.java | 4 ++++ .../src/main/resources/config/application.properties | 19 +++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/webapp/pom.xml b/webapp/pom.xml index e155208..92a65ef 100644 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -65,6 +65,11 @@ </dependency> <!-- isis --> + <dependency> + <groupId>org.apache.isis.security</groupId> + <artifactId>isis-security-keycloak</artifactId> + </dependency> + <dependency> <groupId>org.apache.isis.mavendeps</groupId> <artifactId>isis-mavendeps-webapp</artifactId> diff --git a/webapp/src/main/java/domainapp/webapp/AppManifest.java b/webapp/src/main/java/domainapp/webapp/AppManifest.java index 4329382..d2dacc5 100644 --- a/webapp/src/main/java/domainapp/webapp/AppManifest.java +++ b/webapp/src/main/java/domainapp/webapp/AppManifest.java @@ -1,5 +1,7 @@ package domainapp.webapp; +import org.apache.isis.security.bypass.authorization.AuthorizorBypass; +import org.apache.isis.security.keycloak.IsisModuleSecurityKeycloak; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.annotation.PropertySource; @@ -50,6 +52,8 @@ import domainapp.webapp.quartz.QuartzModule; IsisModuleExtFlywayImpl.class, + IsisModuleSecurityKeycloak.class, + IsisModuleExtSecmanPersistenceJpa.class, IsisModuleExtSecmanEncryptionJbcrypt.class, IsisModuleExtSessionLogPersistenceJpa.class, diff --git a/webapp/src/main/resources/config/application.properties b/webapp/src/main/resources/config/application.properties index 4d5b3ec..4e38766 100644 --- a/webapp/src/main/resources/config/application.properties +++ b/webapp/src/main/resources/config/application.properties @@ -44,3 +44,22 @@ decorator.datasource.p6spy.multiline=true # Use logging for default listeners [slf4j, sysout, file, custom] decorator.datasource.p6spy.logging=sysout + + +isis.security.keycloak.realm=simpleapp +isis.security.keycloak.base-url=http://localhost:9090/auth + +kc.realm-url=${isis.security.keycloak.base-url}/realms/${isis.security.keycloak.realm} + +spring.security.oauth2.client.registration.simpleapp.client-id=simpleapp-client +spring.security.oauth2.client.registration.simpleapp.client-name=Simple App +spring.security.oauth2.client.registration.simpleapp.client-secret=e4659814-eabb-49fd-b5ca-40fc732db540 + +spring.security.oauth2.client.registration.simpleapp.provider=keycloak +spring.security.oauth2.client.registration.simpleapp.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.simpleapp.scope=openid, profile +spring.security.oauth2.client.registration.simpleapp.redirect-uri={baseUrl}/login/oauth2/code/{registrationId} +spring.security.oauth2.client.provider.keycloak.authorization-uri=${kc.realm-url}/protocol/openid-connect/auth +spring.security.oauth2.client.provider.keycloak.jwk-set-uri=${kc.realm-url}/protocol/openid-connect/certs +spring.security.oauth2.client.provider.keycloak.token-uri=${kc.realm-url}/protocol/openid-connect/token +spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
