Indroduction

Spring-Keycloak-Starter is a maven dependency for easy keycloak integration & endpoint security

Integration

1. Add dependency

Gradle - Kotlin

// build.gradle.kts

repositories {

maven {

name = "github"

url = uri("https://maven.pkg.github.com/nicos-dev/spring-keycloak-starter")

credentials {

username = (project.properties["githubUser"] ?: System.getenv("GITHUB_USER")).toString()

password = (project.properties["githubPassword"] ?: System.getenv("GITHUB_TOKEN")).toString()

}

}

}

dependencies {

implementation("com.nicos-dev:spring-keycloak-starter:<version>")

}

2. Configure

# application.yml

keycloak-starter:

# Anonymous -> Without authorization

# Endpoint Security

matchers:

-

# Endpoint path - supports wildcards (*, **)

path: /endpoint/path/

# Methods which are permitted on path

methods:

- GET

- PUT

- POST

- DELETE

- TRACE

- PATCH

- OPTIONS

- HEAD

# Keycloak roles of client (optional if set to public)

requiredRoles:

- your-client-role

# Anonymous access allowed

public: "true/false"

# CORS (Cross-Origin) configuration for path - optional

cors:

# Create CORS entry or not - defaults to true

autoGenerate: "true/false"

# Defaults to wildcard

allowedOrigins:

- "*"

# Defaults to true

allowCredentials: "true/false"

# Defaults to below

allowedHeaders:

- Authorization

- Cache-Control

- Content-Type

# OAuth2 Configuration

oauth:

# Url where token was requested (issued) - iss claim

issuers:

- http://<kc-host>:<port>/auth/realms/<realm>

# Keycloak realm

realm: <realm>

# Keycloak client

clientId: <client>

keycloakAuthUrl: http://<kc-host>:<port>/auth

# Disables all security settings - unauthorized access to all endpoints

devMode: "true/false"

# Paths where anonymous access is granted

whitelist:

- /path/without/auth/**

disableCSRF: "true/false"

disableFrameOptions: "true/false"

# Defaults to if_required

sessionCreationPolicy: "always | stateless | never | if_required"