https://appdev.openshift.io/docs/spring-boot-runtime.html#mission-secured-spring-boot
- JDK 11+ installed with JAVA_HOME configured appropriately
- Deploy Keycloak on Openshift
oc new-project sso
oc create -f .openshiftio/sso.yaml
- Get Keycloak Auth Endpoint
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
- Start the application. Provide the Keycloak URL in a
SSO_AUTH_SERVER_URL
parameter.
mvn spring-boot:run -DSSO_AUTH_SERVER_URL=${SSO_URL}
- Use curl to access the endpoint without authentication (you will receive an unauthorized error)
curl -v http://localhost:8080/api/greeting
- Open the application webpage in your browser
http://localhost:8080
and log in with one of the user credentials.
Username | Password | Expected status code |
---|---|---|
alice | password | 200 |
admin | admin | 403 |
User alice
is recognised by the system and has permission to access the greeting service.
admin
on the other hand, is recognised by the system but cannot access the greeting service.
- Try accessing the greeting service by using the form or the
curl
command displayed in the webpage.
- Deploy Keycloak on Openshift.
oc new-project sso
oc create -f .openshiftio/sso.yaml
Obtain the SSO_URL
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
- Build and deploy the Spring Boot application using Dekorate.
mvn clean verify -Popenshift -Ddekorate.deploy=true -DSSO_AUTH_SERVER_URL=${SSO_URL}
First, make sure you have installed the Helm command line and connected/logged to a kubernetes cluster.
Now, deploy Keycloak on Openshift.
oc create -f .openshiftio/sso.yaml
And obtain the SSO_URL
:
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
Then, you need to install the example by doing:
helm install secured ./helm --set spring-boot-example-app.s2i.source.repo=https://github.com/snowdrop/secured-example --set spring-boot-example-app.s2i.source.ref=<branch-to-use> --set spring-boot-example-app.s2i.env[0].name="MAVEN_ARGS_APPEND" --set spring-boot-example-app.s2i.env[0].value="-DSSO_AUTH_SERVER_URL=${SSO_URL}"
note: Replace <branch-to-use>
with one branch from https://github.com/snowdrop/secured-example/branches/all
.
And to uninstall the chart, execute:
helm uninstall secured
./run_tests_with_dekorate_in_ocp.sh
./run_tests_with_s2i.sh
This script can take 2 parameters referring to the repository and the branch to use to source the images from.
./run_tests_with_s2i.sh "https://github.com/snowdrop/secured-example" branch-to-test
./run_tests_with_helm.sh
This script can take 2 parameters referring to the repository and the branch to use to source the images from.
./run_tests_with_helm.sh "https://github.com/snowdrop/secured-example" branch-to-test