Skip to content

Add access-control and keycloak integration #37

Description

@hohwille

We should add access-control and integrate quarkus with keycloak.
Before going to quarkus we had this exercise:
https://github.com/devonfw-training/java-spring/blob/master/documentation/5-access-control.asciidoc

The job was to add @RolesAllowed annotations to the use-case methods. See example here:
https://github.com/devonfw-training/java-spring/blob/13f01d5b1a3232d1fdabc2b5593c4979e728fbf5/app/core/src/main/java/org/example/app/moviemanagement/logic/impl/usecase/UcFindMovieImpl.java#L34

We also had some test-infrastructure to simulate logins with permissions to make the tests still work and also allow tests verifying that if a permission is not granted, the Use-Case cannot be called. Example:
https://github.com/devonfw-training/java-spring/blob/13f01d5b1a3232d1fdabc2b5593c4979e728fbf5/app/core/src/test/java/org/example/app/moviemanagement/logic/impl/usecase/UcFindMovieImplTest.java#L47

This should be achieved with Quarkus standard mechanisms rather than too much home-grown stuff.
A nice concept of devonfw was however the concept of hierarchical permissions/groups that were modelled and expanded in the application:
https://github.com/devonfw/devon4j/blob/master/documentation/guide-access-control.asciidoc#authorization
Example:
https://github.com/devonfw-training/java-spring/blob/13f01d5b1a3232d1fdabc2b5593c4979e728fbf5/app/core/src/main/java/org/example/app/general/common/api/security/ApplicationAccessControlConfig.java#L12-L52

ATTENTION: Do not start from scratch.
See existing branches:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions