[keycloak-user] Help with keycloak integration with Spring boot rest api

Doug Szeto DSzeto at investlab.com
Wed Sep 9 06:09:36 EDT 2015


If you use the keycloak-spring-boot adapter, it only supports basic authentication (username + password).
If you use the keycloak-spring-security adaptor, it gives more options including bearer token support.

The bearer token is the access token put into the http header. Specifically you set the “Authentication” header with “Bearer {access token}”.
You get the access token from the oauth 2 login process.
A good example of code is available in keycloak/examples/cors.

—Doug

From: Anunay Sinha <anunay.sinha at arvindinternet.com<mailto:anunay.sinha at arvindinternet.com>>
Date: Tue, 8 Sep 2015 16:05:39 +0530
To: <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: [keycloak-user] Help with keycloak integration with Spring boot rest api

Hi Everyone,
I am new to both spring and keycloak and I do admit that am writing this before exhausting all my options, but I have spent quite a good amount of time on this.

So here is my deal.
I have created a spring boot rest api and have tested it.
Next I was trying to integrate it with keyCloak
  I modified my gradle for keycloak
  I configured a client in KeyCloak admin console. It  was bearer only.

{
  "realm": "TestMyAccount",
  "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB",
  "bearer-only": true,
  "auth-server-url": "http://127.0.0.1:8080/auth",
  "ssl-required": "none",
  "resource": "AIL_MYACCOUNT"
}

Next I added the following items to my application.properties

keycloak.realm = TestMyAccount
keycloak.realmKey = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB
keycloak.auth-server-url = http://127.0.0.1:8080/auth
keycloak.ssl-required = external
keycloak.resource = AIL_MYACCOUNT
use-resource-role-mappings = false
ssl-not-required = true
bearer-only = true

This is as per the documentation<http://keycloak.github.io/docs/userguide/html/ch08.html#spring-boot-adapter>
I don't have a web.xml in my project and going as per the video tutorial I ignored those settings.

My access to api was restricted and it is asking me for the authorization.
But am not able to provide it. As per the example in the document, it seems like bearer only application work on tokens only.
-------------------------------------------------
Here is my first question.
Is there a way to generate the tokens for bearers only applications
-------------------------------------------------

To get the token I created another client, this time "confidential" redirecting to same base URI and used it to generate the access token

When am using this access token to access my API am still getting the 401 error.

Am not sure what am doing wrong and where am doing wrong.

Request you to please help me with this

_______________________________________________ keycloak-user mailing list keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150909/8c8b1447/attachment-0001.html 


More information about the keycloak-user mailing list