https://appdev.openshift.io/docs/spring-boot-runtime.html#mission-secured-spring-boot
- JDK 11+ installed with JAVA_HOME configured appropriately
- Deploy Keycloak on Openshift
oc new-project sso
oc create -f .openshiftio/sso.yaml
- Get Keycloak Auth Endpoint
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')
- Start the application. Provide the Keycloak URL in a
SSO_AUTH_SERVER_URLparameter.
mvn spring-boot:run -DSSO_AUTH_SERVER_URL=${SSO_URL}
- Use curl to access the endpoint without authentication (you will receive an unauthorized error)
curl -v http://localhost:8080/api/greeting
- Open the application webpage in your browser
http://localhost:8080and log in with one of the user credentials.
| Username | Password | Expected status code |
|---|---|---|
| alice | password | 200 |
| admin | admin | 403 |
User alice is recognised by the system and has permission to access the greeting service.
admin on the other hand, is recognised by the system but cannot access the greeting service.
- Try accessing the greeting service by using the form or the
curlcommand displayed in the webpage.
- Deploy Keycloak on Openshift.
oc new-project sso
oc create -f .openshiftio/sso.yaml
Obtain the SSO_URL
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')- Build and deploy the Spring Boot application using Dekorate.
mvn clean verify -Popenshift -Ddekorate.deploy=true -DSSO_AUTH_SERVER_URL=${SSO_URL}
First, make sure you have installed the Helm command line and connected/logged to a kubernetes cluster.
Now, deploy Keycloak on Openshift.
oc create -f .openshiftio/sso.yaml
And obtain the SSO_URL:
SSO_URL=$(oc get route sso -o jsonpath='http://{.spec.host}/auth')Then, you need to install the example by doing:
helm install secured ./helm --set spring-boot-example-app.s2i.source.repo=https://github.com/snowdrop/secured-example --set spring-boot-example-app.s2i.source.ref=<branch-to-use> --set spring-boot-example-app.s2i.env[0].name="MAVEN_ARGS_APPEND" --set spring-boot-example-app.s2i.env[0].value="-DSSO_AUTH_SERVER_URL=${SSO_URL}"
note: Replace <branch-to-use> with one branch from https://github.com/snowdrop/secured-example/branches/all.
And to uninstall the chart, execute:
helm uninstall secured
./run_tests_with_dekorate_in_ocp.sh
./run_tests_with_s2i.sh
This script can take 2 parameters referring to the repository and the branch to use to source the images from.
./run_tests_with_s2i.sh "https://github.com/snowdrop/secured-example" branch-to-test./run_tests_with_helm.sh
This script can take 2 parameters referring to the repository and the branch to use to source the images from.
./run_tests_with_helm.sh "https://github.com/snowdrop/secured-example" branch-to-test