add keycloak based security

azdanov · May 18, 2024 · 1f04a91 · 1f04a91
1 parent b355441
commit 1f04a91
Show file tree

Hide file tree

Showing 32 changed files with 4,422 additions and 48 deletions.
diff --git a/api-gateway/src/main/resources/application.yml b/api-gateway/src/main/resources/application.yml
@@ -1,50 +1,60 @@
 server:
   port: 8989
   shutdown: graceful
+
 spring:
   application:
     name: api-gateway
+
   cloud:
     gateway:
       discovery:
         locator:
           enabled: true
+
       globalcors:
         cors-configurations:
           '[/**]':
             allowed-origins: "*"
             allowed-methods: "*"
             allowed-headers: "*"
             allow-credentials: false
+
       routes:
         - id: catalog-service
           uri: ${CATALOG_SERVICE_URL:http://localhost:8081}
           predicates:
             - Path=/catalog/**
           filters:
             - RewritePath=/catalog/?(?<segment>.*), /${segment}
+
         - id: orders-service
           uri: ${ORDER_SERVICE_URL:http://localhost:8082}
           predicates:
             - Path=/orders/**
           filters:
             - RewritePath=/orders/?(?<segment>.*), /${segment}
+
         - id: openapi
           uri: http://localhost:${server.port}
           predicates:
             - Path=/v3/api-docs/**
           filters:
             - RewritePath=/v3/api-docs/?(?<segment>.*), /${segment}/v3/api-docs
+
       default-filters:
         - DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Methods Access-Control-Allow-Headers RETAIN_FIRST
+
   mvc:
     problemdetails:
       enabled: true
+
 management:
   endpoints:
     web:
       exposure:
         include: "*"
+
 springdoc:
   swagger-ui:
     use-root-path: true

diff --git a/catalog-service/src/main/resources/application.properties b/catalog-service/src/main/resources/application.properties
@@ -1,16 +1,21 @@
+# Application Configuration
 spring.application.name=catalog-service
 
+# Server Configuration
 server.port=8081
 server.shutdown=graceful
 
+# Management Endpoints
 management.endpoints.web.exposure.include=*
 management.info.git.mode=full
 
+# Database Configuration
 spring.datasource.url=${DB_URL:jdbc:postgresql://localhost:15432/postgres}
 spring.datasource.username=${DB_USERNAME:postgres}
 spring.datasource.password=${DB_PASSWORD:postgres}
 spring.jpa.hibernate.ddl-auto=validate
 spring.jpa.show-sql=true
 spring.jpa.open-in-view=false
 
+# Catalog Service Configuration
 catalog.page-size=10
diff --git a/deployment/compose.yml b/deployment/compose.yml
@@ -1,5 +1,6 @@
 name: 'bookstore'
 services:
+  # For catalog-service to work, add 127.0.0.1 catalog-service to /etc/hosts
   catalog-service:
     image: azdanov/bookstore-catalog-service
     container_name: catalog-service
@@ -20,6 +21,8 @@ services:
       resources:
         limits:
           memory: 700m
+
+  # For order-service to work, add 127.0.0.1 order-service to /etc/hosts
   order-service:
     image: azdanov/bookstore-order-service
     container_name: order-service
@@ -35,6 +38,7 @@ services:
       - RABBITMQ_PORT=5672
       - RABBITMQ_USERNAME=guest
       - RABBITMQ_PASSWORD=guest
+      - OAUTH2_SERVER_URL=http://keycloak:9191
     ports:
       - "8082:8082"
     restart: unless-stopped
@@ -47,6 +51,7 @@ services:
       resources:
         limits:
           memory: 700m
+
   notification-service:
     image: azdanov/bookstore-notification-service
     container_name: notification-service
@@ -77,6 +82,8 @@ services:
       resources:
         limits:
           memory: 700m
+
+  # For api-gateway to work, add 127.0.0.1 api-gateway to /etc/hosts
   api-gateway:
     image: azdanov/bookstore-api-gateway
     container_name: api-gateway
@@ -93,6 +100,7 @@ services:
       resources:
         limits:
           memory: 700m
+
   webapp:
     image: azdanov/bookstore-webapp
     container_name: webapp
@@ -101,13 +109,15 @@ services:
     environment:
       - SPRING_PROFILES_ACTIVE=docker
       - BOOKSTORE_API_GATEWAY_URL=http://api-gateway:8989
+      - OAUTH2_SERVER_URL=http://keycloak:9191
     ports:
       - "8080:8080"
     restart: unless-stopped
     deploy:
       resources:
         limits:
           memory: 700m
+
   catalog-db:
     image: postgres:16-alpine
     container_name: catalog-db
@@ -128,6 +138,7 @@ services:
       resources:
         limits:
           memory: 500m
+
   orders-db:
     image: postgres:16-alpine
     container_name: orders-db
@@ -148,6 +159,7 @@ services:
       resources:
         limits:
           memory: 500m
+
   bookstore-rabbitmq:
     image: rabbitmq:3.12.11-management
     container_name: bookstore-rabbitmq
@@ -168,6 +180,7 @@ services:
       resources:
         limits:
           memory: 500m
+
   notifications-db:
     image: postgres:16-alpine
     container_name: notifications-db
@@ -188,6 +201,7 @@ services:
       resources:
         limits:
           memory: 500m
+
   mailpit:
     image: axllent/mailpit
     container_name: mailpit
@@ -196,3 +210,27 @@ services:
     ports:
       - 8025:8025
       - 1025:1025
+    deploy:
+      resources:
+        limits:
+          memory: 100m
+
+  # For Keycloak to work, add 127.0.0.1 keycloak to /etc/hosts
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    profiles:
+      - infra
+    command: [ 'start-dev', '--import-realm', '--http-port=9191' ]
+    container_name: keycloak
+    hostname: keycloak
+    volumes:
+      - ./keycloak:/opt/keycloak/data/import
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+    ports:
+      - "9191:9191"
+    deploy:
+      resources:
+        limits:
+          memory: 2gb