How To Integrate Keycloak RBAC With Spring Gateway And Resource Server - Part 2

Подписаться 2,8 тыс.

Просмотров 7 тыс.

50% 1

In this video we will be looking at how we integrate a resource server with Spring Cloud Gateway Application.
We will be using OAuth2 OpenId Connect (OIDC) mechanism to authenticate the user with Keycloak and then check for role based access (RBAC) in the resource server.
Spring cloud Gateway Integration with Keycloak : • How To Integrate Keycl...
You can also read about this along with the GitHub link to the code: refactorfirst.com/spring-clou...
You can support me by buying me a coffee 😄 : www.buymeacoffee.com/amrutprabhu
Gear I use:
Sony Alpha a6000 : Amazon India : amzn.to/3RM7QMJ
Germany : amzn.to/3G1Iw24
US : amzn.to/3cpKZ9E
UK : amzn.to/3J0g5Ry
Razer Microphone : Amazon India : amzn.to/3aQxI9C
Germany : amzn.to/3DRRrAh
US : amzn.to/3ITKu3Q
UK : amzn.to/3v3RHbU
--- Chapters --------
00:00 - Introduction
00:46 - Keycloak Role Assignment
02:25 - Creating Resource Server
03:05 - Code Walkthrough
03:25 - Resource Server Configuration
03:57 - Setting Properties
04:45 - Controller Code
05:27 - API Gateway Path
06:35 - Starting Application
07:14 - Debugging Controller
07:31 - Decoding Token
08:35 - Understanding Realm Role Converter
09:30 - Allowed Role Annotation
10:07 - Flow Summary
10:25 - Understanding OAuth2
12:15 - Conclusion & Article
Music Credits:-
Sappheiros - Awake
----------------------------
Social Media
RU-vid / sappheiros
Spotify goo.gl/hE9MDJ
Twitter SappheirosMusic
Instagram sappheirosmusic
Facebook SappheirosMusic
Discord discord.gg/Pk87yN9
/ awake
--------------------------------------------------

Наука

Опубликовано:

3 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 50

@edwardm4348 2 года назад

Very informative and precise. Thank you for taking your time.

@RefactorFirst 2 года назад

Glad I could help.

@nikhilpawar7876 2 года назад

You saved my life with this tutorial 🙏🙏.. great work brother

@RefactorFirst 2 года назад

Glad it helped you 🙂

@agrinbrg 2 года назад

You are magician !

@f.5528 2 года назад

very good video. TY

@sureshkumar-ib6wx 2 года назад

Thanks for wonderful video, it gave me basic understanding of oath2 flow. Can you please also make a video for creating keycloak user from api gateway

@RefactorFirst 2 года назад

To allow user creation, you just need to select the option to include user registration in the login ui. This is available from keycloak directly. Nothing changes on the API gateway

@mohamadsharifi2353 Год назад

Nice Video. How do you configure policy enforcer with spring cloud gateway for fine grained authorization?

@sasasisi8854 2 года назад

can you make more videos about keycloak configuration?

@jusamuel4246 2 года назад

Great video! I have one question, how the frontend, for example react, integrate with keycloak for user registration etc? thank you

@RefactorFirst 2 года назад

If you mean, having a separate frontend and using keycloak for authentication, then you cannot do this in oauth2. Since keycloak is the authorization server, it provides the UI for login. However, keycloak login screen can be customized. Details are in the documentation.

@ravindralonkar5102 11 месяцев назад

Hello sir, How we can call auth api from postman, can you please make one video

@glnjalsa 2 года назад

I have a onprem LDAP server which has all the info about user permissions. Planning to develop a Rest API on top of onprem server which gives the response as read/write perm, all of the microservices are on cloud and user roles are tagged to the rest api. Can I use keycloack to generate a token which contains user permissions as part of claims and pass it to the backend server to validate it?

@montuaneja3643 Год назад

Very much needed and helpful information, thanks a lot. i have a question like you have shown this example by taking one service and created 2 classes RealmRoleConverter and ResourcesServerConfig as part of resource configs suppose we have 5-10 services so ,we need to create these two classes in all the microservices, right? am i right or is there any other way of doing this?

@RefactorFirst Год назад

Yes.. if you want to protect them with OAuth2

@priyankagawada4158 2 года назад

Thanks for such an end to end working example with spring cloud gateway and Keycloak. I have a query - How api gateway and keycloak can be used to authenticate user details received from a client application like Angular? POST ({email password}) Flow : Angular -----------------------> API Gateway ------------> Keycloak

@RefactorFirst 2 года назад

I think this would not be possible using oauth2 mechanism. Keycloak is the authorization server and it has the responsibility to check for authentication as it has the user details with itself. As a solution you can always customize the UI provided by keycloak for authentication.

@marypaul9627 Год назад

Hi thanks,a new subscriber here been looking for such a tutorial for days i have implemented and itr has worked just aking i have a front end by react which api do i hit to be directed to the login page that has auth?

@RefactorFirst Год назад

You can hit the /login endpoint. I have made another video talking about solving login and logout issues with keycloak. May be you can get some more info from there..

@sumithk1493 Год назад

How do i implement a POST API which passes through the Gateway?

@Tecnitr0nic Год назад

TokenRelay is not working. When I use postman to test my endpoints, gateway responds code 200 but always shows (in html in postman) the keycloack login webpage, I can never pass even submitting the token to the gateway. However, it works if I send the request to the microservice without using the gateway. Do you know what could be happening?

@buddy6670 2 года назад

please make the theme light. it is less visible. hope u will do further on

@RefactorFirst 2 года назад

Checkout the latest videos.. its with light theme..

@severorossini7938 2 года назад

I can configure the client (for login) and the resource server in the same app or configuration??

@RefactorFirst 2 года назад

Yes.. you can.. you dont need the additional resource server dependencies. Just the auth server with security is enough..

@pradhyumnakandamuru Год назад

Hi, when I do this activity in API gateway from a browser it is generating cookies, how can we tell reactive security flow to stay Stateless and pass tokens in the headers?

@RefactorFirst Год назад

You will need to define this in the properties. What I remember last is that there is a property to forward the token in the header. You will have to check the documentation for the property.

@agrinbrg 2 года назад

Do you know how to configure spring boot gateway to log out from keyclock? I am trying to use your application code and just having trouble. Any ideas would be very helpful !

@RefactorFirst 2 года назад

In your keycloak realm settings, open the oidc endpoint url.. you will find all the urls there..including the logout url.. on calling the logout url.. you can logout..

@RefactorFirst 2 года назад

I did some more research, so spring security handles logout using /logout url.. hitting that is enough to logout the user.. spring security will automatically take of the rest.

@marypaul9627 Год назад

Thank you again,i now face this error when i try to hit localhost:9090 instead of getting logging page like you i get error 403 not authorized...have crosschecked my code to look like yours but in vain

@RefactorFirst Год назад

Try running my code from github.. may be you can figure out something more..

@buddy6670 2 года назад

how to use Backchannel Logout URL for logging out the user in api gateway application

@RefactorFirst 2 года назад

Hitting /logout will help as far as i can remember.

@buddy6670 2 года назад

@@RefactorFirst Yeah I did that. But there is no login page coming again from keycloak. I am able to access the apis again without login.

@RefactorFirst 2 года назад

Try hitting this " auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout" on the auth server .. see if it logs out.. if it does.. then you need to check on the api gateway.. mostly "/logout" on the api gateway causes the logout to happen..

@buddy6670 2 года назад

@@RefactorFirst i will try it. Also got to know that my realm_roles was not coming, so i have to update in Client Scopes > roles > Mappers > realm roles > Add to userinfo = true

@RefactorFirst 2 года назад

Nice.. hope your comment helps someone else also..

@Ajay-ds1lv 2 года назад

Hi sir, I need a help when I am sending request from react to the microservice through gateway I am getting cors origin error. I would be grateful if you help.

@Ajay-ds1lv 2 года назад

Can anyone help?

@RefactorFirst 2 года назад

You will have to add allowed hosts to solved cors issue. If your host is localhost add it to the allowed hosts.. that will solve the issue..

@Ajay-ds1lv 2 года назад

It should be in the gateway. right? Or in microservice?

@RefactorFirst 2 года назад

If it should be where the spring security is integrated..

@Ajay-ds1lv 2 года назад

I have done as same as you have done in keycloak videos

@senoremc4628 Год назад

Hi, thank you very much for your videos. Do you know how can I access a resource from a frontend in vuejs. For example, I want a list of products and I am trying to do it like this: export default class ProductService { url = "localhost:8181/api/product/" getAllProducts() { return axios.get(this.url, { headers: { 'Origin': ' localhost:8082' } }); } } The problem is that I have the following errors. 1. Setting the insecure header 'Origin' has been rejected. 2. Access to XMLHttpRequest at 'localhost:8181/api/product/' from origin 'localhost:8082' has been blocked by CORS policy: 'Access-Control-Allow-Origin' header is not present in the requested resource.