Spring Boot | Kong | Keycloak
Using Kong to secure a Simple Spring Boot REST API with Kong OIDC plugin and Keycloak
Configuring Kong OIDC plugin in Kong and Keycloak to secure a sensitive endpoint in Simple API application
In this article, we will create a Simple Spring Boot REST API called Simple API. The application has just two endpoints: /public
and /secured
. However, instead of implementing security within the application itself, this time we will use Kong.
Introduction
Kong is an open-source API gateway that simplifies API management, provides security, scalability, and analytics for APIs and microservices. It acts as a single entry point for clients to access backend services, offering features like authentication, load balancing, and custom plugins.
Both Kong and Simple API will be executed as Docker containers. However, the Simple API’s 8080
port won’t be exposed to the host machine, meaning users cannot access it directly. To circumvent this, we will utilize Kong as a gateway.
Furthermore, we’ll run Keycloak within a Docker container that will act as the OpenID Connect Provider. Subsequently, we’ll configure the Kong OIDC plugin in Kong, establishing a…