Integration of Keycloak and Dropwizard
About
Summary
This project shows how JBoss Keycloak and Dropwizard can be used together.
To read this tutorial fully rendered, please visit: https://ahus1.github.io/keycloak-dropwizard-integration/tutorial.html.
JBoss Keycloak provides a standalone OAuth 2.0 and Open ID Connect server. It handles user credentials for your application, so you can focus on business requirements.
Dropwizard is a Java framework for developing ops-friendly, high-performance, RESTful web services.
TL;DR: The module keycloak-dropwizard-jaxrs-example shows how to use Dropwizard’s @Auth
annotation with Keycloak using a full OAuth flow. If you have i.e. a JavaScript-Client and want to send only JWT Tokens, go directly to keycloak-dropwizard-bearermodule
At the time I write this there is no open source integration of the two, so I set up this project. See https://github.com/ahus1/keycloak-dropwizard-integration for the latest version.
How to use
The module keycloak-dropwizard-jaxrs
is a ready-to-use Dropwizard module. The releases are available from Maven central.
The releases depend on a version of Dropwizard and Keycloak that was current at release time. To use a more recent release, please add them as an explicit dependency to your project, as this project will not release new versions on every minor or patch release of its dependencies.
-
Version 0.7.x is tested with Keycloak 1.9.x and Dropwizard 0.9.x
-
Version 0.8.x is tested with Keycloak 2.x.x and Dropwizard 0.9.x
-
Version 0.9.x is tested with Keycloak 2.x.x/3.x.x and Dropwizard 1.0.x
-
Version 1.0.x is tested with Keycloak 3.x.x and Dropwizard 1.1.x/1.2.x/1.3.x
-
Version 1.1.x is tested with Keycloak 4.x-12.x and Dropwizard 1.3.x/2.0.x
Warning
|
Starting with Dropwizard 2.0 and the included version of Jersey, a login performed during a POST for a form will not recover the contents of the POST. This is wired into Keycloak’s JettyAdapterSessionStore (that restores the content type and the parameters to the request), but Jersey’s InboundMessageContext that wants to read the information the request’s header and the body. See the shouldLoginFromPost() test case for an example. |
<dependencies>
<dependency>
<groupId>de.ahus1.keycloak.dropwizard</groupId>
<artifactId>keycloak-dropwizard</artifactId>
<version>x.x.x</version>
</dependency>
</dependencies>
The most recent development version (based on the master branch on GitHub) is available from the Sonatype OSS Snapshot Repository. To use it, include the following repository in your pom.xml.
<repositories>
<repository>
<id>snapshots-repo</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases><enabled>false</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
Prerequisites
These examples need a local JBoss Keycloak instance with Realm test
and user demo
with password demo
.
Please download the Keycloak distribution matching your keycloak-dropwizard-integration version from http://keycloak.org and extract it to a subfolder keycloak-server
of this directory. Then call keycloak-server.bat
to import an already configured realm. Using this startup file the configuration will be reset every time you start Keycloak.
Parts
This example will guide you through setting up JBoss Keycloak in several configurations:
-
Simple Integration Servlet style for Dropwizard
see module keycloak-dropwizard-jetty. -
Advanced Integration Dropwizard style
see module keycloak-dropwizard-jaxrs and module keycloak-dropwizard-example. -
Bearer-Only REST services for Dropwizard
see module keycloak-dropwizard-bearer.
For completeness and as a very simple getting started a standard Servlet configuration is also included (without and with Keycloak):
-
Simple Servlet
see module simple-war. -
Servlet with Keycloak
see module keycloak-war.
License
Copyright 2015-2021 Alexander Schwartz and the individual contributors.
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.