I have a spring boot application secured with keycloak. I have a client in keycloak specific for this application.
Now I want to deploy spring boot admin and also implement keycloak on it. My question is how can I let the spring-boot-admin talk to my app?
Related
According to the current official documents, how to manage the resource service when using spring security oauth2 authorization server as the authentication server? Previously, in spring cloud security, there were two sides: server and client. At present, this part has been removed. What dependency does the removed resource service need? Use spring boot security?
I'm writing a spring boot webapp and now I need to manage it with spring boot admin. By creating another spring webapp and make it the admin server, everything works just fine, but now I need to implement server and client on the same webapp. How can I do that?
On my webapp i'v added this on my application.properties:
spring.application.name=Events generator
spring.boot.admin.client.url=http://localhost:8080
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
server.port=8081
What I need to do to make this webapp either client and server for Spring boot admin?
I've setup Keycloak and a public/front-end spring boot app successfully. Everything is working as expected. The front-end Spring Boot App is configured in Keycloak as a client (app-ui) in the realm, user's are able to login through keycloak, tokens pass successfully everything's great. Spring Security is securing endpoints and roles are being respected for endpoints.
Now, I'm trying to add a downstream Spring Boot App (Web Service) in the mix and I want it to be aware of the logged in user to be able to secure calls to it. The front-end Spring Boot App is using Feign Client to call the REST endpoints on the back-end Spring Boot App, but the back-end is not doing any authentication/authorization.
I have a couple questions I'm having trouble figuring out:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
Is there anything specific to configure in the back-end Spring Boot App? Does it talk to Keycloak to verify the authenticated user details it receives from the upstream callers?
I'd love to see a demo or tutorial that takes the one's I've seen about How to integrate Keycloak and Spring Boot one step farther to also secure any other downstream services. If I can figure this out, I'll post one.
I'm assuming this can be done with standard OAuth2 configuration on the back-end Spring Boot App, but I wasn't sure how it's recommended to achieve this architecture.
Here's the architecture I'm trying to setup:
How do I setup the front-end Spring Boot App to pass the authenticated user details to the back-end Spring Boot App (RequestInterceptor / RestTemplate / Feign config / Http Headers)?
You need to pass bearer-token in your http request header.
How do I configure the back-end Spring Boot App to use the authenticated user details it receives from the upstream Spring Boot App and what dependencies do I need to add to the back-end Spring Boot App to facilitate that (org.keycloak:keycloak-spring-boot-starter and org.springframework.boot:spring-boot-starter-security)?
You need to add a new client in realm for example "back-end-client" and set its "Access Type" to 'bearer only'. You will need 'keycloak-spring-boot-starter' and 'spring-boot-starter-security' dependencies, also in your add 'keycloak-adapter-bom' .
In your application.properties you should have below mentioned properties
keycloak.realm =
keycloak.auth-server-url = your keycloak url
keycloak.ssl-required =external
keycloak.bearer-only=true
keycloak.resource =your client name
keycloak.credentials.secret= your secret key
keycloak.security-Constraints[0].authRoles[0] = user
keycloak.security-Constraints[0].securityCollections[0].patterns[0] = /*
keycloak.cors=true
Is there anything I need to configure in Keycloak for the back-end Spring Boot App? Should it be registered in Keycloak as a confidential/non-public client (e.g. app-api)?
You need to create a new client and it should be registered as "bearer only"
you can refer this link : https://www.keycloak.org/docs/latest/securing_apps/#_spring_boot_adapter
I am trying to host my spring boot app, based on the documentation of spring boot they mention Heroku, AWS, Google Cloud, google cloud as some of the host providers. I want to know if Springboot apps can be hosted also on Vultr and Upcloud and any other.
Spring boot is a simple java application can be deployed in any cloud. please specify if you have some specific concern.
Please look into this link:
https://docs.spring.io/spring-boot/docs/current/reference/html/deployment-install.html
i setup a service which uses spring boot application(for regular rest calls) and a embedded Netty server using NettyReactiveWebServerFactory in a different port (for eureka related calls).
All the actuator related functionality is applied to my main spring boot application but not to my embedded netty server.
Is there anyway where i can enable the actuator endpoints to both servers?
Used versions:
Spring boot version- 2.0.8, spring webflux
Spring cloud - Finchley.SR2