This repo is used to try and demonstrate how to configure a spring 0Auth2 resource server to work with more than one authorization provider / issuer uri. In this particular case we are using two different instances of keycloak.
./gradlew clean spotlessApply build integrationTest
To start up two different instances of keycloak with their own realms and users you can run the docker compose command:
docker-compose up -d
This will bring up two local instances of keycloak:
- The first on
http://localhost:8097
that contains a realmdemo-realm-1
and two usersdemo-user-1
anddemo-user-2
both with passwordspwd
- The second on
http://localhost:8098
that contains a realmdemo-realm-2
and two usersdemo-user-3
anddemo-user-4
both with passwordspwd
To run the service and have it use both instances of keycloak to perform token validation you can run:
./gradlew bootRun
This will start the service on port 8099. If you want to test being able to call the service using either keycloak instance
as the token issuer then you can import the postman collection at postman/spring-security-multiple-issuers.postman_collection.json
and use the two example requests under each issuer sub folder, each folder is configured with the to generate a token against
each keycloak instance.
- For the first keycloak instance you can use usernames
demo-user-1
anddemo-user-2
both with the passwordpwd
- For the second keycloak instance you can use usernames
demo-user-3
anddemo-user-4
both with the passwordpwd
To build the docker image locally you can run the following commands:
./gradlew clean buildImage currentVersion
This will build a docker image using the current version number that will also be printed to the console by this command.
To run the docker image locally you can run the following command, assuming you have run the command to build the docker image locally beforehand:
docker-compose --profile local-app-docker up -d
This will start the service on port 8099 in the same way the ./gradlew bootRun
command does,
the only difference in this case is that the application is running inside docker, rather than
directly on the local machine.
Note in order for this example to work locally you will also need to updated your /etc/hosts
file to add the following two entries:
127.0.0.1 keycloak-1
127.0.0.1 keycloak-2
You will also need to update the postman collection so that the Auth URL and Access Token URL so they both use the appropriate keycloak host name rather than just localhost e.g:
http://keycloak-1:8097
http://keycloak-2:8098
if you do not do the two steps defined above the authentication will fail because the issuer (iss) claim in the token will not match the issuer uri configured inside the application.
// cleans build directories
// prints currentVersion
// formats code
// builds code
// runs tests
// checks dependency versions
./gradlew clean currentVersion dependencyUpdates spotlessApply build