Skip to content

Feature/keycloak OIDC #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
igorcampos-dev merged 4 commits into from
Aug 6, 2025
Merged

Feature/keycloak OIDC #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd9dc07
feat(spring-keycloak-example): added 'default' configuration, also Op…
igorcampos-dev Aug 3, 2025
6b1d7b8
chore(spring-keycloak-example): add proxy to adjustment some problems
igorcampos-dev Aug 5, 2025
e538318
chore(spring-keycloak-example): add healtcheck
igorcampos-dev Aug 6, 2025
46ce8b6
chore(spring-keycloak-example): remove env dockerfile and adjustment …
igorcampos-dev Aug 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 7 additions & 23 deletions spring-keycloak-example/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,30 +18,14 @@ RUN --mount=type=bind,source=pom.xml,target=pom.xml \
./mvnw package -DskipTests && \
mv target/$(./mvnw help:evaluate -Dexpression=project.artifactId -q -DforceStdout)-$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout).jar target/app.jar

FROM package as extract
FROM eclipse-temurin:21.0.7_6-jre-jammy AS final

WORKDIR /build
RUN apt-get update && apt-get install -y nginx supervisor && rm -rf /var/lib/apt/lists/*
COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
COPY docker/nginx/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

RUN java -Djarmode=layertools -jar target/app.jar extract --destination target/extracted
COPY --from=package /build/target/app.jar /app/app.jar

FROM eclipse-temurin:21.0.7_6-jre-jammy AS final
EXPOSE 8083 8080

ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
USER appuser

COPY --from=extract build/target/extracted/dependencies/ ./
COPY --from=extract build/target/extracted/spring-boot-loader/ ./
COPY --from=extract build/target/extracted/snapshot-dependencies/ ./
COPY --from=extract build/target/extracted/application/ ./

EXPOSE 80

ENTRYPOINT [ "java", "org.springframework.boot.loader.launch.JarLauncher" ]
ENTRYPOINT ["supervisord", "-n"]
1 change: 1 addition & 0 deletions spring-keycloak-example/Dockerfile.keycloak
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
FROM quay.io/keycloak/keycloak:26.3 AS builder

WORKDIR /opt/keycloak

RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:26.3
Expand Down
27 changes: 23 additions & 4 deletions spring-keycloak-example/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,31 @@ Includes a minimal setup for running a Spring Boot application secured by Keyclo

## Authentication Types Implemented

- nothing
### OIDC (OpenID Connect) via Keycloak

- **Description:** Authentication using Keycloak as the OpenID Connect (OIDC) identity provider.

- **Port:** `8083`

- **Spring Profile:** `OIDC`

- **Backup keycloak:** `oidc_auth_db_backup.sql`

- **User Credentials:**
- Username: `oidc-user`
- Password: `oidc-password`

- **Protected Route:** `/secured`

- **Realm:** `redirect-login-example`


---

## Related Resources

| Description | Link |
|---------------------------------|-----------------------------------------------------------------------|
| Running Keycloak in a container | [keycloak.org/containers](https://www.keycloak.org/server/containers) |
| Description | Link |
|------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|
| Running Keycloak in a container | [keycloak.org/containers](https://www.keycloak.org/server/containers) |
| Teaching how to set up Openid connect | [youtube/IW15Q68V50E](https://youtu.be/IW15Q68V50E?si=sJjvFoq8m0xL8xLn) |
| Discussion about healthcheck configuration in keycloak container | [gist.github.com/sarath-soman](https://gist.github.com/sarath-soman/5d9aec06953bbd0990c648605d4dba07) |
49 changes: 43 additions & 6 deletions spring-keycloak-example/compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,21 @@ services:
context: .
dockerfile: Dockerfile
environment:
SERVER_PORT: 80
SPRING_PROFILES_ACTIVE: "default"
SERVER_PORT: 8083
SPRING_PROFILES_ACTIVE: "OIDC"
AUTH_CLIENT_ID: oidc-client
AUTH_CLIENT_SECRET: pvRQkTKcE2zZw9vxT30oXC1Zynq2b3yw
AUTH_SCOPE: openid, profile, email
AUTH_GRANT_TYPE: authorization_code
AUTH_REDIRECT_URI: "{baseUrl}/login/oauth2/code/{registrationId}"
AUTH_ISSUER_URI: http://localhost:8080/realms/redirect-login-example
ports:
- "80:80"
- "8083:8083"
depends_on:
- keycloak
keycloak:
condition: service_healthy
networks:
- spring_keycloak

keycloak:
container_name: keycloak
Expand All @@ -22,7 +31,10 @@ services:
ports:
- "8080:8080"
environment:
KC_DB: dev-file
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-database:5432/oidc_auth_db
KC_DB_USERNAME: postgres
KC_DB_PASSWORD: password
KC_HTTP_ENABLED: "true"
KC_HTTP_PORT: "8080"
KC_HOSTNAME: localhost
Expand All @@ -33,4 +45,29 @@ services:
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/certs/tls.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/certs/tls.key
volumes:
- ./docker/keycloak:/opt/keycloak/certs
- ./docker/keycloak/certs:/opt/keycloak/certs
depends_on:
- keycloak-database
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/9000;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;"]
interval: 5s
timeout: 10s
retries: 10
networks:
- spring_keycloak

keycloak-database:
image: postgres:14.18-alpine3.22
container_name: keycloak-database
environment:
POSTGRES_USER: postgres #⚠️ DO NOT USE IN PRODUCTION
POSTGRES_PASSWORD: password #⚠️ DO NOT USE IN PRODUCTION
ports:
- "5432:5432"
volumes:
- ./docker/keycloak/backups/oidc_auth_db_backup.sql:/docker-entrypoint-initdb.d/init.sql
networks:
- spring_keycloak

networks:
spring_keycloak:
Loading