Level: Beginner Technologies: JavaEE Summary: JAX-RS Service Target Product: Keycloak, WildFly Source: https://github.com/keycloak/keycloak-quickstarts
The service-jee-jaxrs
quickstart demonstrates how to write a RESTful service with JAX-RS that is secured with Keycloak.
There are 3 endpoints exposed by the service:
public
- requires no authenticationsecured
- can be invoked by users with theuser
roleadmin
- can be invoked by users with theadmin
role
The endpoints are very simple and will only return a simple message stating what endpoint was invoked.
You need to have WildFly 10 running.
All you need to build this project is Java 8.0 (Java SDK 1.8) or later and Maven 3.1.1 or later.
Prior to running the quickstart you need to create a client in Keycloak and download the installation file.
The following steps shows how to create the client required for this quickstart:
- Open the Keycloak admin console
- Select
Clients
from the menu - Click
Create
- Add the following values:
- Client ID: You choose (for example
service-jaxrs
) - Client Protocol:
openid-connect
- Client ID: You choose (for example
- Click
Save
Once saved you need to change the Access Type
to bearer-only
and click save.
Finally you need to configure the adapter, this is done by retrieving the adapter configuration file:
- Click on
Installation
in the tab for the client you created - Select
Keycloak OIDC JSON
- Click
Download
- Move the file
keycloak.json
to theconfig/
directory in the root of the quickstart
You may also want to enable CORS for the service if you want to allow invocations from HTML5 applications deployed to a
different host. To do this edit keycloak.json
and add:
{
...
"enable-cors": true
}
-
Open a terminal and navigate to the root directory of this quickstart.
-
The following shows the command to deploy the quickstart:
mvn clean wildfly:deploy
If you prefer to secure WARs via Keycloak subsystem:
mvn install -Dsubsystem wildfly:deploy
The endpoints for the service are:
- public - http://localhost:8080/service/public
- secured - http://localhost:8080/service/secured
- admin - http://localhost:8080/service/admin
You can open the public endpoint directly in the browser to test the service. The two other endpoints require invoking with a bearer token. To invoke these endpoints use one of the example quickstarts:
- app-jee-html5 - HTML5 application that invokes the example service. Requires service example to be deployed.
- app-jee-jsp - JSP application packaged that invokes the example service. Requires service example to be deployed.
- Make sure you have an Keycloak server running with an admin user in the
master
realm or use the provided docker image - Be sure to set the
TestHelper.keycloakBaseUrl
in thecreateArchive
method. - Run
mvn clean install -Pwildfly-managed
-
Open a terminal and navigate to the root directory of this quickstart.
-
The following shows the command to undeploy the quickstart:
mvn install wildfly:undeploy