CODEWITHSUNDEEP
jhipsterkeycloak
PrajwalR
PrajwalR

Reputation: 21

How do I specify a policy enforcer for keycloak in a jhipster application?

Jhipster apps do not have a keycloak.json file even on selecting Oauth2 authorization during creation. But the official Keycloak documentation tells us to specify the policy-enforcer property in keycloak.json. Any leads on where should it be specified would be highly appreciated.

My application.yml file :-

security:
basic:
    enabled: false
oauth2:
    client:
        access-token-uri: http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/token
        user-authorization-uri: http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth
        client-id: web_app
        client-secret: web_app
        client-authentication-scheme: form
        scope: openid profile email
    resource:
        filter-order: 3
        user-info-uri: http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/userinfo
        token-info-uri: http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/token/introspect
        prefer-token-info: false

Both my keycloak.yml and app.yml files are unchanged.

Upvotes: 2

Views: 1185

Answers (1)

Aritz
Aritz

Reputation: 31649

The policy enforcement is Keycloak specific:

Policy Enforcement Point (PEP) is a design pattern and as such you can implement it in different ways. Keycloak provides all the necessary means to implement PEPs for different platforms, environments, and programming languages. Keycloak Authorization Services presents a RESTful API, and leverages OAuth2 authorization capabilities for fine-grained authorization using a centralized authorization server.

enter image description here

There's no such a feature in the Oauth2 spec. Jhipster generates your project based in Oauth2 standards and you can make a keycloak integration based on this, but cannot use its specific features. For getting it work, you'll need to use KC specific adapters and get rid of Jhipster's Oauth2 autoconfiguration.

Other solution might involve extending the code added by Jhipster (which I believe is based in the Spring Security Oauth plugin) in order to extend it with this KC feature. You'll need to write sensitive code yourself, so I'd rather go the first way.

Upvotes: 2

Related Questions