An embedded Keycloak application extends the class KeycloakApplication. (Names of classes from the Keycloak source used here are italicized for better reading) It can keep the KeycloakServerProperties with defaults. This embedded Keycloak application registers a set of users to begin with. For each user, it creates a KeycloakSession It persists the user and the session in a corresponding Keycloak user json file and defines an ExportImportConfig with this temporary file. An ExportImportManager is then instantiated with the session and used to run an import.
An embedded Keycloak application will do two things on instantiation. First – it will create a master realm admin user and Second it will import the Keycloak existing configuration file.
The creation of the master realm admin user is the same concept that every Keycloak application does. That’s why it just uses the existing ApplianceBootstrap class to create a master realm user in a transaction scope for which it uses the session’s transaction manager. The admin username and password is obtained from the KeycloakServerProperties which we had initialized with defaults in the beginning
The second step merely finds the configuration file to import the users. If the embedded application has registered users with configuration file, it is imported otherwise the default keycloak application file is imported.
The Keycloak embedded application needs to be hosted on an embedded web server. Jetty or tomcat could serve this purpose. A suitable servlet stack will be added to the bootstrap and its corresponding reactive stack will give access to connectors, server resources and the server itself. The Keycloak server properties is used to configure the application The Keycloak session destroyer listener is used to add a listener and the Keycloak session servlet filter is used to add a filter. Essentially, we instantiate a container with this servlet and this brings a lot of utilities as opposed to working natively with an http handler and the container exposes a way to treat it as an http handler.
A path handler will route the requests to this servlet. Together the http handler and the path handler are registered to create an instance of the jetty or the tomcat server. At this point the Keycloak web application has been started.
Now with this embedded web application, we can take the following steps. We can register a Keycloak client in the master realm and request an access token. The access token will be used to list the clients with the secure endpoint and a successful response should indicate that the token was used.
Optionally a role can be defined in the master realm and the embedded application can be used to validate the role. This is optional because it involves registering a user and mapping the role to the user.
An embedded Keycloak application will do two things on instantiation. First – it will create a master realm admin user and Second it will import the Keycloak existing configuration file.
The creation of the master realm admin user is the same concept that every Keycloak application does. That’s why it just uses the existing ApplianceBootstrap class to create a master realm user in a transaction scope for which it uses the session’s transaction manager. The admin username and password is obtained from the KeycloakServerProperties which we had initialized with defaults in the beginning
The second step merely finds the configuration file to import the users. If the embedded application has registered users with configuration file, it is imported otherwise the default keycloak application file is imported.
The Keycloak embedded application needs to be hosted on an embedded web server. Jetty or tomcat could serve this purpose. A suitable servlet stack will be added to the bootstrap and its corresponding reactive stack will give access to connectors, server resources and the server itself. The Keycloak server properties is used to configure the application The Keycloak session destroyer listener is used to add a listener and the Keycloak session servlet filter is used to add a filter. Essentially, we instantiate a container with this servlet and this brings a lot of utilities as opposed to working natively with an http handler and the container exposes a way to treat it as an http handler.
A path handler will route the requests to this servlet. Together the http handler and the path handler are registered to create an instance of the jetty or the tomcat server. At this point the Keycloak web application has been started.
Now with this embedded web application, we can take the following steps. We can register a Keycloak client in the master realm and request an access token. The access token will be used to list the clients with the secure endpoint and a successful response should indicate that the token was used.
Optionally a role can be defined in the master realm and the embedded application can be used to validate the role. This is optional because it involves registering a user and mapping the role to the user.
No comments:
Post a Comment