зеркало из
https://github.com/iharh/notes.git
synced 2025-10-31 05:36:08 +02:00
56 строки
2.5 KiB
Plaintext
56 строки
2.5 KiB
Plaintext
2025
|
|
Devoxx - Authenticate and authorize users “your way” when they access your appl & platf - Alexander Schwartz 0:00 of 32:34
|
|
https://www.youtube.com/watch?v=SR59HPXyQSE
|
|
2024
|
|
Amplicode - Koslov - Spring Security and KC 0:00 of 39:15
|
|
https://www.youtube.com/watch?v=CYfzwTt755Q
|
|
2023
|
|
https://www.youtube.com/watch?v=vmEWywGzWbA
|
|
https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3
|
|
boot 3, secur 6
|
|
23:00
|
|
25:30
|
|
32:30 - jwt.io debugger
|
|
We can assign client roles to realm roles (composite:true)
|
|
realmroles->for-specific-role->menu-action->Add associated roles
|
|
now it is composite role
|
|
# jwt.io: .resource_access.myclient11.roles=client11_admin,client11_user
|
|
# https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3/blob/main/src/main/java/com/alibou/keycloak/JwtAuthConverter.java
|
|
# JwtGrantedAuthoritiesConverter -> SCOPE_, split(by space) "scope" attr of jwt
|
|
|
|
user can also be a composite
|
|
/realms/<relm-name>/well-known/openid-configuration
|
|
token_endpoint
|
|
grant_type: password
|
|
client_id: ...
|
|
username: ...
|
|
password: ...
|
|
-> refresh_token is also provided
|
|
token can be pasted to jwt.io
|
|
@PreAuthorize("hasRole('client_role')")
|
|
defaultRolePrefix="ROLE_" // !!!
|
|
SelskiyJavist - Keycloak 0:00 of 37:36
|
|
https://www.youtube.com/watch?v=vlu9FJkj6F0
|
|
2022
|
|
https://www.youtube.com/watch?v=rbKzR6QWKLI&list=PLSVW22jAG8pBnhAdq9S8BpLnZ0_jVBj0c&index=5
|
|
2021
|
|
Spilca - Software Architecture Fundamentals - Episode 16 - OAuth 2 and OpenID Connect 0:00 of 55:00
|
|
https://www.youtube.com/watch?v=j1yOkj2JzwM&list=PLEocw3gLFc8VYPSFuQfTbqsK-0q2wDCoR&index=17
|
|
/auth/realms/master/.well-known/openid-configuration
|
|
/auth/realms/master/protocol/openid-connect/certs
|
|
/auth/realms/master/protocol/openid-connect/token
|
|
curl -XPOST "http://localhost:8080/auth/realms/master/protocol/openid-connect/token" \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
--data-urlencode "grant_type=password" \
|
|
--data-urlencode "username=<usr> \
|
|
--data-urlencode "password=<pwd> \
|
|
--data-urlencode "scope=<scope>" \
|
|
--data-urlencode "client_id=<client-id>"
|
|
application.properties
|
|
jwkSetUri=.../certs
|
|
new JwkTokenStore(jwkSetUri) // obsolete
|
|
...JwtDecoder
|
|
Provider
|
|
Slurm - Keycloak Exp ru of 3:58:09
|
|
https://www.youtube.com/watch?v=Llvnq-n43k0
|