Skip to content

Demo for how to integrate Keycloak into Quarkus and Spring Boot apps and services. All (most) kinds of authentication (web app, service account, client, bearer-only...)

Notifications You must be signed in to change notification settings

guastamacchia/keycloak-bookshop-demo

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Keycloak Bookshop Demo

Demo application landscape to show various and different kinds of user- and client authentication with Keycloak in a distributed environment with web applications and services.

Description and Use Case

It’s kind of a web shop, selling books.

Users can access the shop and the checkout, both are web apps. They have to authenticate themselves using their credentials with Keycloak and web apps using the Authorization Code Flow to get the users access token via backchannel from the Keycloak server. The shop is a Quarkus based application, using Quarkus Extensions, the checkout is a Spring Boot based application, using Spring Security and the Keycloak Spring Security Adapter.

The shop gets its products from the pim (product information management) service, also a Quarkus based service, dealing with BearerOnly token validation. The pim only accepts tokens with the role serviceAccount, which regular users doesn’t have, only the service accounts of the both web apps.

The cart service (Quarkus based) stores the products a user wants to "buy". So, it has to be accessed in the context of the user, but users can’t access it directly, that’s why the web apps (both, shop and checkout) have to propagate the users access token to the cart.

Finally, the msgBroker (Spring Boot based, using Spring Security dependencies only) service receives a message from the checkout web app, as soon a user made an order (e.g. to spread it to other consumers). Like the pim, the msgBroker is also only accessible for access tokens containing the serviceAccount role, which is again NOT the user, but the service account of the msgBroker client.

Architectural Overview

architecture

Docker Image

There is a public Docker image available with this distributed bookshop example. Simply pull the image from the official Docker Hub:

$ docker pull dasniko/keycloak-bookshop-demo:latest

The configuration of the apps and services in the Docker image is aligned with the bookshop-realm.json realm JSON export available here in the repository root.

The apps and services expect Keycloak to be available under hostname/port http://keycloak:8080.

About

Demo for how to integrate Keycloak into Quarkus and Spring Boot apps and services. All (most) kinds of authentication (web app, service account, client, bearer-only...)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 72.7%
  • HTML 21.1%
  • Dockerfile 4.3%
  • Shell 1.9%