Securing Spring Boot REST APIs with Keycloak

Overview

Keycloak is an open-source identity and access management solution which makes it easy to secure modern applications and services with little to no code.

Keycloak comes with its own adapters for selected platforms, but it is also possible to use generic OpenID Connect Relying Party and SAML Service Provider libraries. But using the Keycloak Client Adaptors would be much simpler, easy to use and they require less boilerplate code than what is typically required by a library.

The primary focus of this article is to secure Spring Boot REST APIs with Keycloak Spring Boot Adaptor.

To follow through this tutorial, you need to have a running Keycloak instance. If you don’t have, follow my previous Medium article.

Keycloak for Identity and Access Management & High Availability Deployment with Kubernetes

Keycloak Configuration

First, let’s make the required configurations in Keycloak.

Create Realm

A Realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

1. Go to http://localhost:8080/auth/admin/ and log in to the Keycloak Admin Console using the admin credentials.
2. From the Master drop-down menu, click Add Realm. When you are logged in to the master realm this drop-down menu lists all existing realms.
3. Type Demo-Realm in the Name field and click Create.

Add Realm in Keycloak Admin Console

When the realm is created, the main admin console page opens. Notice the current realm is now set to Demo-Realm. Switch between managing the master realm and the realm you just created by clicking entries in the Select realm drop-down menu.

Make sure Demo-Realm is selected for the below configurations. Avoid using the master realm. You don’t have to create the realm every…