keycloak-scim/topics/oidc/java/spring-boot-adapter.adoc

[[_spring_boot_adapter]]
=== Spring Boot Adapter

To be able to secure Spring Boot apps you must add the Keycloak Spring Boot adapter JAR to your app.
You then have to provide some extra configuration via normal Spring Boot configuration (`application.properties`).  Let's go over these steps. 

[[_spring_boot_adapter_installation]]
==== Adapter Installation

The Keycloak Spring Boot adapter takes advantage of Spring Boot's autoconfiguration so all you need to do is add the Keycloak Spring Boot adapter JAR to your project.
Depending on what container you are using with Spring Boot, you also need to add the appropriate Keycloak container adapter.
If you are using Maven, add the following to your pom.xml (using Tomcat as an example): 


[source]
----


<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-spring-boot-adapter</artifactId>
    <version>&project.version;</version>
</dependency>
<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-tomcat8-adapter</artifactId>
    <version>&project.version;</version>
</dependency>
----        

[[_spring_boot_adapter_configuration]]
==== Required Spring Boot Adapter Configuration

This section describes how to configure your Spring Boot app to use Keycloak. 

Instead of a `keycloak.json` file, you configure the realm for the Spring Boot Keycloak adapter via the normal Spring Boot configuration.
For example: 

[source]
----


keycloak.realm = demorealm
keycloak.realmKey = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCWYuxXmsmfV+Xc9Ik8QET8lD4wuHrJAXbbutS2O/eMjQQLNK7QDX/k/XhOkhxP0YBEypqeXeGaeQJjCxDhFjJXQuewUEMlmSja3IpoJ9/hFn4Cns4m7NGO+rtvnfnwgVfsEOS5EmZhRddp+40KBPPJfTH6Vgu6KjQwuFPj6DTwIDAQAB
keycloak.auth-server-url = http://127.0.0.1:8080/auth
keycloak.ssl-required = external
keycloak.resource = demoapp
keycloak.credentials.secret = 11111111-1111-1111-1111-111111111111
keycloak.use-resource-role-mappings = true
----

You also need to specify the J2EE security config that would normally go in the `web.xml`.
Here's an example configuration: 

[source]
----


keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure

keycloak.securityConstraints[0].securityCollections[1].name = admin stuff
keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /admin
----
Fix links 2016-06-03 07:05:27 +00:00			`[[_spring_boot_adapter]]`
Re-structuring 2016-06-01 11:02:44 +00:00			`=== Spring Boot Adapter`
initial import 2016-04-18 19:10:32 +00:00
			`To be able to secure Spring Boot apps you must add the Keycloak Spring Boot adapter JAR to your app.`
			You then have to provide some extra configuration via normal Spring Boot configuration (`application.properties`). Let's go over these steps.

			`[[_spring_boot_adapter_installation]]`
Re-structuring 2016-06-01 11:02:44 +00:00			`==== Adapter Installation`
initial import 2016-04-18 19:10:32 +00:00
			`The Keycloak Spring Boot adapter takes advantage of Spring Boot's autoconfiguration so all you need to do is add the Keycloak Spring Boot adapter JAR to your project.`
			`Depending on what container you are using with Spring Boot, you also need to add the appropriate Keycloak container adapter.`
			`If you are using Maven, add the following to your pom.xml (using Tomcat as an example):`


			`[source]`
			`----`


			`<dependency>`
			`<groupId>org.keycloak</groupId>`
			`<artifactId>keycloak-spring-boot-adapter</artifactId>`
			`<version>&project.version;</version>`
			`</dependency>`
			`<dependency>`
			`<groupId>org.keycloak</groupId>`
			`<artifactId>keycloak-tomcat8-adapter</artifactId>`
			`<version>&project.version;</version>`
			`</dependency>`
			`----`

			`[[_spring_boot_adapter_configuration]]`
Re-structuring 2016-06-01 11:02:44 +00:00			`==== Required Spring Boot Adapter Configuration`
initial import 2016-04-18 19:10:32 +00:00
			`This section describes how to configure your Spring Boot app to use Keycloak.`

			Instead of a `keycloak.json` file, you configure the realm for the Spring Boot Keycloak adapter via the normal Spring Boot configuration.
			`For example:`

			`[source]`
			`----`


			`keycloak.realm = demorealm`
			`keycloak.realmKey = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCWYuxXmsmfV+Xc9Ik8QET8lD4wuHrJAXbbutS2O/eMjQQLNK7QDX/k/XhOkhxP0YBEypqeXeGaeQJjCxDhFjJXQuewUEMlmSja3IpoJ9/hFn4Cns4m7NGO+rtvnfnwgVfsEOS5EmZhRddp+40KBPPJfTH6Vgu6KjQwuFPj6DTwIDAQAB`
			`keycloak.auth-server-url = http://127.0.0.1:8080/auth`
			`keycloak.ssl-required = external`
			`keycloak.resource = demoapp`
			`keycloak.credentials.secret = 11111111-1111-1111-1111-111111111111`
			`keycloak.use-resource-role-mappings = true`
			`----`

			You also need to specify the J2EE security config that would normally go in the `web.xml`.
			`Here's an example configuration:`

			`[source]`
			`----`


			`keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff`
			`keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin`
			`keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = user`
			`keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure`

			`keycloak.securityConstraints[0].securityCollections[1].name = admin stuff`
			`keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = admin`
			`keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /admin`
			`----`