# (Optional) Exercise 1: Setup the web-application and Microservices locally

To run these optional exercises you need to ensure you have installed the following tools on your local machine and you can run them in your terminal sessions.

* [git 2.24.1 or higher](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
* [yarn 1.22.4 or higher](https://yarnpkg.com)
* [Node.js v14.6.0 or higher](https://nodejs.org/en/)
* [Apache Maven 3.6.3](https://maven.apache.org/ref/3.6.3/maven-embedder/cli.html)
* [Docker 3.0.4 or higher](https://www.docker.com/products/docker-desktop) (running Keycloak locally)
* Java 9 or higher

## Architecture

Here is the local architecture whichs shows the Web-App and the two Microservices Web-API and Articles are running on your local machine in terminal sessions. Keycloak is running on Kubernetes on IBM Cloud.

![](/files/-MFGFeHOXv-CnzZpVtOM)

The gif shows the logon to the example web frontend application. This is the simplified sequence which happens in the background:

1. When we invoke the web frontend on \`<http://localhost:8080> we will be routed to login dialog provided by the Keyloak server.
2. After the successfully Keycloak authentication we will be redirected to the web frontend and the frontend gets an access-token.
3. The access-token contains the needed information for the authorization at the Java microservice Web-API and the user information.
4. The web frontend extracts and displays the username.
5. Then the web fronted uses the access-token to invoke the Web-API Microservice endpoint to get the articles and displays the Articles.

![](/files/-MKjZ9cLSoXkPW_WO_zb)

## YouTube video related to the workshop

[![](https://img.youtube.com/vi/Un8n0VMLsCs/0.jpg)](https://www.youtube.com/watch?v=Un8n0VMLsCs)

## Step 1: Clone the project to your local machine

```bash
git clone https://github.com/IBM/cloud-native-starter.git
cd cloud-native-starter/security
ROOT_FOLDER=$(pwd)
```

## **(Optional) Setup Keycloak locally**

If you have your Keycloak running on Kubernetes you just skip to [setup Web-App](/get-started-with-security-for-your-java-microservi/authentication-and-authorization-with-keycloak-and-quarkus/app-sec-exercise-01.md#step-1-configure-web-app).

In this part we will setup Keycloak locally. We will run a local Keycloak Docker container and reuse an existing realm configuration.

The image below shows the relevant elements we will use later.

![](/files/-MKjWnlaEdJwRLmkb1bn)

### Step 1: Start Keycloak Docker image local

Open the first terminal session and enter following command:

```bash
docker run -it -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8282:8080 jboss/keycloak:9.0.2
```

*Note:* We use here

* `KEYCLOAK_USER=admin`
* `KEYCLOAK_PASSWORD=admin`
* `8282:8080` port forwarding
* `keycloak:9.0.2` container image

### Step 2: Import the existing realm configuration

1. Open the Keycloak in a browser select the Administration Console

   Use following URL:

   ```bash
   http://localhost:8282/
   ```

   ![](/files/-MKjXrKkoqeFd24-STTK)
2. Login to using the URL in your browser with `user/admin` and `password/admin`
3. Select *Add realm*

   ![](/files/-MKjXrKlXntW0OQAI33B)
4. Choose for import *Select file* and open the `quarkus-realm.json`.

   ![](/files/-MKjXrKmTFnG4r1rr7hk)

### Step 3: Press `view all users`

You should see following users: `admin`, `alice`, `jdoe`

![](/files/-MFGFeYorWj-47_JlBWV)

### Step 4: Verify the role mapping

![](/files/-MbfG7DQ9q_1PUh2g1kX)

## **Setup Web-App**

### Step 1: Configure web-app

Now insert `Keycloak URL`/auth in `main.js` (`http://localhost:8282`) and save the changes.

```bash
cd $ROOT_FOLDER/web-app/src
nano main.js
```

Example:

```javascript
if (currentHostname.indexOf('localhost') > -1) {
  urls = {
    api: 'http://localhost:8081/',
    login: 'https://YOUR_URL/auth' // insert your http or https://<KeycloakURL>/auth
  }
  store.commit("setAPIAndLogin", urls);
}
```

### Step 2: Run the web-app

Open the second terminal session and start the application on port 8080.

```bash
cd $ROOT_FOLDER/web-app
yarn install
yarn serve
```

## **Setup Web-Api**

### Step 1: Configure web-api-secure

Insert your the `auth-server-url` URL of your Keycloak instance in `application.properties` file and save the file.

Therefore you use the `Keycloak URL` you got during the setup of Keycloak on IBM Cloud.

```bash
cd $ROOT_FOLDER/web-api-secure/src/main/resources
nano application.properties
```

Example:

```java
// When running locally, uncomment the next line, add your Keycloak URL, must end on '/auth/realms/quarkus'
quarkus.oidc.auth-server-url=https://YOUR_URL/auth/realms/quarkus

quarkus.oidc.client-id=backend-service
quarkus.oidc.credentials.secret=secret

quarkus.http.port=8081
quarkus.http.cors=true

resteasy.role.based.security=true
```

### Step 2: Run the web-api-secure Microservice

Open a third terminal and start the service on port 8081.

```bash
cd $ROOT_FOLDER/web-api-secure
mvn clean package quarkus:dev
```

## **Setup Articles microservice**

### Step 1: Configure articles-secure

Insert your the `auth-server-url` URL of your Keycloak instance in `application.properties` file and save the file. Therefore you use the `Keycloak URL` you got during the setup of Keycloak on IBM Cloud.

```bash
cd $ROOT_FOLDER/articles-secure/src/main/resources
nano application.properties
```

Example:

```java
// When running locally, uncomment the next line, add your Keycloak URL, must end on '/auth/realms/quarkus'
quarkus.oidc.auth-server-url=https://YOUR_URL/auth/realms/quarkus

quarkus.oidc.client-id=backend-service
quarkus.oidc.credentials.secret=secret

quarkus.http.port=8082
quarkus.http.cors=true

resteasy.role.based.security=true
```

### Step 2: Run the articles-secure Microservice

Open a fourth terminal and start the service on port 8081.

```bash
cd $ROOT_FOLDER/articles-secure
mvn clean package quarkus:dev
```

## Open the Web-App

### Step 1: Open the Web-App in your local browser

Open the following URL in your browser:

```bash
http://localhost:8080
```

### Step 2: Log in with the test user: alice, password: alice

> Congratulations, you have successfully completed this optional hands-on lab tasks for `uthentication and Authorization with Keycloak and Quarkus` section of the workshop. Awesome :star:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ibm-developer.gitbook.io/get-started-with-security-for-your-java-microservi/authentication-and-authorization-with-keycloak-and-quarkus/app-sec-exercise-01.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.