thomasdarimont/embedded-spring-boot-keycloak-server thomasdarimont/embedded-spring-boot-keycloak-server

  • Stars
    star
    263
  • Rank 155,213 (Top 4 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
thomasdarimont/embedded-spring-boot-keycloak-server
github

thomasdarimont

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Keycloak JAX-RS application embedded in a Spring-Boot App.

Embedded Keycloak Server running in a Spring Boot App

This project provides an embedded Authentication and Authorization Server based on Keycloak and Spring Boot.
The idea is to have a variant of Keycloak-X but based on Spring Boot instead of Quarkus.

Keycloak is embedded by hosting it's JAX-RS Application in a Spring-Boot environment.

Compatibility

The following table shows the Keycloak versions used by the embedded Keycloak Server version.

Embedded Keycloak Server Keycloak Spring Boot
1.x.y 9.0.3 2.2.7.RELEASE
2.3.y 10.0.2 2.3.1.RELEASE
2.4.y 11.0.2 2.3.3.RELEASE
3.0.y 12.0.4 2.4.4
4.0.y 13.0.1 2.4.6
5.0.y 15.0.2 2.5.4
5.1.y 15.1.1 2.5.10
6.0.y 16.1.1 2.5.10
7.0.y 17.0.1 2.6.7
8.0.y 18.0.0 2.6.7

Modules

embedded-keycloak-server-spring-boot-support

This module contains the necessary bits to embed a Keycloak server in a Spring Boot app.

embedded-keycloak-server-spring-boot-starter

This module contains a Spring Boot starter for an Embedded Keycloak Server.

embedded-keycloak-server-plain

This is an example module showing the raw embed a Keycloak server in a Spring Boot app without additional customizations.

embedded-keycloak-server-custom

This is an example module showing how to embed a Keycloak server in a Spring Boot app with additional customizations.

Installation

To add Keycloak to a Spring Boot project, add a dependency to the Spring Boot starter and make sure to use this project's BOM/parent so that you're getting all the right dependency versions:

Note that the artifacts are currently distributed via jitpack, see the corresponding jitpack project.

In Maven:

<project ...>
  <parent>
      <groupId>com.github.thomasdarimont.embedded-spring-boot-keycloak-server</groupId>
      <artifactId>embedded-keycloak-server-spring-boot-parent</artifactId>
      <version>8.0.0</version>
  </parent>

  <dependencies>
        <dependency>
            <groupId>com.github.thomasdarimont.embedded-spring-boot-keycloak-server</groupId>
            <artifactId>embedded-keycloak-server-spring-boot-starter</artifactId>
            <version>8.0.0</version>
        </dependency>
  </dependencies>

...

    <repositories>
        <repository>
            <id>jitpack.io</id>
            <url>https://jitpack.io</url>
        </repository>
    </repositories>

  ...
</project>

In Gradle:

plugins {
	id 'org.springframework.boot' version '2.6.7'
	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
	id 'java'
}

repositories {
  mavenCentral()
  maven { url "https://jitpack.io" }
}

dependencyManagement {
  imports {
    mavenBom 'com.github.thomasdarimont.embedded-spring-boot-keycloak-server:embedded-keycloak-server-spring-boot-parent:8.0.0'
  }
}

dependencies {
  implementation "com.github.thomasdarimont.embedded-spring-boot-keycloak-server:embedded-keycloak-server-spring-boot-starter:8.0.0"
}

Make sure you chose a version that matches the Keycloak version you want to use from the compatibility table above.

Build

To build the embedded Spring Boot Keycloak Server, run the following command: Note: we use the install goal to install the artifacts into the local maven repository
in order to be able to consume the artifacts in our customization project.

mvn clean install

Run

To run the plain embedded keycloak server example app, you can execute the following command:

java -jar embedded-keycloak-server-plain/target/*.jar

The embedded Keycloak server is now reachable via http://localhost:8080/auth

Note: If you didn't configure an admin password explicitly, we will generate the password at startup and print it to the console.
You can use this password to login as the user admin.

2020-07-07 16:02:39.531  INFO 13974 --- [           main] c.g.t.k.e.EmbeddedKeycloakApplication    : Generated admin password: 15909ee9-871d-4caf-ad04-5da5f3e0838f

Configuration

The Keycloak server part can be configured via Spring Boot configuration mechanism.
See embedded-keycloak-server-plain/application.yml for a list of configurable settings.

Customizing

The embedded-keycloak-server-custom example project demonstrates how one can use the
embedded-keycloak-server-spring-boot-starter library to create an embedded Keycloak server with additional
customizations like Keycloak extensions and a custom theme.

Clustering

The embedded Keycloak server uses JGroups for Peer-to-Peer cluster communication and Infinispan for
managing distributed caches like SSO-Sessions etc.

JGroups Clustering can be configured via the jgroups.xml configuration file.
Infinispan distributed caches can be configured via the infinispan.xml configuration file.

By default JGroups is configured with TCPPING discovery which requires a list of initial hostnames to join a cluster. If you want another JGroups discovery mechanism like, e.g. dnsping or kube_ping, then you just need to adapt the jgroups.xml configuration file. Note that some discovery strategies like kube_ping need additional jars in the classpath.

Note, that you need to use a centralized database if you want to really leverage a clustered embedded Keycloak.

To see the clustering in action, just build the project and run the following command on two nodes in the embedded-keycloak-server-plain directory:

Run on Node1:

java -Djgroups.configfile=jgroups.xml \
     -Djgroups.bind_addr=$(hostname -I | cut -d' ' -f1) \
     -Djgroups.tcpping.initial_hosts='node1[7600],node2[7600]' \
     -Djava.net.preferIPv4Stack=true \
     -jar target/*.jar

Run on Node2:

java -Djgroups.configfile=jgroups.xml \
     -Djgroups.bind_addr=$(hostname -I | cut -d' ' -f1) \
     -Djgroups.tcpping.initial_hosts='node1[7600],node2[7600]' \
     -Djava.net.preferIPv4Stack=true \
     -jar target/*.jar

Note, the expression $(hostname -I | cut -d' ' -f1) takes the first host IP address as the bind adress for JGroups.

If the clustering works you should see messages like:

2020-04-19 11:29:16.665  INFO 17055 --- [PN,neumann-3283] org.infinispan.CLUSTER                   : ISPN000094: Received new cluster view for channel ISPN: [neumann-3283|1] (2) [neumann-3283, gauss-45273]
2020-04-19 11:29:16.668  INFO 17055 --- [PN,neumann-3283] org.infinispan.CLUSTER                   : ISPN100000: Node gauss-45273 joined the cluster
2020-04-19 11:29:17.005  INFO 17055 --- [e-thread--p2-t2] org.infinispan.CLUSTER                   : [Context=org.infinispan.CONFIG] ISPN100002: Starting rebalance with members [neumann-3283, gauss-45273], phase READ_OLD_WRITE_ALL, topology id 2
...

Current gotchas

None.

More Repositories

1

awesome-keycloak

A curated list of resources for learning about http://www.keycloak.org
1,458
star
2

keycloak-extension-playground

Simple project environment for creating custom Keycloak extensions
Java
540
star
3

keycloak-project-example

An example project for Keycloak Customizations
Java
237
star
4

keycloak-docker-demo

Repository for Keycloak Demos
Java
182
star
5

spring-boot-2-keycloak-oauth-example

PoC for Spring Boot 2 + Spring Security 5 + Keycloak 3.4.3 without Keycloak Adapter
Java
142
star
6

keycloak-health-checks

Keycloak Extension for health checks
Java
134
star
7

spring-labs

Here be dragons
Java
94
star
8

spring-boot-keycloak-server-example

THIS PROJECT MOVED: PoC for embedding Keycloak's JAX-RS application in a Spring-Boot App. New Location:
Java
92
star
9

keycloak-user-storage-provider-demo

Simple custom User Storage Provider extension for Keycloak. Deployed as .ear with dependencies & jboss-cli based setup.
Java
89
star
10

springio18-spring-keycloak

Slides & Code from my "How to secure your Spring Boot Apps with Keycloak" talk at Spring I/O 2018
Java
88
star
11

keycloak-avatar-minio-extension

Simple example for managing avatar images with Keycloak
Java
69
star
12

spring-boot-admin-keycloak-example

Example for protecting Spring Boot Admin & Spring Boot Actuator endpoints with Keycloak
Java
57
star
13

spring-boot-prometheus-example

Simple example for exposing Metrics in a Spring Boot App for consumption by Prometheus
Shell
51
star
14

kc-dnc-demo

PoC for securing AspNetCore based Web Apps with Keycloak.
C#
38
star
15

keycloak-freeradius-demo

PoC for delegating a free-radius authentication to Keycloak via PAM
Dockerfile
25
star
16

screen-casting-app

Spring Boot App which periodically captures Screenshots of the current system and exposes them via a simple Web-Interface
Java
22
star
17

quarkus-keycloak-demo

Simple example for a stateless JAX-RS webservice that can be accessed with JWTs issued by Keycloak
HTML
22
star
18

vertx-playground

Some experiments with the Vert.x Web Framework
Java
21
star
19

keycloak-custom-server

Custom Keycloak.X Server Distribution with selective features
Java
20
star
20

spring-boot-protobuf-example

Revised version of Josh Longs Spring Boot Protobuf example from 2015 https://spring.io/blog/2015/03/22/using-google-protocol-buffers-with-spring-mvc-based-rest-services
Shell
19
star
21

spring-boot-micro-frontend-example

Simple Spring Boot frontend integration with ParcelJS
Java
18
star
22

keycloak-tc-extension-playground

Example for testing Keycloak extensions in docker with testcontainers
Java
16
star
23

keycloak_mod_auth_oidc_example

Demonstrates the configuration of the mod_auth_oidc Apache Module for use with Keycloak.
PHP
14
star
24

wjax2018-spring-keycloak

Code & Slides for my "Securing Spring Apps with Keycloak" talk at WJAX 2018
Java
13
star
25

prometheus-spring-boot-starter

An unofficial spring-boot-starter for the Prometheus Monitoring System
Shell
12
star
26

spring-boot-keycloak-jwe-example

PoC: Spring Boot Keycloak Signed & Encrypted JWT Example
Java
12
star
27

keycloak-infini-kube

PoC for a Keycloak Dockerimage with service discovery via KUBE_PING
Shell
12
star
28

keycloak-extensions-talk

Talk and Slides of my talk about Keycloak Extension Development
Java
10
star
29

keycloak-opa-config-validation

PoC for Validating Keycloak Configurations with Open Policy Agent Polices
Open Policy Agent
9
star
30

custom-opa-spicedb

OPA Authzed experiments
Go
9
star
31

go-kc-example

PoC for Keycloak OIDC Support in Golang
Go
7
star
32

custom-opa-openfga

OPA OpenFGA experiments
Go
6
star
33

spring-data-in-memory-poc

Java
6
star
34

keycloak-graalvm-js-scripting-provider

GraalVM.JS based JavaScript ScriptingProvider extension for Keycloak.
Java
5
star
35

jcon2017-keycloak

Code & Slides of my SSO with Keycloak talk at JCON 2017
Java
5
star
36

spring-boot-keycloak-graphql-demo

Example for securing a Spring Boot based GraphQL app with Keycloak
Java
5
star
37

de.tutorials.training.spring311

Tutorials.de Example Demonstrating some Spring 3.1.1 Goodness
JavaScript
5
star
38

quarkus-jumpstart-talk

Java
5
star
39

spring-boot-jee-web-example

Java
4
star
40

asw-web2-examples

Examples for the Course Web2 at ASW Berufsakademie Saarland
Java
4
star
41

sd-repositories-best-practices-javaland

Code & Slides from Spring Data Repositories Best Practices Talk at JavaLand 2016
Java
4
star
42

spring-boot-custom-starter-example

Java
4
star
43

spring-boot-cdi-instance-example

Prototypic implementation of support for CDI Instance<T> backed by a Spring BeanFactory.
Java
3
star
44

zitadel-spring-boot-examples

Zitadel.ch Example Project with Spring Boot and Spring Security
Java
3
star
45

wildfly-buildpack

Ruby
3
star
46

extism-java-example

Simple example for using the java-sdk of the extism web assembly plugin system.
Java
3
star
47

acme-keycloakx-demo

FreeMarker
2
star
48

java16-panama-win-dll-demo

Demo for calling a function from a Windows 64-bit DLL with Panama's Foreign Linker API
C
2
star
49

quarkus-demo

HTML
2
star
50

keycloak-login-recaptcha

By default Keycloak (up to 8.0.2) only supports ReCaptcha for Regsitration, not login. so we created a simple module for activating recaptcha for login
Java
2
star
51

js-storytelling

JavaScript
2
star
52

thomasdarimont.github.com

The GitHub Page of thomasdarimont
JavaScript
2
star
53

java-docker-training

Java
2
star
54

spring-boot-k8s-app

Example spring-boot app with custom Java Image that can be run in Kubernetes
Dockerfile
2
star
55

keycloak-13.0.1-docker-microprofile-workaround

Workaround for removed Smallrye / Microprofile components for Keycloak 13.0.x
Dockerfile
2
star
56

spring-boot-dockerized-service-example

Shell
1
star
57

jvmoa

JVM Option Analyzer - A java based tool to list jvm settings of a local or a remote jvm
Java
1
star
58

spring-boot-keycloak-actuator-example

Shell
1
star
59

keycloakify-demo-app

TypeScript
1
star
60

java-workbench

Java Workbench for trying out things in various JDKs
Java
1
star
61

spring-boot2-training

Some experiments with Spring Boot 2
Java
1
star
62

spring-boot-keycloak-server-gist

Embedded Keycloak Server in Spring Boot
Java
1
star
63

embedded-quarkus-keycloak-server-example

PoC for an embedded keycloak server with Quarkus
HTML
1
star
64

spring-boot-layered-dockerimage-with-fabric8-demo

Example for building a layered Docker Image with fabric8 Maven Plugin and Spring Boot 2.3.0+
Java
1
star
65

reified-java-demo

Java
1
star
66

spring-boot-graal-demo

Java
1
star
67

spring-boot-camel-hawt-io-example

Java
1
star
68

git-training

Training project to learn how to do distributed development using git
1
star
69

de.thomasdarimont.labs.jpa

Plain JPA Examples Repository - Mostly for reporting bugs in the persistence providers
Java
1
star
70

201905-dubjug-keycloak-talk

Notes & Slides from Keycloak talk at Dublin Java User Group 2019
1
star
71

spring-boot-thymeleaf-layout-example

Shell
1
star
72

spring-boot-tls-with-san

Simple example for x509 Client Authentication with Mutual TLS
Java
1
star
73

spring-data-jpa

Simplifies the development of creating a JPA-based data access layer.
Java
1
star
74

jwks-aggregator

Java
1
star
75

javaland2023-authz-for-java-devs-with-opa

Slides & Code
1
star
76

goexercises

Go
1
star
77

archetype-demo

Custom Maven Archtetype Example that can be fetched via jitpack
Java
1
star
78

spring-training-spring-boot-keycloak-direct-access-grant-form-auth

PoC for using Keycloaks direct access grants as backing auth mechanism for form-based auth in a traditional spring security application
Java
1
star
79

springxd-smartgrid-demo

springxd-smartgrid-demo
1
star
80

keycloak-patches

backported patches for existing Keycloak versions
Java
1
star