Spring Cloud Gateway with KeyCloak and OAuth2 | Authorization Server with Spring Security 3

How to SECURE My Microservices Architecture (REACTJS + SPRING CLOUD GATEWAY) With Keycloak

Мы завели Прохора Шаляпина в тупик😂

Мой тг: Подвал Стинта #стинт #stint #stintik

баттл сериалов ⚡️✅ мой тг «хей! это марьяна!» #шортс #баттл #манюня

Почему саморез не держится в дереве. Столярные секреты.

Spring Cloud Gateway with OAuth2 Authorization Server | Authorization Server with Spring Security 2

The Dev World - by Sergio Lema

Подписаться 13 тыс.

Просмотров 16 тыс.

50% 1

Видео Поделиться Скачать Добавить в

In this video I will create a Spring Cloud Gateway application connected to an OAuth2 Authorization Server. I will use an existing OAuth2 Authorization server and create a Spring Cloud Gateway application from scratch to consume data from a Resource Server.
This video belongs to a playlist where I show how to implement an Authorization Server with Spring Security: • Authorization Server
Content:
* Create a Spring Cloud Gateway application with the OAuth2 dependency;
* Configure Spring Cloud Gateway to connect to an OAuth2 Authorization server;
* Route some requests to a Resource Server with the Security Token;
* Use the Spring Cloud Gateway as an API without any associated frontend.
Repository: github.com/serlesen/authoriza...
My NEW eBook: sergiolema.dev/git-book/
Blog: bit.ly/47ornJL
LinkedIn: bit.ly/41Nn61q
Facebook: bit.ly/47rc9nh
Boost your APIs with API Monitor: bit.ly/4d7C0ny

Опубликовано:

3 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 52

@elierescobar7217 Год назад

Genial el vídeo, la idea llega perfectamente al que lo ve, siempre y cuando se visualice el vídeo anterior. Estoy muy pendiente a tu contenido ☺️ espero que subas videos más seguido. Saludos

@TheDevWorldbySergioLema Год назад

Gracias por el comentario. Me he tomado un mes de vacaciones 🌴, pero ahora he vuelto y seguiré publicando videos cada semana o cada 2 semanas (siempre intentando mantener un nivel de calidad alto)

@damedomey 4 месяца назад

Nice video. I really love the fact that you don't use localhost:port everywere and spring or client as provider name. It's very clear.

@TheDevWorldbySergioLema 4 месяца назад

Thanks! There are a lot of servers with this configuration, if I use server1, server2 and server3, it will be confusing to me too 😅

@samindaperamuna6392 Год назад

Thanks for these awesome videos.

@TheDevWorldbySergioLema Год назад

Thanks for your support

@collinsboniface2073 Год назад

Thanks a lot may God Bless you brother

@TheDevWorldbySergioLema Год назад

Thanks to you to watching me!

@user-mq9yu3sg7j Год назад

muchas gracias, fue muy util el video, me ayuda a aclarar cosas en mi trabajo

@TheDevWorldbySergioLema Год назад

Gracias a ti por el comentario Nicolas.

@siyu07 Год назад

Man you make complicated thing looks eazzzieeee.

@TheDevWorldbySergioLema Год назад

Thanks, I do my best!

@imsKo Год назад

Hi, thank you for the amazing tutorial! Do you know if is possible to add a prefix or customize the oauth2 uri entry point with the gateway? By default its set at /oauth2/authorization/{registrationId} but, can it be edited to /api/oauth2/authorization/{registrationId} instead?

@TheDevWorldbySergioLema Год назад

Yes, did you try adding the server.contextPath configuration to the Authorization Server with the value /api?

@himmelsdj3205 Год назад

Hi Segio, first I thank you for the time you dedicated to share such precious knowledges with the community. I just don't understand the configuration of keycloack inside the application.yml of the backend-keycloak-auth. What are the DB_DATABASE, DB_USER, DB_SCHEMA, DB_PASSWORD, KEYCLOAK_USER, KEYCLOAK_PASSWORD in the kc properties ? Where is that database used for and what data does it store ? Should I create another database keycloak_db different from the authdb I created in the first video for backend-auth ? Thank for this useful tutorial.

@TheDevWorldbySergioLema Год назад

This is present in the docker-compose.yml (not in the application.yml). It's the database configuration of the Keycloak Docker image. Those are the values to access the database dedicated to Keycloak (DB_DATABASE, DB_USER, DB_SCHEMA, DB_PASSWORD) and the default user of the Keycloak interface (KEYCLOAK_USER, KEYCLOAK_PASSWORD). You should have a dedicated database for Keycloak and another one for your application.

@himmelsdj3205 Год назад

@@TheDevWorldbySergioLema Thanks for the reply. So do you mean that I need to download Keycloak, install it with a standalone database and use it like a management dashboard to set up credentials ? I just don't want it's dashboard and an extra task for security management, is it possible ? Can I trivialise every about Keycloak with springboot without downloading it and have it and without have as another dashboard ?

@TheDevWorldbySergioLema Год назад

The goal about using Keycloak is to have a separated entity to manage your passwords. If you want to manage all from a Spring Boot application (accounts creation and password validation) you should use a traditional password management: create a login form, a table for the users, hash the passwords, manage the endpoints with a JWT... I don't see the point of having Keycloak and manage it from the same backend.

@marziehghadirinia9862 6 месяцев назад

Hi Sergio. Thank you for your great teaching. Is it possible for you to explain about the service to service relationships with oauth2.Thank you in advance.

@TheDevWorldbySergioLema 6 месяцев назад

I don't understand what do you mean about service to service? Within a microservices architecture? Or between the authorization server and the API gateway?

@marziehghadirinia9862 6 месяцев назад

@@TheDevWorldbySergioLema between normal microservices.

@marziehghadirinia9862 6 месяцев назад

@@TheDevWorldbySergioLema I can not understand the flow that microservices must do regarding to API gateway and authorization server.

@TheDevWorldbySergioLema 6 месяцев назад

Ok. Between the private microservices, you don't need any authentication. Once the request is authenticated by the API Gateway, you can trust it for the inner microservices. A thing I do, is include all the user information in the header of the private microsrevices requests. This way, I know which user made the original request. Check how I do it in this video: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-Aqznhmhy_9o.html

@marziehghadirinia9862 6 месяцев назад

Thanks a lot :)@@TheDevWorldbySergioLema

@Tmumbach Месяц назад

Hello, great video! Using gateway as oauth client, how to authenticate and consume the api using Postman or insomnia? Thanks!

@TheDevWorldbySergioLema Месяц назад

Thanks. It's not easy. What I do is: * log in the application using the Website * go the localstorage * copy the token * use it in Postman

@muhammadarifnasution9933 Год назад

thanks for the awesome tutorial can you share also how to login into auth server via api? thanks

@TheDevWorldbySergioLema Год назад

I'm not sure to understand your question. You shouldn't use the authorization server via the API. Only via the browser to add/edit realms, clients and final users.

@AlexSilva-zs2ul 6 месяцев назад

I'm not sure how the front-end will deal with the request with the code, coming back to the gateway. I used to see the request with the authorization code come back to the front-end, and then, It will get the token.

@TheDevWorldbySergioLema 6 месяцев назад

This solution is more oriented for a backend usage, or a frontend integrated into the backend (a Server-Side Rendering frontend). To use the OAuth2 workflow with an external frontend like React or Angular, I have some other videos which handle this situation with Keycloak.

@dogomation556 Год назад

Shouldnt we use client credentials grant type for microservices Authorization?

@TheDevWorldbySergioLema Год назад

It will depend about how the architecture is built and how the resources are used. Check more details about the differences here: docs.appian.com/suite/help/22.2/oauth_client_credentials.html#:~:text=The%20OAuth%202.0%20framework%20is,an%20application%2C%20not%20a%20user.

@saidoubarry4455 Год назад

Hello Which java version did you use ?

@TheDevWorldbySergioLema Год назад

Hi, I'm using Java 17, which is the latest LTS until Java 21 is released in September 2023.

@abdulkhalik759 Год назад

How to make different client id and secret for different client apps. In your example each app has the same client id and secret

@TheDevWorldbySergioLema Год назад

I've created a single app, I've registered a single Client. But you can register as many as you want in the authorization server, and use them in the different clients as you want.

@carlosh9732 Год назад

me gusto el video, si me aclaró unas cosas, pero si alguien me puede resolver una duda si yo poseo el authorization server, bueno es decir todo, el registro del cliente se sigue haciendo desde el api gateway? o es en ambos lados?, si es para una plataforma web sería necesario ponerlo en el api gateway o solo se usa directamente el microservicio? :( igualmente gracias por el contenido

@TheDevWorldbySergioLema Год назад

Tendrías el API Gateway que solo hace oficio de mensajero. Una vez que el usuario intenta registrarse, el API Gateway envia todo al authorization server. Luego, con el JWT, el API Gateway tambien redirige todo hacia el microservicio interno solicitado. Si no utilizas un API Gateway, pero un simple backend, es el backend que solicitará el authorization server para validar las contraseñas de los usuarios y solo trabajar con un JWT. El hecho de utilizar un authorization server no es exclusivo a las arquitecturas microservicios. Puedes utilizar una autenticación OAuth2 con un servidor ya existente (Google, Facebook, Github...). Espero haber aclarado tu duda.

@collinsboniface2073 Год назад

"1 unavailable video is hidden" is there the next Video in this playlist

@TheDevWorldbySergioLema Год назад

Yes, it's a new one I'm still working on. I will publish it next week.

@anhemcoder4745 11 месяцев назад

/** * For the backend-resources, I indicate that all the endpoints are protected. * To request any endpoint, the OAuth2 protocol is necessary, using the server configured and with the given scope. * Thus, a JWT will be used to communicate between the backend-resources and backend-auth when backend-resources * needs to validate the authentication of a request. */ If /api/public/** how will it be configured? Pls

@TheDevWorldbySergioLema 11 месяцев назад

The public endpoints can be configured in both the API Gateway and in the spring-security configuration of backend-resources. When calling those endpoints, no JWT will be transmitted and used against backend-auth. I don't know if I've answered your question.

@anhemcoder4745 11 месяцев назад

@@TheDevWorldbySergioLema Thanks a lot!

@TheDevWorldbySergioLema 11 месяцев назад

You're welcome!

@shahrzadkhorrami8542 Год назад

Hello, Thanks for your great videos. I am testing your codes, what is the password for sergio?

@TheDevWorldbySergioLema Год назад

I'm not sure about which credentials you are talking about.

@shahrzadkhorrami8542 Год назад

@@TheDevWorldbySergioLema The password for login (sergio is the username, but the password is encoded).. and when I do backend-gateway-client:8083/logout, it does not logout correctly, the page backend-gateway-client:8083/messages is still loading, inspite of logout. Should I add something in backend auth for logout?

@TheDevWorldbySergioLema Год назад

Ok, I see. I've created the "sergio" user directly in the dataabase. You can do the same, creating a user with an encoded password directly in the database. This database and the associated table will be used by backend-auth to read the credentials. About the logout, I share you this link where it's clearly explain how to perform a correct logout

@shahrzadkhorrami8542 Год назад

@@TheDevWorldbySergioLema thanks a lot, which link for logout?

@TheDevWorldbySergioLema Год назад

Oh, sorry, I forgot to paste the link 😅. Here it is: stackoverflow.com/questions/70735327/spring-oauth2-authorization-server-unable-to-logout-users

@marypaul9627 Год назад

Hi,i send you an email kindly hope you see it on the email address provided on your channel

@TheDevWorldbySergioLema Год назад

I have it, yes

Далее

Spring Cloud Gateway with KeyCloak and OAuth2 | Authorization Server with Spring Security 3

13:09

Spring Cloud Gateway with KeyCloak and OAuth2 | Authorization Server with Spring Security 3

Просмотров 24 тыс.

How to SECURE My Microservices Architecture (REACTJS + SPRING CLOUD GATEWAY) With Keycloak

14:19

How to SECURE My Microservices Architecture (REACTJS + SPRING CLOUD GATEWAY) With Keycloak

Просмотров 19 тыс.

Мы завели Прохора Шаляпина в тупик😂

00:58

Мы завели Прохора Шаляпина в тупик😂

Просмотров 182 тыс.

Мой тг: Подвал Стинта #стинт #stint #stintik

00:21

Мой тг: Подвал Стинта #стинт #stint #stintik

Просмотров 399 тыс.

баттл сериалов ⚡️✅ мой тг «хей! это марьяна!» #шортс #баттл #манюня

00:34

баттл сериалов ⚡️✅ мой тг «хей! это марьяна!» #шортс #баттл #манюня

Просмотров 1,3 млн

Почему саморез не держится в дереве. Столярные секреты.

00:59

Почему саморез не держится в дереве. Столярные секреты.

Просмотров 151 тыс.

How to use the Spring Cloud Gateway Filter for Authentication | Microservices 3

11:00

How to use the Spring Cloud Gateway Filter for Authentication | Microservices 3

Просмотров 34 тыс.

Your Backstage Needs a Platform

14:07

Your Backstage Needs a Platform

Просмотров 104

OAuth2 and OpenID Connect | Authorization Server with Spring Security 1

25:17

OAuth2 and OpenID Connect | Authorization Server with Spring Security 1

Просмотров 21 тыс.

Reactive Java Microservices with Spring Cloud Gateway

31:53

Reactive Java Microservices with Spring Cloud Gateway

Просмотров 14 тыс.

Spring Tips: The Spring Authorization Server

22:21

Spring Tips: The Spring Authorization Server

Просмотров 16 тыс.

Spring Cloud Security | OAuth2 Google Sign In using Spring Boot | JavaTechie

12:22

Spring Cloud Security | OAuth2 Google Sign In using Spring Boot | JavaTechie

Просмотров 64 тыс.

iOS 17.6 обновление! Что нового в iOS 17.6? Обзор iOS 17.6, батарея, скорость, стоит ли ставить?

5:27

iOS 17.6 обновление! Что нового в iOS 17.6? Обзор iOS 17.6, батарея, скорость, стоит ли ставить?

Просмотров 56 тыс.

⚠️ ЧТО ДЕЛАТЬ, ЕСЛИ СМАРТФОН УПАЛ В ВОДУ?! Самый НЕОБЫЧНЫЙ способ от Xiaomi!

0:51

⚠️ ЧТО ДЕЛАТЬ, ЕСЛИ СМАРТФОН УПАЛ В ВОДУ?! Самый НЕОБЫЧНЫЙ способ от Xiaomi!

Просмотров 356 тыс.

КРУТОЙ ОРГАНАЙЗЕР С БЕСПРОВОДНОЙ ЗАРЯДКОЙ ДЛЯ ТВОЕГО АВТО | РАСПАКОВКА с WB

0:56

КРУТОЙ ОРГАНАЙЗЕР С БЕСПРОВОДНОЙ ЗАРЯДКОЙ ДЛЯ ТВОЕГО АВТО | РАСПАКОВКА с WB

Просмотров 220 тыс.

😅Как ПО-НАСТОЯЩЕМУ идеально наклеить защитное стекло Доверяйте профессионалам 🤗

0:27

😅Как ПО-НАСТОЯЩЕМУ идеально наклеить защитное стекло Доверяйте профессионалам 🤗

Просмотров 20 тыс.

Что такое CSRF атака? #programming #vulnerability #hackingtips #hack #pentesting #shorts #hacker

0:59

Что такое CSRF атака? #programming #vulnerability #hackingtips #hack #pentesting #shorts #hacker

Просмотров 330 тыс.

14 Pro Max premium case white colour with metal camera ring free heart case scratch proof

0:50

14 Pro Max premium case white colour with metal camera ring free heart case scratch proof

Просмотров 15 млн

iPhone 16 - 20+ КРУТЫХ ИЗМЕНЕНИЙ

5:20

iPhone 16 - 20+ КРУТЫХ ИЗМЕНЕНИЙ

Просмотров 98 тыс.