-
Keycloak is running at: http://localhost:8088
-
bootstrapped from: Building a RESTful Web Service
-
The controller and POJO class need to be under the same package as the Application class by default, otherwise might need to configure
SpringBootApplication
to havescanBasePackage
-
Method 1:
- Add keycloak-spring-boot-starter in pom.
- if using OAuth2 "Service Account/Client Credential"
- in application.properties:
keycloak.realm = Dev-idc keycloak.auth-server-url = http://localhost:8088 #keycloak.auth-server-url = https://auth.ops.kognitwin.cn/ keycloak.resource = kspice-adapter-service-account keycloak.bearer-only= true keycloak.security-constraints[0].authRoles[0]=user keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
- Set
Service Account Roles
to containuser
for client:Kspice-adapter-service-account
- Set
Authorization Enabled
for client:Kspice-adapter-service-account
- Use Postman OAuth2 to test
-
Method 2 (having little problem):
- Add spring-boot-starter-security in pom.
- Add keycloak-spring-boot-starter in pom?
- Follow
KeycloakWebSecurityConfigurerAdapter
, setkeycloakConfigFileResource
to be@Value("${keycloak.configurationFile:WEB-INF/keycloak.json}"), this might be the little problem since spring-boot-starter-security still goes to application.properties ...
- The keycloak.json could be downloaded from keycloak. info.
-
Since
spring-boot-maven-plugin
configuration executable is used. this app could be run by./demo-0.0.1-SNAPTSHOT.jar
instead ofjava -jar
- When transferred the file to Ubuntu, the file is in
rw-
, runchmod +x demo ...
- Run
nohup demo ...
to be no hangup app(run in background even after Shell closes)
- When transferred the file to Ubuntu, the file is in
keycloak-spring-boot-starter
depends on spring boot 2.*, so I downgraded this project to 2.7- Keycloak doc v18, I tried the
spring_boot_adapter
, seems bit old fashion. eg:
keycloak.securityConstraints[0].authRoles[0] = admin
keycloak.securityConstraints[0].authRoles[1] = user
keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure
keycloak.securityConstraints[1].authRoles[0] = admin
keycloak.securityConstraints[1].securityCollections[0].name = admin stuff
keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /admin
I then used the extending KeycloakWebSecurityConfigurerAdapter
method
-
Another way with diff dependencies to have keycloak adapter for spring boot