JAAS (Java Authentication and Authorization Services)

Simple example how to setup the JAAS KEYCLOAK adapter. The adapter uses Direct Access Grants method to gain access token from keycloak.

The application will validate (hardcoded) username and password against keycloak (or local debug LoginModule). And check if role exists.

In this example user and password are send in http to keycloak, a https url should be used to make it secure.

Keycloak docker

For testing, the easiest way is to setup a keycloak docker container

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:12.0.1

Setup keycloak for demo application

• Open 'http://localhost:8080'

• Login on administration console with username 'admin' and password 'admin'

  

• Add realm 'realm_demo'

  

• Add client 'keycloak-demo-client'

  

• Configure client with access type confidential and direct access grants enabled.

  

• The client secret can now be found on tab credentials

  

• Add the role 'example_role_read' to the client

  

• Add user 'testuser'

  

• Set password "testpassword' (as defined in LoginCallbackHandler.java)

  

  Important Temporary password must be off.

• Add role ''example_role_read' to client

  

  

• Make sure 'keycloak.json' matches the values as set above

  

https://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/jaas.adoc

https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/java-adapter-config.adoc