This is the full source-code for the following blog post series.
No license is provided as it is only meant for learning purposes.
The basic set-up we are going for is:
-
gateway at localhost:8080
-
dummy service at localhost:8081
-
keycloak at localhost:9090
run docker-compose up -d inside the keycloak directory to start a local keycloak server mapped to host port 9090
Browse to http://localhost:9090
-
login with
admin/admin -
create a realm called
service -
a client called
gateway-
use
valid redirect url:http://localhost:8080/* -
select
Access Type:confidential -
saveand click on the newly visible tabCredentials
-
-
Copy the
Secretto theclient-secretin the oauth-gateway application.yml -
create a user for yourself to login with
-
create a role called
dummyand assign it to your user
run GatewayApplication to start the gateway
run DummyApplication to start the dummy backend service
Browse incognito to http://localhost:8080
-
login with the user you created
-
checkout the result (in case of a silent 401/403 failure, check for a
WWW-Authenticateheader in the response for a clue)
|
Note
|
In order to see one of the powers of OAuth-based AuthN/AuthZ, restart the Gateway and/or Dummy service and/or remove you Session Cookie stored in your browser (F12, Application, Cookies, http://localhost:8080, Clear All in Chrome) and refresh the page.
|
|
Note
|
If you just want to look at how the request with the token to the backend looks like, you could also just run netcat instead of the dummy-service using:
nc -l localhost 8081
|