{"id":11330,"date":"2021-10-11T15:45:24","date_gmt":"2021-10-11T12:45:24","guid":{"rendered":"https:\/\/www.kampuskod.com\/?p=11330"},"modified":"2021-10-11T15:50:00","modified_gmt":"2021-10-11T12:50:00","slug":"keycloak-kullanarak-guvenli-java-spring-boot-rest-api-uygulamasi","status":"publish","type":"post","link":"https:\/\/www.kampuskod.com\/yazilim\/java\/keycloak-kullanarak-guvenli-java-spring-boot-rest-api-uygulamasi\/","title":{"rendered":"Keycloak Kullanarak G\u00fcvenli Java Spring Boot REST API Uygulamas\u0131"},"content":{"rendered":"

Herkese merhabalar, bu yaz\u0131m\u0131zda Keycloak’u Docker \u00fczerinde kurup, Spring Boot-Keycloak entegrasyonunu yap\u0131p, olu\u015fturdu\u011fumuz REST API \u00fczerinde url iste\u011fi yaparak Keycloak login sayfas\u0131ndan giri\u015f yap\u0131p kullan\u0131c\u0131 bilgilerine eri\u015fiyor olaca\u011f\u0131z. \u0130lk olarak Keycloak Nedir diyerek ba\u015flayal\u0131m.<\/p>\n

Keycloak Nedir?<\/h2>\n

Keycloak, a\u00e7\u0131k kaynakl\u0131 bir kimlik ve eri\u015fim y\u00f6netimi \u00e7\u00f6z\u00fcm\u00fcd\u00fcr. Daha fazla bilgi i\u00e7in keycloak web sitesini<\/a> ziyaret edebilirsiniz.<\/p>\n

Keycloak Docker kurulumu<\/h2>\n

Terminali a\u00e7\u0131n ve a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131n.<\/p>\n

docker run -p 8085:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io\/keycloak\/keycloak:15.0.2\r\n<\/pre>\n
Keycloak Konfig\u00fcrasyonu<\/h2>\n
1- Keycloak admin paneline http:\/\/localhost:8085\/ adresinden eri\u015finiz. Administration console t\u0131klayarak admin olarak giri\u015f yap\u0131n\u0131z.<\/p>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
2- demo isminde yeni bir realm olu\u015fturun.<\/p>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
 <\/p>\n
3- \u015eimdiyse demo-app isminde yeni bir client olu\u015fturaca\u011f\u0131z. Access type olarak public, Valid Redirect URI olarakta * veriniz. Ve ayarlar\u0131 kaydediniz.<\/p>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
4- Kullan\u0131c\u0131 olu\u015ftural\u0131m.<\/p>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
\"Keycloak
Keycloak Ayarlar\u0131<\/figcaption><\/figure>\n
Keycloak ayarlar\u0131m\u0131z\u0131 tamamlad\u0131k. \u015eimdiyse Spring Boot projesi k\u0131sm\u0131na ge\u00e7elim.<\/p>\n
Spring Boot Projesi Olu\u015ftural\u0131m<\/h2>\n
1- IntelliJ IDEA \u00fczerinden New Project diyerek a\u00e7\u0131lan pencereden Spring Initializr tab\u0131n\u0131 se\u00e7elim ve projemizi SpringBootKeycloak<\/strong> \u015feklinde isimlendirelim.<\/p>\n
\"IntelliJ
IntelliJ IDEA Spring Initializr Keycloak<\/figcaption><\/figure>\n
2- Spring Web ve Spring Security ba\u011f\u0131ml\u0131l\u0131klar\u0131n\u0131 projemize dahil edelim.<\/p>\n
\"IntelliJ
IntelliJ IDEA Spring Initializr Keycloak<\/figcaption><\/figure>\n
3- Pom.xml’e a\u015fa\u011f\u0131daki kodlar\u0131 ekleyelim.<\/p>\n
<dependencies>\r\n    <dependency>\r\n        <groupId>org.keycloak<\/groupId>\r\n        <artifactId>keycloak-spring-boot-starter<\/artifactId>\r\n        <version>15.0.2<\/version>\r\n    <\/dependency>\r\n<\/dependencies>\r\n\r\n<dependencyManagement>\r\n    <dependencies>\r\n        <dependency>\r\n            <groupId>org.keycloak.bom<\/groupId>\r\n            <artifactId>keycloak-adapter-bom<\/artifactId>\r\n            <version>15.0.2<\/version>\r\n            <type>pom<\/type>\r\n            <scope>import<\/scope>\r\n        <\/dependency>\r\n    <\/dependencies>\r\n<\/dependencyManagement><\/pre>\n
Pom.xml’in son hali a\u015fa\u011f\u0131daki gibi olmal\u0131d\u0131r:<\/p>\n
<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<project xmlns=\"http:\/\/maven.apache.org\/POM\/4.0.0\" xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"\r\n         xsi:schemaLocation=\"http:\/\/maven.apache.org\/POM\/4.0.0 https:\/\/maven.apache.org\/xsd\/maven-4.0.0.xsd\">\r\n    <modelVersion>4.0.0<\/modelVersion>\r\n    <parent>\r\n        <groupId>org.springframework.boot<\/groupId>\r\n        <artifactId>spring-boot-starter-parent<\/artifactId>\r\n        <version>2.5.5<\/version>\r\n        <relativePath\/> <!-- lookup parent from repository -->\r\n    <\/parent>\r\n    <groupId>com.example<\/groupId>\r\n    <artifactId>SpringBootKeycloak<\/artifactId>\r\n    <version>0.0.1-SNAPSHOT<\/version>\r\n    <name>SpringBootKeycloak<\/name>\r\n    <description>SpringBootKeycloak<\/description>\r\n    <properties>\r\n        <java.version>11<\/java.version>\r\n    <\/properties>\r\n    <dependencies>\r\n        <dependency>\r\n            <groupId>org.keycloak<\/groupId>\r\n            <artifactId>keycloak-spring-boot-starter<\/artifactId>\r\n            <version>15.0.2<\/version>\r\n        <\/dependency>\r\n        <dependency>\r\n            <groupId>org.springframework.boot<\/groupId>\r\n            <artifactId>spring-boot-starter-security<\/artifactId>\r\n        <\/dependency>\r\n        <dependency>\r\n            <groupId>org.springframework.boot<\/groupId>\r\n            <artifactId>spring-boot-starter-web<\/artifactId>\r\n        <\/dependency>\r\n\r\n        <dependency>\r\n            <groupId>org.springframework.boot<\/groupId>\r\n            <artifactId>spring-boot-starter-test<\/artifactId>\r\n            <scope>test<\/scope>\r\n        <\/dependency>\r\n        <dependency>\r\n            <groupId>org.springframework.security<\/groupId>\r\n            <artifactId>spring-security-test<\/artifactId>\r\n            <scope>test<\/scope>\r\n        <\/dependency>\r\n    <\/dependencies>\r\n\r\n    <dependencyManagement>\r\n        <dependencies>\r\n            <dependency>\r\n                <groupId>org.keycloak.bom<\/groupId>\r\n                <artifactId>keycloak-adapter-bom<\/artifactId>\r\n                <version>15.0.2<\/version>\r\n                <type>pom<\/type>\r\n                <scope>import<\/scope>\r\n            <\/dependency>\r\n        <\/dependencies>\r\n    <\/dependencyManagement>\r\n\r\n    <build>\r\n        <plugins>\r\n            <plugin>\r\n                <groupId>org.springframework.boot<\/groupId>\r\n                <artifactId>spring-boot-maven-plugin<\/artifactId>\r\n            <\/plugin>\r\n        <\/plugins>\r\n    <\/build>\r\n\r\n<\/project>\r\n<\/pre>\n
 <\/p>\n
5- Son olarak application.properties dosyas\u0131na a\u015fa\u011f\u0131daki parametreleri ekleyelim.<\/p>\n
keycloak.auth-server-url=http:\/\/localhost:8085\/auth\r\nkeycloak.realm=demo\r\nkeycloak.resource=demo-app\r\nkeycloak.public-client=true<\/pre>\n
keycloak.auth-server-url -> Keycloak url adresi<\/p>\n
keycloak.realm -> Olu\u015fturdu\u011fumuz Realm ad\u0131<\/p>\n
keycloak.resource -> Olu\u015fturdu\u011fumuz client ID<\/p>\n
keycloak.public-client -> Olu\u015fturdu\u011fumuz client Public oldu\u011fu i\u00e7in bunu true olarak belirledik. Bu k\u0131s\u0131m client’\u0131n access type alan\u0131na g\u00f6re de\u011fi\u015ftirilebilir. Biz demo uygulama yapt\u0131\u011f\u0131m\u0131z i\u00e7in \u015fimdilik public.<\/p>\n
6- GloabalSecurityConfiguration ad\u0131nda bir s\u0131n\u0131f olu\u015ftural\u0131m ve KeycloakWebSecurityConfigurerAdapter s\u0131n\u0131f\u0131n\u0131 extend edelim.<\/p>\n
package com.example.springbootkeycloak;\r\n\r\nimport org.keycloak.adapters.KeycloakConfigResolver;\r\nimport org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;\r\nimport org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;\r\nimport org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;\r\nimport org.springframework.beans.factory.annotation.Autowired;\r\nimport org.springframework.context.annotation.Bean;\r\nimport org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\r\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\r\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\r\nimport org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;\r\nimport org.springframework.security.core.session.SessionRegistryImpl;\r\nimport org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;\r\nimport org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;\r\n\r\n@EnableWebSecurity\r\npublic class GloabalSecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {\r\n\r\n    @Bean\r\n    @Override\r\n    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {\r\n        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());\r\n    }\r\n\r\n    @Bean\r\n    public KeycloakConfigResolver KeycloakConfigResolver() {\r\n        return new KeycloakSpringBootConfigResolver();\r\n    }\r\n\r\n    @Override\r\n    protected void configure(HttpSecurity http) throws Exception {\r\n        super.configure(http);\r\n        http.authorizeRequests()\r\n                .antMatchers(\"\/\").permitAll()\r\n                .anyRequest().authenticated();\r\n    }\r\n\r\n    @Autowired\r\n    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {\r\n        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();\r\n        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());\r\n        auth.authenticationProvider(keycloakAuthenticationProvider);\r\n    }\r\n}\r\n<\/pre>\n
 <\/p>\n
7- Son olarak REST endpointi tan\u0131mlayal\u0131m. hello adresine bir istek gitti\u011finde kullan\u0131c\u0131 login sayfas\u0131na y\u00f6nlenecek ve logout sayfas\u0131na gidildi\u011finde olu\u015fturulan oturum silinecek ve tekrardan login sayfas\u0131na y\u00f6nlenmi\u015f olacak. getName() metodu ile kullan\u0131c\u0131 giri\u015f yapt\u0131ktan sonra ismini ekrana basm\u0131\u015f olduk.<\/p>\n
package com.example.springbootkeycloak;\r\n\r\nimport org.keycloak.KeycloakPrincipal;\r\nimport org.keycloak.KeycloakSecurityContext;\r\nimport org.keycloak.representations.AccessToken;\r\nimport org.springframework.http.HttpStatus;\r\nimport org.springframework.http.ResponseEntity;\r\nimport org.springframework.security.core.Authentication;\r\nimport org.springframework.web.bind.annotation.GetMapping;\r\nimport org.springframework.web.bind.annotation.RestController;\r\n\r\nimport javax.servlet.ServletException;\r\nimport javax.servlet.http.HttpServletRequest;\r\nimport javax.servlet.http.HttpServletResponse;\r\n\r\n\r\n@RestController\r\npublic class HelloController {\r\n\r\n\r\n    @GetMapping(\"\/hello\")\r\n    public ResponseEntity<String> hello(Authentication authentication){\r\n\r\n        if (authentication.getPrincipal() instanceof KeycloakPrincipal) {\r\n            KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>) authentication.getPrincipal();\r\n            AccessToken token = kp.getKeycloakSecurityContext().getToken();\r\n            final String body = \"Hi,  \" + token.getName();\r\n            return ResponseEntity.ok(body);\r\n        }\r\n        return new ResponseEntity<>(\"Unauthorized\", HttpStatus.UNAUTHORIZED);\r\n    }\r\n\r\n    @GetMapping(path = \"\/logout\")\r\n    public void logout(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException {\r\n        request.logout();\r\n        httpServletResponse.setHeader(\"Location\", \"\/hello\");\r\n        httpServletResponse.setStatus(302);\r\n    }\r\n}\r\n<\/pre>\n
 <\/p>\n
T\u00fcm a\u015famalar\u0131 tamamlam\u0131\u015f olduk. \u015eimdiyse test edelim.<\/p>\n
Uygulama Testi<\/h2>\n
Spring projemizi run edelim ve http:\/\/localhost:8080\/hello\/ adresine istek atal\u0131m. Kar\u015f\u0131m\u0131za login sayfas\u0131 gelecek. Olu\u015fturdu\u011fumuz kullan\u0131c\u0131 ile login olal\u0131m. Giri\u015f yapt\u0131ktan sonra http:\/\/localhost:8080\/logout adresine giderek \u00e7\u0131k\u0131\u015f yapabilirsiniz.<\/p>\n
\"Keycloak
Keycloak Spring Boot Login<\/figcaption><\/figure>\n
\"Keycloak
Keycloak Spring Boot Login<\/figcaption><\/figure>\n
Postman \u00fczerinden de test edebilirsiniz:<\/strong><\/h5>\n
http:\/\/localhost:8085\/auth\/realms\/demo\/protocol\/openid-connect\/token adresine istek atarken body k\u0131sm\u0131ndan x-www-form-urlencoded se\u00e7erek client_id, grant_type, username, password alanlar\u0131 g\u00f6nderiniz.<\/p>\n
\"Keycloak
Keycloak Spring Boot Postman Test<\/figcaption><\/figure>\n
\u00dcretilen access_token JWT token olarak \u00fcretilmi\u015ftir. https:\/\/jwt.io\/<\/a> adresine bu access token’\u0131 yap\u0131\u015ft\u0131rarak token i\u00e7erisindeki bilgilere eri\u015febilirsiniz.<\/p>\n
\"Keycloak
Keycloak Spring Boot JWT.IO Data Test<\/figcaption><\/figure>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Herkese merhabalar, bu yaz\u0131m\u0131zda Keycloak’u Docker \u00fczerinde kurup, Spring Boot-Keycloak entegrasyonunu yap\u0131p, olu\u015fturdu\u011fumuz REST API \u00fczerinde url iste\u011fi yaparak Keycloak login sayfas\u0131ndan giri\u015f yap\u0131p kullan\u0131c\u0131 bilgilerine eri\u015fiyor olaca\u011f\u0131z. \u0130lk olarak Keycloak Nedir diyerek ba\u015flayal\u0131m. Keycloak Nedir? Keycloak, a\u00e7\u0131k kaynakl\u0131 bir kimlik ve eri\u015fim y\u00f6netimi \u00e7\u00f6z\u00fcm\u00fcd\u00fcr. Daha fazla bilgi i\u00e7in keycloak web sitesini ziyaret edebilirsiniz. Keycloak […]<\/p>\n","protected":false},"author":4,"featured_media":11350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":""},"categories":[3414],"tags":[],"_links":{"self":[{"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/posts\/11330"}],"collection":[{"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/comments?post=11330"}],"version-history":[{"count":7,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/posts\/11330\/revisions"}],"predecessor-version":[{"id":11353,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/posts\/11330\/revisions\/11353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/media\/11350"}],"wp:attachment":[{"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/media?parent=11330"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/categories?post=11330"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kampuskod.com\/wp-json\/wp\/v2\/tags?post=11330"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}