1. Add dependencies, such as adding in the pom.xml file
<dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-servlet-filter-adapter</artifactId> <version>3.4.3.Final</version> </dependency>
2. Configure the keycloak filter in the web.xml file. Note: put the keycloak filter before other filters.
<filter>
<filter-name>Keycloak Filter</filter-name>
<filter-class>org.keycloak.adapters.servlet.KeycloakOIDCFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3. Create a new transit filter. This filter needs to be placed after the keycloak filter and before other filters. It is responsible for parsing the keycloak security context information (user information, role information, etc.) and constructing the business's own security context.
Transit filter code example
public class TestFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
RefreshableKeycloakSecurityContext context
= (RefreshableKeycloakSecurityContext)request.getAttribute("org.keycloak.KeycloakSecurityContext");
//or
//= (RefreshableKeycloakSecurityContext)request.getSession().getAttribute("org.keycloak.KeycloakSecurityContext");
AccessToken token = context.getToken();
String sub = token.getSubject();//User internal code
System.out.println(sub);
String loginName = token.getPreferredUsername();//Login account
System.out.println(loginName);
//Realm role list
Access access = token.getRealmAccess();
Set<String> roles = access.getRoles();
System.out.println(roles);
//client role list
//Map<clientId,roleList>
Map<String, Access> ma = token.getResourceAccess();
for (String key : ma.keySet()) {
System.out.println(key);//clientID
//List of roles that the current user has in the key client
System.out.println (ma.get (key) .getRoles ());
}
//Build the business application's own security context
request.getSession().setAttribute("loginName", loginName);
// request to continue delivery
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
@Override
public void destroy() {
}
}
4. Configure the transit filter in the web.xml of the business application. Note that the filter needs to be placed after the keycloak filter and before other filters.
<filter>
<filter-name>testFilter</filter-name>
<filter-class>com.TestFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>testFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
5. Create clients, users and roles for business applications in keycloak
6. Use keycloak to generate the client's keycloak.json.
7. Put the generated keycloak.json file in the WEB-INF directory of the business application.
8. Restart the application and access the business application, and it will automatically turn to the login page of keycloak. After the login is successful, it will jump back to the initial access address of the business application.
9. Completion.
For more content reference:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_servlet_filter_adapter