quarkus-server

Running in Test Mode With Authentication

Here's a very basic setup for running the Nessie Server with Keycloak authentication.

It is meant to be used for testing purposes only.

1. Start a local Keycloak server

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --name keycloak quay.io/keycloak/keycloak:latest start-dev

2. Log into Keycloak Admin Console at http://localhost:8080/auth/
3. Create user nessie with password nessie (under the master realm)
4. Goto Clients > Admin-cli > Advanced Settings and set Access Token Lifespan to 1 day (for convenience)
5. Start Nessie server in test mode preconfigured to use the local Keycloak server:

./mvnw -pl :nessie-quarkus quarkus:dev -Dnessie.server.authentication.enabled=true -Dquarkus.oidc.auth-server-url=http://localhost:8080/auth/realms/master -Dquarkus.oidc.client-id=projectnessie

5. Generate a token for nessie (note that the default token lifespan is pretty short):

curl -X POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token \
  --user admin-cli:none -H 'content-type: application/x-www-form-urlencoded' \
  -d 'username=nessie&password=nessie&grant_type=password' |jq -r .access_token

6. Access Nessie API with the auth token

• With curl:

curl 'http://localhost:19120/api/v1/trees' --oauth2-bearer "$NESSIE_TOKEN" -v

• With Nessie CLI:

nessie --auth-token "$NESSIE_TOKEN" remote show