67 lines
No EOL
2.5 KiB
Text
Executable file
67 lines
No EOL
2.5 KiB
Text
Executable file
[[_spring_boot_adapter]]
|
|
=== Spring Boot Adapter
|
|
|
|
To be able to secure Spring Boot apps you must add the Keycloak Spring Boot adapter JAR to your app.
|
|
You then have to provide some extra configuration via normal Spring Boot configuration (`application.properties`). Let's go over these steps.
|
|
|
|
[[_spring_boot_adapter_installation]]
|
|
==== Adapter Installation
|
|
|
|
The Keycloak Spring Boot adapter takes advantage of Spring Boot's autoconfiguration so all you need to do is add the Keycloak Spring Boot adapter JAR to your project.
|
|
Depending on what container you are using with Spring Boot, you also need to add the appropriate Keycloak container adapter.
|
|
If you are using Maven, add the following to your pom.xml (using Tomcat as an example):
|
|
|
|
|
|
[source]
|
|
----
|
|
|
|
|
|
<dependency>
|
|
<groupId>org.keycloak</groupId>
|
|
<artifactId>keycloak-spring-boot-adapter</artifactId>
|
|
<version>&project.version;</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.keycloak</groupId>
|
|
<artifactId>keycloak-tomcat8-adapter</artifactId>
|
|
<version>&project.version;</version>
|
|
</dependency>
|
|
----
|
|
|
|
[[_spring_boot_adapter_configuration]]
|
|
==== Required Spring Boot Adapter Configuration
|
|
|
|
This section describes how to configure your Spring Boot app to use Keycloak.
|
|
|
|
Instead of a `keycloak.json` file, you configure the realm for the Spring Boot Keycloak adapter via the normal Spring Boot configuration.
|
|
For example:
|
|
|
|
[source]
|
|
----
|
|
|
|
|
|
keycloak.realm = demorealm
|
|
keycloak.realmKey = MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCWYuxXmsmfV+Xc9Ik8QET8lD4wuHrJAXbbutS2O/eMjQQLNK7QDX/k/XhOkhxP0YBEypqeXeGaeQJjCxDhFjJXQuewUEMlmSja3IpoJ9/hFn4Cns4m7NGO+rtvnfnwgVfsEOS5EmZhRddp+40KBPPJfTH6Vgu6KjQwuFPj6DTwIDAQAB
|
|
keycloak.auth-server-url = http://127.0.0.1:8080/auth
|
|
keycloak.ssl-required = external
|
|
keycloak.resource = demoapp
|
|
keycloak.credentials.secret = 11111111-1111-1111-1111-111111111111
|
|
keycloak.use-resource-role-mappings = true
|
|
----
|
|
|
|
You also need to specify the J2EE security config that would normally go in the `web.xml`.
|
|
Here's an example configuration:
|
|
|
|
[source]
|
|
----
|
|
|
|
|
|
keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
|
|
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
|
|
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = user
|
|
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure
|
|
|
|
keycloak.securityConstraints[0].securityCollections[1].name = admin stuff
|
|
keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = admin
|
|
keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /admin
|
|
---- |