Hello there, I am using AngularJS client (fronted) and Spring Boot with
Keycloak adapter (backend). In the backend, I am trying to expose a
unprotected (naked) API for the client to use, so I would like to make sure
that keycloak doesn't try to protect it. So I have the following questions
related to using Keycloak with Spring Boot:
1) How the Keycloak intercepts incoming HTTP requests: do incoming requests
come the Spring Boot and at what point the Keycloak comes into the play?
Also, how can I make sure that certain Rest applications are left
unprotected? From the documentation I can see a simple way of protecting
certain URLs, but this brings me to my second question...
2) Where can I find full documentation about all the configuration
possibilities for the Spring Boot Adapter? If I'll have to dive into the
code, could some one kindly point a correct starting point and give
instructions how to learn to extract all of the configuration properties
like "security collections" etc. (see below). The traditional
"web.xml" is
quite easy the read and understand, but it isn't one-to-one mapping with
"application.properties" file content. With further info it might be
possible to use Spring Boot's code based configuration methods too.
Thanks in advance, best regards, Jari
--- The current documentation ---
You also need to specify the J2EE security config that would normally go in
the web.xml. Here’s an example configuration:
keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] =
/insecure
keycloak.securityConstraints[0].securityCollections[1].name = admin stuff
keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /admin