Introduction
Last updated
Was this helpful?
Last updated
Was this helpful?
The objective of this project is to provide a "simple" example to access a Java Microservice using the and .
We want to ...
... secure the Microservice with
... secure a specific REST Endpoint invocation of the Microservice with
... test the access to the Microservice with a test.
The Microservice runs on and uses . The example Microservice is called Authors and is from the open sourced .The example doesn't use a frontend UI for the Authentication. The JUnit test will authenticate with the Keycloak REST API.
Here is a 7 minutes about the setup of the example.
The Authors Microservice application supports a protected login with JWT and the specific REST call getAuthors is protected by a specific user role. The image below contains a simplified architecture overview of the example which runs on the local machine, here you see:
The JUnit test and Authors Microservice are running on a OpenLiberty server
The Authors Microservice is build with MicroProfile
The needed JWT Key is saved on the OpenLiberty server in the Authors Microservice using
The JUnit test requests a bearer token to access the Authors service
The major configuration information inside Keycloak
Note: In this example Keycloak server is available on localhost:8282 and Authors Microservice on OpenLiberty runs on localhost:3000.
A very simplified overview of the test execution to access Authors Microservice using Keycloak, OpenLiberty, MicroProfile and JWT , is shown in the sequence diagram below.
Start the JUnit test called Test_GetAuthors. The test invokes the private operation getToken.
Proceeding with the test by invoking the private operation getAuthorAuthorized.
Verifying the JWT by the Authors Microservice application, that will be done automatically,, by using the given RS256 signed Key for the JWT in our Microservice application on the OpenLiberty server. When the provided Key is validated, the JWT can be used to access the REST Endpoint of the Authors Microservice.
Now the Endpoint validates, does the JavaWebToken contain the right role to access the information?
Then the response data data will be compared with the expected value.
... run a local Keycloak Docker image
... import an existing realm configuration with:
Realm Keys
Client definition
Role and Group definition
Groups role mapping
... create a user and add him to the existing group with the role to add the Microservice
We need to ...
... configure the server.xml of OpenLiberty
... add login and security functionality to the AuthorsApplication class
... secure the REST Endpoint in the GetAuthorclass
We need to ...
... use the two-factor authentication to access the Authors Microservice
... use a REST a client to send the requests to the Authors Microservice and Keycloak
... verify Authors Microservice response in the JUnit test
This project has been created by using following technical environment:
Development environment:
Java project:
Request a bearer token from Keycloak using a REST Endpoint (). The request contains the needed Keycloak data for the authorization as parameters to get the bearer token.
That bearer token does contain the Java Web Token, which is protected with the RS256 (RSA Signature with SHA-256). RS256 is a signing algorithm.
Now the Authors REST Endpoint () is invoked using the bearer token we got from Keycloak, which contains the . The JWT does contain all needed information such as user, role and soon.
For the setup of we need ...
... add a
and
For the setup of the Java Microservice with and with the test, it's useful to understand the steps from the blog post .
version 2.3
: 10.15.5 OS Catalina
with the
: version 20.0.0.6
: version 9.0.2
: version 3.2
: version 1.1
: version 1.0
: version 5.6.0
: version 3.1
: version 3.1
: version 2.22.2
version 3.3.1
: version 1.8
