Securing Spring Boot REST APIs with Keycloak
Keycloak is an open-source identity and access management solution which makes it easy to secure modern applications and services with little to no code.
Keycloak comes with its own adapters for selected platforms, but it is also possible to use generic OpenID Connect Relying Party and SAML Service Provider libraries. But using the Keycloak Client Adaptors would be much simpler, easy to use and they require less boilerplate code than what is typically required by a library.
The primary focus of this article is to secure Spring Boot REST APIs with Keycloak Spring Boot Adaptor.
To follow through this tutorial, you need to have a running Keycloak instance. If you don’t have, follow my previous Medium article.
First, let’s make the required configurations in Keycloak.
A Realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.
- Go to http://localhost:8080/auth/admin/ and log in to the Keycloak Admin Console using the admin credentials.
- From the Master drop-down menu, click Add Realm. When you are logged in to the master realm this drop-down menu lists all existing realms.
Demo-Realmin the Name field and click Create.
When the realm is created, the main admin console page opens. Notice the current realm is now set to
Demo-Realm. Switch between managing the
master realm and the realm you just created by clicking entries in the Select realm drop-down menu.
Demo-Realm is selected for the below configurations. Avoid using the master realm. You don’t have to create the realm every…