Skip to content

Commit

Permalink
Refactored keycloak and added few options
Browse files Browse the repository at this point in the history
  • Loading branch information
@szymonpoltorak
szymonpoltorak committed Mar 3, 2024
1 parent 7942091 commit 879e52e
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 60 deletions.
73 changes: 35 additions & 38 deletions auth-server/keycloak-initializer/src/main/java/keycloakinitializer/ExternalConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,24 @@
import java.util.List;
import java.util.Map;

public class ExternalConfig {
public final class ExternalConfig {

public static final String KCCFG_OVERRIDE_EXISTING = System.getenv("KCCFG_OVERRIDE_EXISTING");
private static final String KCCFG_OVERRIDE_EXISTING = System.getenv("KCCFG_OVERRIDE_EXISTING");

public static final String KCCFG_LOGIN_THEME_NAME = System.getenv("KCCFG_LOGIN_THEME_NAME");

public static final String KC_SERVER_URL = System.getenv("KC_SERVER_URL");
private static final String KC_SERVER_URL = System.getenv("KC_SERVER_URL");

public static final String GITHUB_CLIENT_ID = System.getenv("GITHUB_CLIENT_ID");
public static final String GITHUB_CLIENT_SECRET = System.getenv("GITHUB_CLIENT_SECRET");
private static final String GITHUB_CLIENT_ID = System.getenv("GITHUB_CLIENT_ID");
private static final String GITHUB_CLIENT_SECRET = System.getenv("GITHUB_CLIENT_SECRET");

public static final String GOOGLE_CLIENT_ID = System.getenv("GOOGLE_CLIENT_ID");
public static final String GOOGLE_CLIENT_SECRET = System.getenv("GOOGLE_CLIENT_SECRET");
private static final String GOOGLE_CLIENT_ID = System.getenv("GOOGLE_CLIENT_ID");
private static final String GOOGLE_CLIENT_SECRET = System.getenv("GOOGLE_CLIENT_SECRET");

//
private ExternalConfig() {
}

public static Keycloak getAdmin() {
static Keycloak getAdmin() {
if(KC_SERVER_URL == null) {
throw new IllegalStateException("env KC_SERVER_URL not found");
}
Expand All @@ -38,41 +39,37 @@ public static Keycloak getAdmin() {
.build();
}

public static boolean shouldOverrideExistingConfiguration() {
return KCCFG_OVERRIDE_EXISTING != null && KCCFG_OVERRIDE_EXISTING.equalsIgnoreCase("true");
static boolean shouldOverrideExistingConfiguration() {
return "true".equalsIgnoreCase(KCCFG_OVERRIDE_EXISTING);
}

public static List<IdentityProviderRepresentation> getIdentityProviders() {
ArrayList<IdentityProviderRepresentation> providers = new ArrayList<>();
if(GITHUB_CLIENT_ID != null && !GITHUB_CLIENT_ID.isBlank() && GITHUB_CLIENT_SECRET != null && !GITHUB_CLIENT_SECRET.isBlank()) {
providers.add(new IdentityProviderRepresentation() {{
setAlias("github");
setEnabled(true);
setProviderId("github");
setConfig(Map.of(
"clientId", GITHUB_CLIENT_ID,
"clientSecret", GITHUB_CLIENT_SECRET
));
// V czy wymusić aktualizację danych profilu po pierwszym zalogowaniu przez oauth2
//setUpdateProfileFirstLoginMode("on");
// V ??
//setFirstBrokerLoginFlowAlias("first broker login");
// V napis na ekranie logowania
//setDisplayName("Zaloguj sie przez ~GITHUB~");
}});
List<IdentityProviderRepresentation> providers = new ArrayList<>(3);

if(isIdentityProviderConfigured(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET)) {
providers.add(newInstance("github", GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET));
}
if(GOOGLE_CLIENT_ID != null && !GOOGLE_CLIENT_ID.isBlank() && GOOGLE_CLIENT_SECRET != null && !GOOGLE_CLIENT_SECRET.isBlank()) {
providers.add(new IdentityProviderRepresentation() {{
setAlias("google");
setEnabled(true);
setProviderId("google");
setConfig(Map.of(
"clientId", GOOGLE_CLIENT_ID,
"clientSecret", GOOGLE_CLIENT_SECRET
));
}});
if(isIdentityProviderConfigured(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET)) {
providers.add(newInstance("google", GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET));
}
return Collections.unmodifiableList(providers);
}

private static IdentityProviderRepresentation newInstance(String provider, String clientId, String clientSecret) {
IdentityProviderRepresentation idp = new IdentityProviderRepresentation();

idp.setAlias(provider);
idp.setEnabled(true);
idp.setProviderId(provider);
idp.setConfig(Map.of(
"clientId", clientId,
"clientSecret", clientSecret
));
return idp;
}

private static boolean isIdentityProviderConfigured(String clientId, String clientSecret) {
return clientId != null && !clientId.isBlank() && clientSecret != null && !clientSecret.isBlank();
}

}
31 changes: 18 additions & 13 deletions auth-server/keycloak-initializer/src/main/java/keycloakinitializer/Main.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,31 @@

import keycloakinitializer.realm.corn.CornRealm;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.RealmRepresentation;

import java.util.Optional;
public final class Main {

public class Main {
private Main() {
}

public static void main(String[] args) {
Keycloak admin = ExternalConfig.getAdmin();
CornRealm realm = new CornRealm();
Optional<RealmRepresentation> existingRealm = admin.realms().findAll().stream()

admin
.realms()
.findAll()
.stream()
.filter(r -> r.getRealm().equals(realm.getRealm()))
.findFirst();
if(existingRealm.isPresent()) {
if(!ExternalConfig.shouldOverrideExistingConfiguration()) {
System.out.println("Configured not to override existing configuration => Exiting");
return;
}
admin.realms().realm(existingRealm.get().getRealm()).remove();
}
admin.realms().create(realm);
.findFirst()
.ifPresentOrElse(
r -> {
if (!ExternalConfig.shouldOverrideExistingConfiguration()) {
throw new UnsupportedOperationException("Configured not to override existing configuration => Exiting");
}
admin.realms().realm(r.getRealm()).remove();
},
() -> admin.realms().create(realm)
);
}

}
10 changes: 7 additions & 3 deletions ...-server/keycloak-initializer/src/main/java/keycloakinitializer/realm/corn/CornClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,22 @@

import java.util.List;

public class CornClient extends ClientRepresentation {
final class CornClient extends ClientRepresentation {
private static final String CLIENT_ID = "Corn";
private static final String OPENID_CONNECT = "openid-connect";

public CornClient() {
setClientId("Corn");
CornClient() {
setClientId(CLIENT_ID);
setEnabled(true);
setRedirectUris(List.of(
"http://localhost/*",
"http://localhost:4200/*",
"http://localhost:80/*"
));
setDirectAccessGrantsEnabled(true);
setProtocol(OPENID_CONNECT);
setPublicClient(true);
setFullScopeAllowed(true);
}

}
15 changes: 9 additions & 6 deletions auth-server/keycloak-initializer/src/main/java/keycloakinitializer/realm/corn/CornRealm.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,24 @@

import java.util.List;

public class CornRealm extends RealmRepresentation {
public final class CornRealm extends RealmRepresentation {
private static final String REALM_NAME = "Corn";
private static final String DEFAULT_SIGNATURE_ALGORITHM = "ES512";

public CornRealm() {
setRealm("Corn");
setRealm(REALM_NAME);
setEnabled(true);
setRegistrationAllowed(true);
setClients(List.of(new CornClient()));
setIdentityProviders(ExternalConfig.getIdentityProviders());
setRevokeRefreshToken(true);
setRememberMe(true);
setBruteForceProtected(true);
setDefaultSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM);

if(ExternalConfig.KCCFG_LOGIN_THEME_NAME != null) {
setLoginTheme(ExternalConfig.KCCFG_LOGIN_THEME_NAME);
}
}

public enum Role {
ADMIN, USER;
}

}

0 comments on commit 879e52e

Please sign in to comment.