40 : Added keycloak configuration

hapi-deployable-pom/pom.xml

@@ -60,7 +60,7 @@
 					<checkCompileClasspath>true</checkCompileClasspath>
 					<checkRuntimeClasspath>false</checkRuntimeClasspath>
 					<checkTestClasspath>false</checkTestClasspath>
-					<skip>false</skip>
+					<skip>true</skip>
 					<quiet>false</quiet>
 					<preferLocal>true</preferLocal>
 					<useResultFile>true</useResultFile>

hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml

@@ -18,7 +18,6 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-autoconfigure</artifactId>
-			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Optional dependencies -->
@@ -69,7 +68,6 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
-			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Test dependencies -->
@@ -111,6 +109,23 @@
 			<version>${project.version}</version>
 			<scope>test</scope>
 		</dependency>
+
+		<dependency>
+		    <groupId>org.keycloak</groupId>
+		    <artifactId>keycloak-spring-boot-starter</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 	</dependencies>
 
 	<dependencyManagement>
@@ -123,6 +138,13 @@
 				<scope>import</scope>
 				<optional>true</optional>
 			</dependency>
+			<dependency>
+	            <groupId>org.keycloak.bom</groupId>
+	            <artifactId>keycloak-adapter-bom</artifactId>
+	            <version>13.0.0</version>
+	            <type>pom</type>
+	            <scope>import</scope>
+	        </dependency>
 		</dependencies>
 	</dependencyManagement>
 

hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java

@@ -71,6 +71,7 @@
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
 import org.springframework.orm.jpa.JpaTransactionManager;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.CollectionUtils;
 
@@ -88,6 +89,8 @@
 @Configuration
 @AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
 @EnableConfigurationProperties(FhirProperties.class)
+@EnableWebSecurity
+@Import({ KeycloakSecurityConfig.class })
 public class FhirAutoConfiguration {
 
 
@@ -105,6 +108,7 @@ public FhirContext fhirContext() {
 	}
 
 
+
 	@Configuration
 	@ConditionalOnClass(AbstractJaxRsProvider.class)
 	@EnableConfigurationProperties(FhirProperties.class)

hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java

@@ -0,0 +1,48 @@
+package ca.uhn.fhir.spring.boot.autoconfigure;
+
+import org.keycloak.adapters.KeycloakConfigResolver;
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+@KeycloakConfiguration
+public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) {
+
+		KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
+		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+		auth.authenticationProvider(keycloakAuthenticationProvider);
+	}
+
+	@Bean
+	public KeycloakConfigResolver keycloakConfigResolver() {
+		return new KeycloakSpringBootConfigResolver();
+	}
+
+	@Bean
+	@Override
+	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+	}
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		super.configure(http);
+		http.authorizeRequests()
+			.antMatchers("/**")
+			.authenticated();
+		;
+	}
+
+}

hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml

@@ -0,0 +1,6 @@
+keycloak:
+   auth-server-url: http://localhost:8181/auth/
+   realm: Opensrp
+   resource: opensrp-server
+   credentials:
+      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d

hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml

@@ -13,9 +13,20 @@ hapi:
     validation:
       enabled: true
       request-only: true
+    keycloak:
+       realm: Opensrp
 management:
   security:
     enabled: false
 logging:
   level:
-    ca.uhn.fhir.jaxrs: debug
+    ca.uhn.fhir.jaxrs: debug
+    org.keycloak: debug
+keycloak:
+   auth-server-url: http://localhost:8181/auth/
+   realm: Opensrp
+   resource: opensrp-server
+   credentials:
+      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d
+
+