[英]Keycloak - securing a Spring Boot application
I am using Keycloak to secure my Spring Boot rest application.我正在使用 Keycloak 来保护我的 Spring Boot rest 应用程序。
The application also has a React front end.该应用程序还有一个 React 前端。
My question is - should the front end also be secured using Keycloak?我的问题是 - 前端也应该使用 Keycloak 来保护吗?
If not, when would you secure the front end as well as the backend?如果没有,你什么时候保护前端和后端?
Yes it's normal to secure both frontend and backend with keycloak.是的,使用 keycloak 保护前端和后端是正常的。 Then the single sign-on login can happen in the frontend and the access token can be passed to the backend.
然后可以在前端进行单点登录,并且可以将访问令牌传递给后端。
JHipster provides a way of creating projects that use this setup but that's more for projects starting from scratch. JHipster 提供了一种创建使用此设置的项目的方法,但这更适用于从头开始的项目。 If you've already got your backend app setup then you'll want to add keycloak to your frontend so a better example might be https://github.com/novomatic-tech/keycloak-examples ,https://github.com/andres81/spring-boot-reactjs-keycloak-webapp or https://blog.scalac.io/user-authentication-with-keycloak-part1.html
如果您已经设置了后端应用程序,那么您需要将 keycloak 添加到前端,因此更好的示例可能是https://github.com/novomatic-tech/keycloak-examples 、https://github.com /andres81/spring-boot-reactjs-keycloak-webapp或https://blog.scalac.io/user-authentication-with-keycloak-part1.html
Or if you're just using Oauth2 (and not any of the other methods that keycloak supports) then you can use an Oauth2 or OIDC library to handle the login and passing of the token to the backend instead of a keycloak-specific frontend library.或者,如果您只是使用 Oauth2(而不是 keycloak 支持的任何其他方法),那么您可以使用 Oauth2 或 OIDC 库来处理登录并将令牌传递到后端,而不是特定于 keycloak 的前端库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.