Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 3. Using Red Hat Single Sign-On with Spring Boot
Red Hat Single Sign-On client adapters are libraries that make it very easy to secure applications and services with Red Hat Single Sign-On. You can use the Keycloak Spring Boot adapter to secure your Spring Boot project.
3.1. Using Red Hat Single Sign-On with Spring Boot Container
To secure a Spring Boot application, add the Keycloak Spring Boot adapter JAR to your project. The Keycloak Spring Boot adapter takes advantage of Spring Boot’s autoconfiguration feature so all you need to do is add the Keycloak Spring Boot starter to your project.
Procedure
To manually add the Keycloak Spring Boot starter, add the following to your project’s
pom.xml
.<dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-boot-starter</artifactId> </dependency>
Add the Adapter BOM dependency.
<dependencyManagement> <dependencies> <dependency> <groupId>org.keycloak.bom</groupId> <artifactId>keycloak-adapter-bom</artifactId> <version>3.4.17.Final-redhat-00001</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
Configure your Spring Boot project to use Keycloak. Instead of a
keycloak.json
file, you can configure the realm for the Spring Boot Keycloak adapter using the normal Spring Boot configuration. For example, add following configuration tosrc/main/resources/application.properties
file.keycloak.realm = demorealm keycloak.auth-server-url = http://127.0.0.1:8080/auth keycloak.ssl-required = external keycloak.resource = demoapp keycloak.credentials.secret = 11111111-1111-1111-1111-111111111111 keycloak.use-resource-role-mappings = true
You can disable the Keycloak Spring Boot Adapter (for example in tests) by setting
keycloak.enabled = false
. To configure a Policy Enforcer, unlikekeycloak.json
,policy-enforcer-config
must be used instead of justpolicy-enforcer
.Specify the Java EE security configuration in the
web.xml
. The Spring Boot Adapter will set thelogin-method
to KEYCLOAK and configure thesecurity-constraints
at the time of startup. An example configuration is given below.keycloak.securityConstraints[0].authRoles[0] = admin keycloak.securityConstraints[0].authRoles[1] = user keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure keycloak.securityConstraints[1].authRoles[0] = admin keycloak.securityConstraints[1].securityCollections[0].name = admin stuff keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /admin
Note: If you plan to deploy your Spring Application as a WAR then do not use the Spring Boot Adapter. Use the dedicated adapter for the application server or servlet container you are using. Your Spring Boot should also contain a
web.xml
file.