This example shows how the security APIs of Rico can be used. The clients of this sample simply do a login against the server and call a secure REST endpoint on the server.
Rico uses Keycloak for identity and access management. By adding the rico-security-server module to the server application a proxy servlet will be added to the server that provides login functionality by calling the Keycloak server internally.
The security is based on OpenID connect and JWT tokens. Once a client is logged in, it will receive a JWT security token.The HTTP client of Rico automatically add this token to any request that is send to the server.By doing so, secured endpoints can be called without any additional security handling after a successful login.
The server receives the security token and automatically validates it against the Keycloak server.
You need to have the following things installed:
-
an Java SDK (tested with Java 8)
-
Maven
-
Docker (and Docker Compose)
First, you need to have everything compiled, so please run mvn install in the root directory of this samples project.
To use the security features a Keycloak instance must be configured and started.
The easiest way is to use the Docker based Keycloak container that is provided as part of this sample.
If you have Docker installed on your machine everything else that is needed to start an automatically configured Keycloak server can be found in the keycloak-container folder of this sample.
The folder contains several scripts that can be used to the build, start & remove the Keycloak Docker container. To run the scripts Docker (and Docker Compose) must be installed locally. The folder contains 2 scripts:
-
clearDocker- This script removes the container from your local Docker registry. The script can be used to clear everything if you do not want to use the Keycloak container anymore. -
restart- This script stops and removes the Keycloak Docker container if it is present. After that the container is created and started.
Once you have checked out the repository you only need to call the restart script from the keycloak-container folder and the Docker container will be created and started.Since this will download Keycloak and do several configuration steps this can take some minutes.The server is up and running once you see a message similar to following in the log:
rico-security-sample-keycloak-server_1 | 11:38:24,869 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 6.0.1 (WildFly Core 8.0.0.Final) started in 34158ms - Started 672 of 937 services (652 services are lazy, passive or on-demand)Go to the server-spring subfolder and use maven to start the server:
mvn spring-boot:run
To start the JavaFX client simply run mvn jfx:run from the client-javafx folder.
Next to this the client can be started by the dev.rico.samples.security.Client class.
Jetty-Maven-Plugin is pre-configured to serve the client, just start
mvn jetty:runAfter this, you can access the sample via http://localhost:8082
Jetty-Maven-Plugin is pre-configured to serve the client, just start
mvn jetty:runAfter this, you can access the sample via http://localhost:8082