Running configured keycloak server is required for this demo.

To prepare Keycloak server, use docker-compose according the following examples.

After logging into the Administration Console of the keycloak server:

• Create a realm using import (exported file realm-export.json is prepared in the root of this example). It will create realm "example-app", with client example-service and roles role01 and role02.

• Create a user for each roles (user01 with role role01 and user02 with role role02).

When the Keycloak server is configured and running, retrieve access tokens for both users.

You can use following commands (use correct secrets and names) to retrieve both tokens:

and

Keep both generated tokens for later use.

Now that everything is set up, you can run the example using

Notice that route contains allowedRoles parameter with value role02.

You can verify that the endpoint (http://localhost:8082/hi) is secured with the Keycloak server by executing following requests:

• Request without authentication token returns 401 Unauthorized

  curl -I -X GET http://localhost:8082/hi

• Request with the token for user01 (with role01) returns 403 Forbidden

  curl -I -X GET -H "Authorization: Bearer <user01-token>" http://localhost:8082/hi

• Request with the token for user02 (with role02) returns 200 OK and you can see a message in application console log: "Hello <user01-name>!"

  curl -I -X GET -H "Authorization: Bearer <user02-token>" http://localhost:8082/hi

If you hit any problem using Camel or have some feedback, then please let us know.

We also love contributors, so get involved :-)

The Camel riders!