stackoom
  简体   繁体   中英

How to implement JWT with Keycloak in Spring boot microservice acrhitecture?

 原文  2019-02-21 09:42:57       spring-boot/ jwt/ microservices/ keycloak/ api-gateway

Question

I have read some articles for Keycloak spring implementation (eg: easily-secure-your-spring-boot-applications-with-keycloak ) but no one mention how to use with JWT.

I have created zuul api gateway and add Keycloak adapter as described in the previously linked article. That's ok, but I want to use JWT with keycloak.

Mentioned elsewhere set the client access type to bearer-only and the session strategy to NullAuthenticatedSessionStrategy. That's enough or need something else for JWT?

So my questions:

  • How do I configure client on Keycloak admin for JWT?
  • How do I configure Keycloak in backend config file for JWT?
  • How do I configure Keycloak adapter for JWT?
  • How do I pass user info to microservice? Create filter in gateway? But how I get user info from request?

1 answers

solution1
 3 ACCPTED  2019-02-21 12:47:31

Keycloak access token is a JWT . It is a JSON and each field in that JSON is called a claim . By default, logged in username is returned in a claim named “preferred_username” in access token . Spring Security OAuth2 Resource Server expects username in a claim named “user_name” . So, you need to create mapper to map logged in username to a new claim named user_name .

In order to provide access to client (micro-service), respective role needs to be assigned/mapped to user .

In your spring boot application, then you need to configure connection to keycloak server, providing, auth url, token url, scope , grant-type , client-id and client-secret .

Afterthat, your app be able to parse JWT token, you need to create some JwtAccessTokenCustomizer . This class should extend DefaultAccessTokenConverter and implement JwtAccessTokenConverterConfigurer classes. The main logic lays in public OAuth2Authentication extractAuthentication(Map<String, ?> tokenMap) method.

Then you need to configure OAuth2 Resource Server to provide access for other micro services. For that you define here - Oauth2RestTemplate Bean.

And in the end, secure your REST API, via the standard configuration Component .

So, you can see that, it is a large work, and couldn't be described with code, show some of your work, divide it to the chunk, and ask interesting your questions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to Setup Keycloak + Spring Boot + Oauth2 within Microservice Architecture Spring boot microservice with OAuth 2 and JWT for Security How to implement a recovery mechanism when a microservice is temporarily unavailable in Spring Boot? Securing Spring Boot service with keycloak - JWT token Use Keycloak and JWT Statelessly in Spring Boot how to architecture Spring Boot Microservice Implementing JWT, JWE and JWS (signed JWT) with Keycloak in Spring Boot Setting two subject in JWT token generation in spring boot microservice How can I implement Basic Authentication with JWT authentication in Spring Boot? Spring Cloud microservice with keycloak
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM