Securing a Spring Boot Application with Keycloak

In this article, I’m going to show you how to secure a Spring Boot application using Keycloak.

Securing Spring Boot with Keycloak - ThomasVItale.com

Before doing that, I’d like to briefly recall what I’ve done so far.

First, I highlighted the main features of Keycloak used in this series and explained how to install and boot the Keycloak server.

Then, I set Keycloak with some basic configurations to use it for securing a web application (providing it with authentication and authorisation).

In this article, I’ll talk about how to:

    1. Create a client in Keycloak;
    2. Set up the Spring Boot application;
    3. Define the application resources;
    4. Add access policies based on user roles.

You can check out the full source code of the demo project I’m going to build on GitHub.

Let’s get started! Continue reading “Securing a Spring Boot Application with Keycloak”

Introducing Keycloak for Identity and Access Management

Lately, I’ve been working with Keycloak, so I decided to better delve into it and write about it.

This article is the first of a series where I’d like to introduce Keycloak as a solution to manage authentication and authorisation, how to install it and which are the fundamental concepts and configurations.

Then I’d like to explain how to use it to secure Spring Boot, Spring Security and AngularJS applications and services, analyse the implementation when using a relational database to store users and finally how to manage users from Java thanks to the Admin REST API.

A preview of the Keycloak official website
Keycloak Website – Open Source Identity and Access Management

What is Keycloak?

Keycloak is an open source project developed and maintained by the RedHat Community.

“Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.”

It offers a broad set of features; I suggest you check the official documentation to get all the details.

Throughout this series I’ll explore the following features:

  • Admin Console to configure the Keycloak server and create realms, roles, users and clients;
  • Single Sign-On (SSO) using the Open ID Connect (OIDC) authentication and authorisation protocol;
  • Client Adapters to integrate Spring Boot, Spring Security and AngularJS with Keycloak;
  • Admin REST API for user management.

Continue reading “Introducing Keycloak for Identity and Access Management”

How to enable HTTPS in a Spring Boot Java application

Setting up HTTPS for Spring Boot requires two steps:

  1. Getting an SSL certificate;
  2. Configuring SSL in Spring Boot.

We can generate an SSL certificate ourselves (self-signed certificate). Its use is intended just for development and testing purposes. In production, you should use a certificate issued by a trusted Certificate Authority (CA). Whether you’re going to generate a self-signed certificate or you have already got one by a CA, I’ll show you how to enable HTTPS in a Spring Boot application.

how to enable HTTPS in Spring Boot - Thomas Vitale

In this tutorial I’ll explain how to:

  1. Get an SSL certificate
    • Generate a self-signed SSL certificate
    • Use an existing SSL certificate
  2. Enable HTTPS in Spring Boot
  3. Redirect HTTP requests to HTTPS
  4. Distribute the SSL certificate to clients.

Continue reading “How to enable HTTPS in a Spring Boot Java application”

Spring Data JPA using Hibernate and Java Configuration with Annotations

In this tutorial, I’ll show you how to use Spring Data JPA to integrate a relational database (PostgreSQL in my example) into a Spring Boot application.

Spring Data JPA using Hibernate and Java Configuration - Thomas Vitale

I’ll use these technologies and tools:

  • Spring Tool Suite (STS) 3.8.4.RELEASE
  • Java 8
  • Spring Boot 1.5.3.RELEASE
  • Maven 3.3.9
  • PostgreSQL 9.6.2

Continue reading “Spring Data JPA using Hibernate and Java Configuration with Annotations”