Lately, I’ve been working with Keycloak, so I decided to better delve into it and write about it.
This article is the first of a series where I’d like to introduce Keycloak as a solution to manage authentication and authorisation, how to install it and which are the fundamental concepts and configurations.
Then I’d like to explain how to use it to secure Spring Boot, Spring Security and AngularJS applications and services, analyse the implementation when using a relational database to store users and finally how to manage users from Java thanks to the Admin REST API.
What is Keycloak?
Keycloak is an open source project developed and maintained by the RedHat Community.
“Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.”
Setting up HTTPS for Spring Boot requires two steps:
Getting an SSL certificate;
Configuring SSL in Spring Boot.
We can generate an SSL certificate ourselves (self-signed certificate). Its use is intended just for development and testing purposes. In production, you should use a certificate issued by a trusted Certificate Authority (CA). Whether you’re going to generate a self-signed certificate or you have already got one by a CA, I’ll show you how to enable HTTPS in a Spring Boot application.