From 6a4c3b32d6bbe6d64aaa517bb4ca05b715d97de4 Mon Sep 17 00:00:00 2001 From: Ihar Hancharenka Date: Wed, 5 Jul 2023 21:27:02 +0300 Subject: [PATCH] m --- pl/cross/tools/build/gradle/docs/whatsnew.txt | 2 + .../tools/build/gradle/dsl/kotlin-dsl.txt | 1 + .../security/oauth/oauth2/server/keycloak.txt | 74 ++++++++++++++++++- 3 files changed, 75 insertions(+), 2 deletions(-) diff --git a/pl/cross/tools/build/gradle/docs/whatsnew.txt b/pl/cross/tools/build/gradle/docs/whatsnew.txt index e62e32877..68147c99e 100644 --- a/pl/cross/tools/build/gradle/docs/whatsnew.txt +++ b/pl/cross/tools/build/gradle/docs/whatsnew.txt @@ -1,6 +1,8 @@ https://github.com/gradle/gradle/releases 8.x +https://docs.gradle.org/8.2/release-notes.html +https://docs.gradle.org/8.1/release-notes.html https://docs.gradle.org/8.0/release-notes.html 7.x diff --git a/pl/cross/tools/build/gradle/dsl/kotlin-dsl.txt b/pl/cross/tools/build/gradle/dsl/kotlin-dsl.txt index e6658b878..3ac30d40c 100644 --- a/pl/cross/tools/build/gradle/dsl/kotlin-dsl.txt +++ b/pl/cross/tools/build/gradle/dsl/kotlin-dsl.txt @@ -1,2 +1,3 @@ +https://docs.gradle.org/current/kotlin-dsl/index.html https://docs.gradle.org/current/userguide/kotlin_dsl.html https://gradle.github.io/kotlin-dsl-docs/api/ diff --git a/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt b/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt index 3698b6458..e2232d67e 100644 --- a/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt +++ b/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt @@ -1,6 +1,21 @@ +eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0NjkxNTE4Zi04OTA2LTRmNmMtOGExNi04YjMyNzMxOGIyMTgifQ.eyJleHAiOjE3MjAwODQ0OTEsImlhdCI6MTY4ODU0ODQ5MSwianRpIjoiNDA5YTZhZGItZTM2MC00MzI3LTkxMWEtMGRhY2U4NGM5OTU0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL3JlYWxtcy9yZWFsbTEiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvcmVhbG1zL3JlYWxtMSIsInR5cCI6IkluaXRpYWxBY2Nlc3NUb2tlbiJ9.Dz85JZXKwNHkCELObgFH85xDn4xUnM2SkDwY36LQeEA + https://www.keycloak.org/ https://www.baeldung.com/tag/keycloak/ +https://www.keycloak.org/documentation.html +https://www.keycloak.org/docs-api/21.1.2/javadocs/index.html +https://www.keycloak.org/docs/latest/authorization_services/index.html + https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-rest-springboot + +client -> app +client scope -> allow to manage common set of perm-s (default) + +guides +https://github.com/keycloak/keycloak-quickstarts/blob/latest/docs/getting-started.md + +https://github.com/keycloak/keycloak + mvn https://search.maven.org/search?q=a:keycloak-adapter-bom https://search.maven.org/artifact/org.keycloak.bom/keycloak-adapter-bom/18.0.2/pom @@ -8,19 +23,74 @@ https://search.maven.org/artifact/org.keycloak.bom/keycloak-adapter-bom/18.0.2/p docker https://www.keycloak.org/server/containers +https://www.keycloak.org/getting-started/getting-started-docker docker run -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:17.0.1 start-dev +https://hub.docker.com/r/bitnami/keycloak/ + +cfg +https://www.keycloak.org/server/all-config + https://github.com/keycloak/keycloak/tree/main/quarkus/config-api/src/main/java/org/keycloak/config + https://github.com/keycloak/keycloak/blob/main/quarkus/config-api/src/main/java/org/keycloak/config/database/Database.java + dev-file + return addH2NonKeywords("jdbc:h2:file:${kc.home.dir:${kc.db-url-path:" + escapeReplacements(System.getProperty("user.home")) + "}}" + + escapeReplacements(File.separator) + "${kc.data.dir:data}" + + escapeReplacements(File.separator) + "h2" + escapeReplacements(File.separator) + + "keycloakdb${kc.db-url-properties:;;AUTO_SERVER=TRUE}"); + +https://www.keycloak.org/server/db +https://www.keycloak.org/server/logging + +spring-boot +https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boot_adapter 2023 +https://www.youtube.com/watch?v=vmEWywGzWbA + https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3 + boot 3, secur 6 + 23:00 + 25:30 + 32:30 - jwt.io debugger + We can assign client roles to realm roles (composite:true) + realmroles->for-specific-role->menu-action->Add associated roles + now it is composite role + # jwt.io: .resource_access.myclient11.roles=client11_admin,client11_user + # https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3/blob/main/src/main/java/com/alibou/keycloak/JwtAuthConverter.java + # JwtGrantedAuthoritiesConverter -> SCOPE_, split(by space) "scope" attr of jwt + + user can also be a composite + /realms//well-known/openid-configuration + token_endpoint + grant_type: password + client_id: ... + username: ... + password: ... + -> refresh_token is also provided + token can be pasted to jwt.io + @PreAuthorize("hasRole('client_role')") + defaultRolePrefix="ROLE_" // !!! + +https://www.baeldung.com/spring-boot-keycloak + https://github.com/eugenp/tutorials/tree/master/spring-boot-modules/spring-boot-keycloak +https://www.baeldung.com/spring-boot-keycloak-integration-testing + with testcontainers +https://habr.com/ru/articles/716232/ + ! +ABAC + https://github.com/mgalaktionov/keycloak-demo-2 + https://habr.com/ru/post/724738/ + refresh-token, bad ideology https://habr.com/ru/post/720070/ + application.yaml, KeycloakWebSecurityConfigurerAdapter is depr-ted + spring-security-oauth2-resource-server https://habr.com/ru/post/716232/ 2022 -https://www.baeldung.com/spring-boot-keycloak-integration-testing https://www.youtube.com/watch?v=rbKzR6QWKLI&list=PLSVW22jAG8pBnhAdq9S8BpLnZ0_jVBj0c&index=5 +https://habr.com/ru/articles/661541/ + https://www.keycloak.org/2022/02/adapter-deprecation 2021 -https://www.baeldung.com/spring-boot-keycloak https://www.baeldung.com/java-keycloak-custom-user-providers https://www.baeldung.com/keycloak-embedded-in-spring-boot-app https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-rest/oauth-authorization-server +https://habr.com/ru/companies/reksoft/articles/552346/ 2020 https://www.baeldung.com/postman-keycloak-endpoints