Secure your application with Spring Security and Keycloak
Nowadays, writing secure apps is becoming essential, and security is a major component of application development. For this reason, we will examine in this post how to use Spring Security and Keycloak to secure Spring Boot applications.
Keycloak Setup
We’ll use Docker to create a Keycloak container. We rapidly initialize a container in Docker by running following command.
docker run \
-p 8081:8080 \
-e KEYCLOAK_ADMIN=admin \
-e CLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:24.0.2 \
start-dev
If we go to http://localhost:8081, we should see the login page of our Keycloak instance. Nice and simple!
After logging in by using the credentials we specified in the command above, we will create a realm named medium.
In the following images, starting with Step 1, we create a client with the client id medium-app.
In Step 2, we select Client authentication and in addition to the default values, we select also the Implicit flow as an authentication flow. The Implicit Flow is suitable for client-side applications, such as…