keycloak-aplcache
Changes
authz/client/src/main/java/org/keycloak/authorization/client/util/HttpResponseException.java 3(+2 -1)
examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java 6(+3 -3)
examples/authz/photoz/README.md 18(+8 -10)
examples/authz/servlet-authz/README.md 24(+14 -10)
Details
diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpMethod.java b/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpMethod.java
index a693263..be83987 100644
--- a/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpMethod.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpMethod.java
@@ -89,7 +89,7 @@ public class HttpMethod<R> {
int statusCode = statusLine.getStatusCode();
if (statusCode < 200 || statusCode >= 300) {
- throw new HttpResponseException(statusCode, statusLine.getReasonPhrase(), bytes);
+ throw new HttpResponseException("Unexpected response from server: " + statusCode + " / " + statusLine.getReasonPhrase(), statusCode, statusLine.getReasonPhrase(), bytes);
}
if (bytes == null) {
diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpResponseException.java b/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpResponseException.java
index 9b783e7..3531f40 100644
--- a/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpResponseException.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpResponseException.java
@@ -26,7 +26,8 @@ public class HttpResponseException extends RuntimeException {
private final String reasonPhrase;
private final byte[] bytes;
- public HttpResponseException(int statusCode, String reasonPhrase, byte[] bytes) {
+ public HttpResponseException(String message, int statusCode, String reasonPhrase, byte[] bytes) {
+ super(message);
this.statusCode = statusCode;
this.reasonPhrase = reasonPhrase;
this.bytes = bytes;
diff --git a/examples/authz/hello-world/hello-world-authz-realm.json b/examples/authz/hello-world/hello-world-authz-realm.json
index a263c69..3ab917c 100644
--- a/examples/authz/hello-world/hello-world-authz-realm.json
+++ b/examples/authz/hello-world/hello-world-authz-realm.json
@@ -12,16 +12,18 @@
"enabled" : true,
"credentials" : [ {
"type" : "password",
- "value" : "password"
- } ]
+ "value" : "alice"
+ } ],
+ "realmRoles" : ["uma_authorization"]
},
{
"username" : "jdoe",
"enabled" : true,
"credentials" : [ {
"type" : "password",
- "value" : "password"
- } ]
+ "value" : "jdoe"
+ } ],
+ "realmRoles" : ["uma_authorization"]
},
{
"username" : "service-account-hello-world-authz-service",
@@ -38,7 +40,9 @@
"secret" : "secret",
"authorizationServicesEnabled" : true,
"enabled" : true,
- "redirectUris" : [ "http://localhost:8080/hello-world-authz-service" ],
+ "redirectUris" : [ "http://localhost:8080/hello-world-authz-service/*" ],
+ "baseUrl": "http://localhost:8080/hello-world-authz-service",
+ "adminUrl": "http://localhost:8080/hello-world-authz-service",
"directAccessGrantsEnabled" : true
}
]
diff --git a/examples/authz/hello-world/hello-world-authz-service.json b/examples/authz/hello-world/hello-world-authz-service.json
index 24bd27f..ea56e62 100644
--- a/examples/authz/hello-world/hello-world-authz-service.json
+++ b/examples/authz/hello-world/hello-world-authz-service.json
@@ -1,24 +1,29 @@
{
"resources": [
{
- "name": "Hello World Resource"
+ "name": "Default Resource",
+ "uri": "/*",
+ "type": "urn:hello-world-authz-service:resources:default"
}
],
"policies": [
{
- "name": "Only Special Users Policy",
- "type": "user",
- "logic": "POSITIVE",
+ "name": "Only From Realm Policy",
+ "description": "A policy that grants access only for users within this realm",
+ "type": "js",
"config": {
- "users": "[\"alice\"]"
+ "applyPolicies": "[]",
+ "code": "var context = $evaluation.getContext();\n\n// using attributes from the evaluation context to obtain the realm\nvar contextAttributes = context.getAttributes();\nvar realmName = contextAttributes.getValue('kc.realm.name').asString(0);\n\n// using attributes from the identity to obtain the issuer\nvar identity = context.getIdentity();\nvar identityAttributes = identity.getAttributes();\nvar issuer = identityAttributes.getValue('iss').asString(0);\n\n// only users from the realm have access granted \nif (issuer.endsWith(realmName)) {\n $evaluation.grant();\n}"
}
},
{
- "name": "Hello World Resource Permission",
+ "name": "Default Permission",
+ "description": "A permission that applies to the default resource type",
"type": "resource",
"config": {
- "resources": "[\"Hello World Resource\"]",
- "applyPolicies": "[\"Only Special Users Policy\"]"
+ "defaultResourceType": "urn:hello-world-authz-service:resources:default",
+ "default": "true",
+ "applyPolicies": "[\"Only From Realm Policy\"]"
}
}
]
diff --git a/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java b/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java
index 75ee0d3..2ab8788 100644
--- a/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java
+++ b/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java
@@ -49,7 +49,7 @@ public class AuthorizationClientExample {
// query the server for a resource with a given name
Set<String> resourceId = authzClient.protection()
.resource()
- .findByFilter("name=Hello World Resource");
+ .findByFilter("name=Default Resource");
// obtian a Entitlement API Token in order to get access to the Entitlement API.
// this token is just an access token issued to a client on behalf of an user with a scope kc_entitlement
@@ -119,7 +119,7 @@ public class AuthorizationClientExample {
EntitlementRequest request = new EntitlementRequest();
PermissionRequest permission = new PermissionRequest();
- permission.setResourceSetName("Hello World Resource");
+ permission.setResourceSetName("Default Resource");
request.addPermission(permission);
@@ -157,6 +157,6 @@ public class AuthorizationClientExample {
* @return a string representing a EAT
*/
private static String getEntitlementAPIToken(AuthzClient authzClient) {
- return authzClient.obtainAccessToken("alice", "password").getToken();
+ return authzClient.obtainAccessToken("alice", "alice").getToken();
}
}
diff --git a/examples/authz/hello-world-authz-service/hello-world-authz-realm.json b/examples/authz/hello-world-authz-service/hello-world-authz-realm.json
new file mode 100644
index 0000000..3ab917c
--- /dev/null
+++ b/examples/authz/hello-world-authz-service/hello-world-authz-realm.json
@@ -0,0 +1,49 @@
+{
+ "realm" : "hello-world-authz",
+ "enabled" : true,
+ "privateKey" : "MIIEpQIBAAKCAQEAzMhNM9HXNQWhVf1m64zS67SIyQjj+tV5GR+MqlRTWDXdo8GAWHd+alY1urRhfRoqMy4F499+8wh2REKFykNt0ng6s6wWnEaKDboS3SAUV6lybcOAkwIOCtCZj1ItddKG3m64fzxDDQrcpkbiAvw3S8KJ4UJK+pyh9iX01duSDtM/HhPawsPdY8JSMfuo1IxQ2Vxw+8RKwbbdUeew6cyYGYAeFYwA66mlM3otB0RBHh4bjwg8297+2g53TdwM2rbCHRbrorMQD3031OTyFSp7lXCtoMLWRfAFnOP/2yZWZMXbiJheC0R3sLbU7Ef0/cUbYyk4Ckfq6pcYDR+VZBF7AwIDAQABAoIBAAwa4wVnKBOIS6srmYPfBTDNsTBBCEjxiYEErmn7JhoWxQ1DCPUxyxU6F177/q9Idqoj1FFOCtEO9P6/9+ym470HQmEQkR2Xxd1d3HOZy9oKuCro3ZbTDkVxY0JnlyxZz4MihGFxDH2e4MArfHy0sAgYbdIU+x2pWKGWSMzDd/TMSOExhc/sIQAg6ljbPCLLXCPQFAncoHRyGPrkRZs6UTZi5SJuCglVa2/3G+0drDdPuA83/mwsZfIBqQgbGbFgtq5T5C6CKMkPOQ42Rcclm7kEr6riTkJRo23EO1iOJVpxzI0tbxZsJAsW7zeqv0wWRyUgVfQAje6OdsNexp5aCtECgYEA6nMHCQ9xXvufCyzpIbYGxdAGqH6m1AR5gXerHqRiGNx+8UUt/E9cy/HTOhmZDK/eC4BT9tImeF01l1oSU/+wGKfux0SeAQchBhhq8GD6jmrtgczKAfZHp0Zrht7o9qu9KE7ZNWRmY1foJN9yNYmzY6qqHEy+zNo9amcqT7UZKO8CgYEA35sp9fMpMqkJE+NEJ9Ph/t2081BEkC0DYIuETZRSi+Ek5AliWTyEkg+oisTbWzi6fMQHS7W+M1SQP6djksLQNPP+353DKgup5gtKS+K/y2xNd7fSsNmkjW1bdJJpID7WzwwmwdahHxpcnFFuEXi5FkG3Vqmtd3cD0TYL33JlRy0CgYEA0+a3eybsDy9Zpp4m8IM3R98nxW8DlimdMLlafs2QpGvWiHdAgwWwF90wTxkHzgG+raKFQVbb0npcj7mnSyiUnxRZqt2H+eHZpUq4jR76F3LpzCGui2tvg+8QDMy4vwqmYyIxDCL8r9mqRnl3HpChBPoh2oY7BahTTjKEeZpzbR0CgYEAoNnVjX+mGzNNvGi4Fo5s/BIwoPcU20IGM+Uo/0W7O7Rx/Thi7x6BnzB0ZZ7GzRA51paNSQEsGXCzc5bOIjzR2cXLisDKK+zIAxwMDhrHLWZzM7OgdGeb38DTEUBhLzkE/VwYZUgoD1+/TxOkwhy9yCzt3gGhL1cF//GJCOwZvuECgYEAgsO4rdYScgCpsyePnHsFk+YtqtdORnmttF3JFcL3w2QneXuRwg2uW2Kfz8CVphrR9eOU0tiw38w6QTHIVeyRY8qqlHtiXj6dEYz7frh/k4hI29HwFx43rRpnAnN8kBEJYBYdbjaQ35Wsqkfu1tvHJ+6fxSwvQu/TVdGp0OfilAY=",
+ "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMhNM9HXNQWhVf1m64zS67SIyQjj+tV5GR+MqlRTWDXdo8GAWHd+alY1urRhfRoqMy4F499+8wh2REKFykNt0ng6s6wWnEaKDboS3SAUV6lybcOAkwIOCtCZj1ItddKG3m64fzxDDQrcpkbiAvw3S8KJ4UJK+pyh9iX01duSDtM/HhPawsPdY8JSMfuo1IxQ2Vxw+8RKwbbdUeew6cyYGYAeFYwA66mlM3otB0RBHh4bjwg8297+2g53TdwM2rbCHRbrorMQD3031OTyFSp7lXCtoMLWRfAFnOP/2yZWZMXbiJheC0R3sLbU7Ef0/cUbYyk4Ckfq6pcYDR+VZBF7AwIDAQAB",
+ "certificate" : "MIICsTCCAZkCBgFVETX4AzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFIZWxsbyBXb3JsZCBBdXRoWjAeFw0xNjA2MDIxMzAxMzdaFw0yNjA2MDIxMzAzMTdaMBwxGjAYBgNVBAMMEUhlbGxvIFdvcmxkIEF1dGhaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMhNM9HXNQWhVf1m64zS67SIyQjj+tV5GR+MqlRTWDXdo8GAWHd+alY1urRhfRoqMy4F499+8wh2REKFykNt0ng6s6wWnEaKDboS3SAUV6lybcOAkwIOCtCZj1ItddKG3m64fzxDDQrcpkbiAvw3S8KJ4UJK+pyh9iX01duSDtM/HhPawsPdY8JSMfuo1IxQ2Vxw+8RKwbbdUeew6cyYGYAeFYwA66mlM3otB0RBHh4bjwg8297+2g53TdwM2rbCHRbrorMQD3031OTyFSp7lXCtoMLWRfAFnOP/2yZWZMXbiJheC0R3sLbU7Ef0/cUbYyk4Ckfq6pcYDR+VZBF7AwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQANm5gIT/c50lwjawM686gNXpppLA928WsCOn9NIIWjSKekP8Bf9S73kf7vWcsEppm5B8rRyRxolXmzwghv74L7uVDg8Injjgj+XbPVQP+cJqWpSaMZHF7UfWe0/4M945Xcbmsl5q+m9PmrPG0AaaZhqXHcp4ehB1H+awyRqiERpJUuwZNycw2+2kjDADpsFf8hZVUd1F6ReYyOkqUyUjbL+jYTC7ZBNa7Ok+w6HCXWgkgVATAgQXJRM3w14IOc5MH/vfMCrCl/eNQLbjGl9y7u8PKwh3MXHDO2OLqtg6hOTSrOGUPJZGmGtUAl+2/R7FzoWkML/BNe2hjsL6UJwg91",
+ "requiredCredentials" : [ "password" ],
+ "users" :
+ [
+ {
+ "username" : "alice",
+ "enabled" : true,
+ "credentials" : [ {
+ "type" : "password",
+ "value" : "alice"
+ } ],
+ "realmRoles" : ["uma_authorization"]
+ },
+ {
+ "username" : "jdoe",
+ "enabled" : true,
+ "credentials" : [ {
+ "type" : "password",
+ "value" : "jdoe"
+ } ],
+ "realmRoles" : ["uma_authorization"]
+ },
+ {
+ "username" : "service-account-hello-world-authz-service",
+ "enabled" : true,
+ "serviceAccountClientId" : "hello-world-authz-service",
+ "clientRoles": {
+ "hello-world-authz-service" : ["uma_protection"]
+ }
+ }
+ ],
+ "clients" : [
+ {
+ "clientId" : "hello-world-authz-service",
+ "secret" : "secret",
+ "authorizationServicesEnabled" : true,
+ "enabled" : true,
+ "redirectUris" : [ "http://localhost:8080/hello-world-authz-service/*" ],
+ "baseUrl": "http://localhost:8080/hello-world-authz-service",
+ "adminUrl": "http://localhost:8080/hello-world-authz-service",
+ "directAccessGrantsEnabled" : true
+ }
+ ]
+}
\ No newline at end of file
diff --git a/examples/authz/hello-world-authz-service/hello-world-authz-service.json b/examples/authz/hello-world-authz-service/hello-world-authz-service.json
new file mode 100644
index 0000000..ea56e62
--- /dev/null
+++ b/examples/authz/hello-world-authz-service/hello-world-authz-service.json
@@ -0,0 +1,30 @@
+{
+ "resources": [
+ {
+ "name": "Default Resource",
+ "uri": "/*",
+ "type": "urn:hello-world-authz-service:resources:default"
+ }
+ ],
+ "policies": [
+ {
+ "name": "Only From Realm Policy",
+ "description": "A policy that grants access only for users within this realm",
+ "type": "js",
+ "config": {
+ "applyPolicies": "[]",
+ "code": "var context = $evaluation.getContext();\n\n// using attributes from the evaluation context to obtain the realm\nvar contextAttributes = context.getAttributes();\nvar realmName = contextAttributes.getValue('kc.realm.name').asString(0);\n\n// using attributes from the identity to obtain the issuer\nvar identity = context.getIdentity();\nvar identityAttributes = identity.getAttributes();\nvar issuer = identityAttributes.getValue('iss').asString(0);\n\n// only users from the realm have access granted \nif (issuer.endsWith(realmName)) {\n $evaluation.grant();\n}"
+ }
+ },
+ {
+ "name": "Default Permission",
+ "description": "A permission that applies to the default resource type",
+ "type": "resource",
+ "config": {
+ "defaultResourceType": "urn:hello-world-authz-service:resources:default",
+ "default": "true",
+ "applyPolicies": "[\"Only From Realm Policy\"]"
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/examples/authz/hello-world-authz-service/README.md b/examples/authz/hello-world-authz-service/README.md
new file mode 100644
index 0000000..a0cc40f
--- /dev/null
+++ b/examples/authz/hello-world-authz-service/README.md
@@ -0,0 +1,47 @@
+# About the Example Application
+
+This is a simple application to get you started with Keycloak Authorization Services.
+
+It provides a single page application which is protected by a policy enforcer that decides whether an user can access
+that page or not based on the permissions obtained from a Keycloak Server.
+
+## Create the Example Realm and a Resource Server
+
+Considering that your Keycloak Server is up and running, log in to the Keycloak Administration Console.
+
+Now, create a new realm based on the following configuration file:
+
+ examples/authz/hello-world-authz-service/hello-world-authz-realm.json
+
+That will import a pre-configured realm with everything you need to run this example. For more details about how to import a realm
+into Keycloak, check the Keycloak's reference documentation.
+
+After importing that file, you'll have a new realm called ``hello-world-authz``.
+
+Now, let's import another configuration using the Administration Console in order to configure the client application ``hello-world-authz-service`` as a resource server with all resources, scopes, permissions and policies.
+
+Click on ``Clients`` on the left side menu. Click on the ``hello-world-authz-service`` on the client listing page. This will
+open the ``Client Details`` page. Once there, click on the `Authorization` tab.
+
+Click on the ``Select file`` button, which means you want to import a resource server configuration. Now select the file that is located at:
+
+ examples/authz/hello-world-authz-service/hello-world-authz-service.json
+
+Now click ``Upload`` and the resource server will be updated accordingly.
+
+## Deploy and Run the Example Application
+
+To deploy the example application, follow these steps:
+
+ cd examples/authz/hello-world-authz-service
+ mvn clean package wildfly:deploy
+
+Now, try to access the client application using the following URL:
+
+ http://localhost:8080/hello-world-authz-service
+
+If everything is correct, you will be redirect to Keycloak login page. You can login to the application with the following credentials:
+
+* username: jdoe / password: jdoe
+* username: alice / password: alice
+
diff --git a/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF/keycloak.json b/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF/keycloak.json
index 04c0486..f303fe1 100644
--- a/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF/keycloak.json
+++ b/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF/keycloak.json
@@ -1,11 +1,11 @@
{
"realm": "hello-world-authz",
- "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmm2Nso+rUOYUYc4hO67LSf4s0pAKcqUbWWycS3fcz6Q4jg/SsBbIBJJXOMVR9GqwyTCVTH5s8Rb0+0pA+UrbZfMG2XIDnJoaGfJj9DvJwQkD+vzTvaS5q0ilP0tPlbusI5pyMi9xx+cjJBOvKR2GxjhcKrgb21lpmGcA1F1CPO3y/DT8GzTKg+9/nPKt1dKEUD7P5Uy5N7d8zz1fuOSLb5G267T1fKJvi6am8kCgM+agFVQ23j7w/aJ7T1EHUCZdaJ+aSODSYl8dM4RFNTjda0KMHHXqMMvd2+g8lZ0lAfstHywqZtCcHc9ULClVvQmQyXovn2qTktHAcD6BHTAgQIDAQAB",
+ "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMhNM9HXNQWhVf1m64zS67SIyQjj+tV5GR+MqlRTWDXdo8GAWHd+alY1urRhfRoqMy4F499+8wh2REKFykNt0ng6s6wWnEaKDboS3SAUV6lybcOAkwIOCtCZj1ItddKG3m64fzxDDQrcpkbiAvw3S8KJ4UJK+pyh9iX01duSDtM/HhPawsPdY8JSMfuo1IxQ2Vxw+8RKwbbdUeew6cyYGYAeFYwA66mlM3otB0RBHh4bjwg8297+2g53TdwM2rbCHRbrorMQD3031OTyFSp7lXCtoMLWRfAFnOP/2yZWZMXbiJheC0R3sLbU7Ef0/cUbYyk4Ckfq6pcYDR+VZBF7AwIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "hello-world-authz-service",
"credentials": {
- "secret": "a7672d93-ea27-44a3-baa6-ba3536609067"
+ "secret": "secret"
},
"policy-enforcer": {
"on-deny-redirect-to" : "/hello-world-authz-service/error.jsp"
examples/authz/photoz/README.md 18(+8 -10)
diff --git a/examples/authz/photoz/README.md b/examples/authz/photoz/README.md
index 57390a1..c915a1f 100644
--- a/examples/authz/photoz/README.md
+++ b/examples/authz/photoz/README.md
@@ -47,7 +47,7 @@ It also provides some background on how you can actually protect your JAX-RS end
## Create the Example Realm and a Resource Server
-Considering that your AuthZ Server is up and running, log in to the Keycloak Administration Console.
+Considering that your Keycloak Server is up and running, log in to the Keycloak Administration Console.
Now, create a new realm based on the following configuration file:
@@ -64,28 +64,28 @@ JBoss Drools, which require ``photoz-authz-policy`` artifact installed into your
cd examples/authz/photoz
mvn clean install
-Now, let's import another configuration using the Administration Console in order to configure the ``photoz-restful-api`` as a resource server with all resources, scopes, permissions and policies.
+Now, let's import another configuration using the Administration Console in order to configure the client application ``photoz-restful-api`` as a resource server with all resources, scopes, permissions and policies.
-Click on ``Authorization`` on the left side menu. Click on the ``Create`` button on the top of the resource server table. This will
-open the page that allows you to create a new resource server.
+Click on ``Clients`` on the left side menu. Click on the ``photoz-restful-api`` on the client listing page. This will
+open the ``Client Details`` page. Once there, click on the `Authorization` tab.
Click on the ``Select file`` button, which means you want to import a resource server configuration. Now select the file that is located at:
examples/authz/photoz/photoz-restful-api/photoz-restful-api-authz-config.json
-Now click ``Upload`` and a new resource server will be created based on the ``photoz-restful-api`` client application.
+Now click ``Upload`` and the resource server will be updated accordingly.
## Deploy and Run the Example Applications
To deploy the example applications, follow these steps:
cd examples/authz/photoz/photoz-html5-client
- mvn wildfly:deploy
+ mvn clean package wildfly:deploy
And then:
cd examples/authz/photoz/photoz-restful-api
- mvn wildfly:deploy
+ mvn clean package wildfly:deploy
Now, try to access the client application using the following URL:
@@ -95,6 +95,4 @@ If everything is correct, you will be redirect to Keycloak login page. You can l
* username: jdoe / password: jdoe
* username: alice / password: alice
-* username: admin / password: admin
-
-
+* username: admin / password: admin
\ No newline at end of file
examples/authz/servlet-authz/README.md 24(+14 -10)
diff --git a/examples/authz/servlet-authz/README.md b/examples/authz/servlet-authz/README.md
index df52870..f93acb5 100644
--- a/examples/authz/servlet-authz/README.md
+++ b/examples/authz/servlet-authz/README.md
@@ -14,7 +14,7 @@ This application will also show you how to create a dynamic menu with the permis
## Create the Example Realm and a Resource Server
-Considering that your AuthZ Server is up and running, log in to the Keycloak Administration Console.
+Considering that your Keycloak Server is up and running, log in to the Keycloak Administration Console.
Now, create a new realm based on the following configuration file:
@@ -25,26 +25,30 @@ into Keycloak, check the Keycloak's reference documentation.
After importing that file, you'll have a new realm called ``servlet-authz``.
-Now, let's import another configuration using the Administration Console in order to configure the ``servlet-authz-app`` client application as a resource server with all resources, scopes, permissions and policies.
+Now, let's import another configuration using the Administration Console in order to configure the client application ``servlet-authz-app`` as a resource server with all resources, scopes, permissions and policies.
-Click on ``Authorization`` on the left side menu. Click on the ``Create`` button on the top of the resource server table. This will
-open the page that allows you to create a new resource server.
+Click on ``Clients`` on the left side menu. Click on the ``servlet-authz-app`` on the client listing page. This will
+open the ``Client Details`` page. Once there, click on the `Authorization` tab.
Click on the ``Select file`` button, which means you want to import a resource server configuration. Now select the file that is located at:
examples/authz/servlet-authz/servlet-authz-app-config.json
-Now click ``Upload`` and a new resource server will be created based on the ``servlet-authz-app`` client application.
+Now click ``Upload`` and the resource server will be updated accordingly.
## Deploy and Run the Example Applications
-To deploy the example applications, follow these steps:
+To deploy the example application, follow these steps:
cd examples/authz/servlet-authz
- mvn wildfly:deploy
+ mvn clean package wildfly:deploy
+Now, try to access the client application using the following URL:
+
+ http://localhost:8080/servlet-authz-app
+
If everything is correct, you will be redirect to Keycloak login page. You can login to the application with the following credentials:
-* username: jdoe / password: jdoe (premium user)
-* username: alice / password: alice (regular user)
-* username: admin / password: admin (administrator)
\ No newline at end of file
+* username: jdoe / password: jdoe
+* username: alice / password: alice
+* username: admin / password: admin
\ No newline at end of file