Skip to content

Commit

Permalink
Merge pull request #11 from kbss-cvut/migrate-keycloak-authorization
Browse files Browse the repository at this point in the history
Migrate keycloak authorization
  • Loading branch information
blcham authored Nov 25, 2023
2 parents c12b3d8 + 3361096 commit 026efe4
Show file tree
Hide file tree
Showing 18 changed files with 2,562 additions and 1 deletion.
2 changes: 1 addition & 1 deletion deploy/internal-auth/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ services:

db-server:
build:
context: ./db-server
context: ../shared/db-server
container_name: ${RECORD_SET_NAME:-rm}-db-server
environment:
GDB_JAVA_OPTS: -Dgraphdb.external-url=http://localhost:$PORT$RECORD_MANAGER_BASENAME/db-server
Expand Down
107 changes: 107 additions & 0 deletions deploy/keycloak-auth/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
version: '3.9'

services:
record-manager:
image: ghcr.io/kbss-cvut/kbss-cvut/record-manager-ui:latest
container_name: ${RECORD_SET_NAME:-rm}-record-manager
ports:
- "127.0.0.1:3000:80"
depends_on:
- record-manager-server
environment:
APP_TITLE: "Record Manager"
BASENAME: "./"
LANGUAGE: "cs"
NAVIGATOR_LANGUAGE: "true"
API_URL: "http://localhost:8080/record-manager-server"
APP_INFO: "<a href=\"https://github.com/kbss-cvut\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"KBSS CVUT v Praze\">© KBSS CVUT v Praze, 2023</a>"
AUTHENTICATION: "oidc"
AUTH_SERVER_URL: "http://localhost:8088/realms/record-manager"
AUTH_CLIENT_ID: "record-manager-ui"
FORCE_BASENAME: "true"

record-manager-server:
image: ghcr.io/kbss-cvut/kbss-cvut/record-manager:latest
container_name: ${RECORD_SET_NAME:-rm}-record-manager-server
ports:
- "127.0.0.1:8080:8080"
depends_on:
- s-pipes-engine
- db-server
- auth-server
environment:
REPOSITORYURL: "http://db-server:7200/repositories/record-manager-app"
FORMGENREPOSITORYURL: "http://db-server:7200/repositories/record-manager-formgen"
FORMGENSERVICEURL: "http://s-pipes-engine:8080/s-pipes/service?_pId=clone&sgovRepositoryUrl=https%3A%2F%2Fgraphdb.onto.fel.cvut.cz%2Frepositories%2Fkodi-slovnik-gov-cz"
SECURITY_PROVIDER: "oidc"
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUERURI: "http://localhost:8088/realms/record-manager"
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWKSETURI: "http://auth-server:8080/realms/record-manager/protocol/openid-connect/certs"
SERVER_SERVLET_CONTEXTPATH: "/record-manager-server"

s-pipes-engine:
image: ghcr.io/kbss-cvut/s-pipes/s-pipes-engine:latest
container_name: ${RECORD_SET_NAME:-rm}-s-pipes-engine
ports:
- "127.0.0.1:8081:8080"
depends_on:
- db-server
db-server:
build:
context: ../shared/db-server
container_name: ${RECORD_SET_NAME:-rm}-db-server
environment:
GDB_JAVA_OPTS: "-Ddefault.min.distinct.threshold=67108864"
ports:
- "127.0.0.1:7200:7200"
volumes:
- data:/opt/graphdb/home
auth-server-db:
image: postgres:13
container_name: ${RECORD_SET_NAME:-rm}-auth-server-db
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
volumes:
- auth-server-db:/var/lib/postgresql/data
auth-server:
image: ghcr.io/kbss-cvut/keycloak-graphdb-user-replicator/keycloak-graphdb:latest
container_name: ${RECORD_SET_NAME:-rm}-auth-server
command:
- start --import-realm
environment:
KC_IMPORT: realm-export.json
KC_HOSTNAME_URL: "http://localhost:8088"
KC_HOSTNAME_ADMIN_URL: "http://localhost:8088"
KC_HOSTNAME_STRICT_BACKCHANNEL: false
KC_HTTP_ENABLED: true
KEYCLOAK_ADMIN: ${KC_ADMIN_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
DB_VENDOR: POSTGRES
DB_ADDR: auth-server-db
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: keycloak
DB_SCHEMA: "public"
DB_SERVER_URL: "http://db-server:7200"
DB_SERVER_REPOSITORY_ID: "record-manager-app"
REPOSITORY_LANGUAGE: "en"
VOCABULARY_USER_TYPE: "http://onto.fel.cvut.cz/ontologies/record-manager/user"
VOCABULARY_USER_FIRST_NAME: "http://xmlns.com/foaf/0.1/firstName"
VOCABULARY_USER_LAST_NAME: "http://xmlns.com/foaf/0.1/lastName"
VOCABULARY_USER_USERNAME: "http://xmlns.com/foaf/0.1/accountName"
VOCABULARY_USER_EMAIL: "http://xmlns.com/foaf/0.1/mbox"
ADD_ACCOUNTS: false
REALM_ID: "record-manager"
ports:
- "127.0.0.1:8088:8080"
volumes:
- auth-server:/opt/keycloak/data
- ./keycloak:/opt/keycloak/data/import
depends_on:
- auth-server-db

volumes:
data:
auth-server:
auth-server-db:
Loading

0 comments on commit 026efe4

Please sign in to comment.