Keycloak - securing a Spring Boot application
Question
I am using Keycloak to secure my Spring Boot rest application.
The application also has a React front end.
My question is - should the front end also be secured using Keycloak?
If not, when would you secure the front end as well as the backend?
1 answers
solution1
2 2018-10-09 11:38:42
Yes it's normal to secure both frontend and backend with keycloak. Then the single sign-on login can happen in the frontend and the access token can be passed to the backend.
JHipster provides a way of creating projects that use this setup but that's more for projects starting from scratch. If you've already got your backend app setup then you'll want to add keycloak to your frontend so a better example might be https://github.com/novomatic-tech/keycloak-examples ,https://github.com/andres81/spring-boot-reactjs-keycloak-webapp or https://blog.scalac.io/user-authentication-with-keycloak-part1.html
Or if you're just using Oauth2 (and not any of the other methods that keycloak supports) then you can use an Oauth2 or OIDC library to handle the login and passing of the token to the backend instead of a keycloak-specific frontend library.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.