Skip to content

Quickstart to expose a REST Greeting endpoint using Spring Boot & Secured by Red Hat SSO

License

Notifications You must be signed in to change notification settings

snowdrop/secured-example

Repository files navigation

Secured Spring Boot Example

https://appdev.openshift.io/docs/spring-boot-runtime.html#mission-secured-spring-boot

Table of Contents

Prerequisites

  • JDK 11+ installed with JAVA_HOME configured appropriately

How to play with the SSO Example locally

  • Deploy Keycloak on Openshift
oc new-project sso
oc create -f .openshiftio/sso.yaml
  • Get Keycloak Auth Endpoint
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
  • Start the application. Provide the Keycloak URL in a SSO_AUTH_SERVER_URL parameter.
mvn spring-boot:run -DSSO_AUTH_SERVER_URL=${SSO_URL}
  • Use curl to access the endpoint without authentication (you will receive an unauthorized error)
curl -v http://localhost:8080/api/greeting
  • Open the application webpage in your browser http://localhost:8080 and log in with one of the user credentials.
Username Password Expected status code
alice password 200
admin admin 403

User alice is recognised by the system and has permission to access the greeting service. admin on the other hand, is recognised by the system but cannot access the greeting service.

  • Try accessing the greeting service by using the form or the curl command displayed in the webpage.

How to run the SSO Example on OpenShift

  • Deploy Keycloak on Openshift.
oc new-project sso
oc create -f .openshiftio/sso.yaml

Obtain the SSO_URL

SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
  • Build and deploy the Spring Boot application using Dekorate.
mvn clean verify -Popenshift -Ddekorate.deploy=true -DSSO_AUTH_SERVER_URL=${SSO_URL}

Deploying application on OpenShift using Helm

First, make sure you have installed the Helm command line and connected/logged to a kubernetes cluster.

Now, deploy Keycloak on Openshift.

oc create -f .openshiftio/sso.yaml

And obtain the SSO_URL:

SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')

Then, you need to install the example by doing:

helm install secured ./helm --set spring-boot-example-app.s2i.source.repo=https://github.com/snowdrop/secured-example --set spring-boot-example-app.s2i.source.ref=<branch-to-use> --set spring-boot-example-app.s2i.env[0].name="MAVEN_ARGS_APPEND" --set spring-boot-example-app.s2i.env[0].value="-DSSO_AUTH_SERVER_URL=${SSO_URL}"

note: Replace <branch-to-use> with one branch from https://github.com/snowdrop/secured-example/branches/all.

And to uninstall the chart, execute:

helm uninstall secured

Running Tests on OpenShift using Dekorate

./run_tests_with_dekorate_in_ocp.sh

Running Tests on OpenShift using S2i from Source

./run_tests_with_s2i.sh

This script can take 2 parameters referring to the repository and the branch to use to source the images from.

./run_tests_with_s2i.sh "https://github.com/snowdrop/secured-example" branch-to-test

Running Tests on OpenShift using Helm

./run_tests_with_helm.sh

This script can take 2 parameters referring to the repository and the branch to use to source the images from.

./run_tests_with_helm.sh "https://github.com/snowdrop/secured-example" branch-to-test