https://github.com/kluiverjh/jaaskeycloak

Example how to use JAAS keycloak adapter (direct access grant loginmodule)
https://github.com/kluiverjh/jaaskeycloak

access console console-application direct directaccessgrantsloginmodule jaas jaas-keycloak-adapter keycloak loginmodule

Last synced: about 1 month ago
JSON representation

Example how to use JAAS keycloak adapter (direct access grant loginmodule)

• Host: GitHub
• URL: https://github.com/kluiverjh/jaaskeycloak
• Owner: kluiverjh
• License: mit
• Created: 2020-12-22T15:45:38.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-03-03T08:27:57.000Z (over 4 years ago)
• Last Synced: 2025-05-07T21:04:39.979Z (about 1 month ago)
• Topics: access, console, console-application, direct, directaccessgrantsloginmodule, jaas, jaas-keycloak-adapter, keycloak, loginmodule
• Language: Java
• Homepage:
• Size: 392 KB
• Stars: 5
• Watchers: 1
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE
  • Security: security.policy

Awesome Lists containing this project

README

        
#  **JAAS (Java Authentication and Authorization Services)**

Simple example how to setup the JAAS KEYCLOAK adapter. The adapter uses Direct Access Grants method to gain access token from keycloak.

The application will validate (hardcoded) username and password against keycloak  (or local debug LoginModule). And check if role exists.

![](doc/images/application_output.png)

In this example user and password are send in http to keycloak, a https url should be used to make it secure.

## Keycloak docker

For testing, the easiest way is to setup a keycloak docker container 

```bash

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1

```

## Setup keycloak for demo application

* Open 'http://localhost:8080'

* Login on administration console with username 'admin' and password 'admin'

  

* Add realm 'realm_demo'

  ![add_realm](doc/images/add_realm.png)

* Add client 'keycloak-demo-client'

  ![add_client](doc/images/add_client.png)

* Configure client with access type confidential and direct access grants enabled.

  ![](doc/images/settings_client.png)

* The client secret can now be found on tab credentials

  ![](doc/images/client_secret.png)

* Add the role 'example_role_read' to the client

  ![add_client](doc/images/client_add_role.png)

* Add user 'testuser'

  ![add_user](doc\images\add_user.png)

* Set password "testpassword' (as defined in LoginCallbackHandler.java)

  ![](doc/images/set_user_password.png)

  **Important** Temporary password must be off.

* Add role ''example_role_read' to client

  ![client_add_role](doc/images/client_add_role.png)

  ![client_add_role_to_user](doc/images/client_add_role_to_user.png)

  

* Make sure 'keycloak.json' matches the values as set above

  ![](doc/images/keyclock.png)

https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jaas.adoc

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/java-adapter-config.adoc