Secure your application with Spring Security and Keycloak

Nowadays, writing secure apps is becoming essential, and security is a major component of application development. For this reason, we will examine in this post how to use Spring Security and Keycloak to secure Spring Boot applications.

Keycloak Setup

We’ll use Docker to create a Keycloak container. We rapidly initialize a container in Docker by running following command.

docker run \
-p 8081:8080 \
-e KEYCLOAK_ADMIN=admin \
-e CLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:24.0.2 \
start-dev

If we go to http://localhost:8081, we should see the login page of our Keycloak instance. Nice and simple!

Login page of Keycloak

After logging in by using the credentials we specified in the command above, we will create a realm named medium.

In the following images, starting with Step 1, we create a client with the client id medium-app.

Step 1. Creating the medium-app client.

In Step 2, we select Client authentication and in addition to the default values, we select also the Implicit flow as an authentication flow. The Implicit Flow is suitable for client-side applications, such as…