When using Keycloak, you may have noticed that user management is done through the UI provided by Keycloak, which is convenient but often not suitable for use in development. For example, you can’t let end-users go directly to Keycloak’s Admin Console to register. Therefore, it is necessary to APIize these functions, and today we are going to share a method to operate Keycloak through programming. Introduction to Keycloak Admin Client
The execution flow of an interface between Keycloak and Spring Security
In the previous article we got familiar with the common configuration of Keycloak, today we will do an analysis of the execution flow of Keycloak adapted to Spring Security and briefly understand some of its customized Spring Security filters. Execution flow of /admin/foo In the Spring Boot application adapted with Keycloak and Spring Security, I wrote a /admin/foo interface and configured the permissions for this interface as follows. 1 2
Common properties of Keycloak adapters
In the last Keycloak article, we successfully adapted Keycloak to Spring Security with a keycloak.json configuration. It contains quite a few properties that I feel we need to learn together as we go deeper into the process.
Common properties of Keycloak adapters realm Domain name, this is a mandatory item.
resource The application’s client_id, a unique identifier for each client registered on the Keycloak server. This is a mandatory item.
Using Keycloak as an Authentication Authorization Server in Spring Security
Keycloak provides adapters for popular Java applications. In previous articles, we demonstrated security protection for Spring Boot using one of the adapters. Keycloak also provides adapters for Spring Security, and in the following articles we will learn together about the use of Spring Security adapters. The installation of Keycloak can be found in the previous tutorials in the series. Adapter integration In our Spring application we integrate keycloak-spring-security-adapter. 1 2
OIDC authentication authorization protocol
In the previous article we reviewed the OAuth 2.0 process with an example, and pointed out the limitations of OAuth 2.0: The client cannot identify the resource owner as the correct advocate, and while commercially available OAuth 2.0 can guarantee authorization security, OAuth 2.0 itself does not provide clear specifications for user authentication. This is where OIDC comes into play.
OIDC OIDC is a variant of OAuth 2.0.
OIDC (OpenID Connect) builds on the Auth 2.
OAuth 2.0 is only the authorization protocol, OIDC is the authentication authorization protocol
In the previous article we did a hands-on exercise on Keycloak protecting Spring Boot applications. We showed you how powerful Keycloak is. But in order to master Keycloak you need to understand the OpenID Connect (OIDC) protocol. OIDC is an extension of OAuth 2.0. Why does it extend OAuth 2.0? Before we can figure this out we need to review the OAuth 2.0 protocol again.
OAuth 2.0 We’ve talked a lot about the OAuth 2.
Protecting Your Spring Boot Applications with the Keycloak Authentication Authorization Platform
This article tries out the keycloak counterpart of the Spring Boot Adapter to see how keycloak protects Spring Boot applications. Client I believe many of you have used WeChat Open Platform and Ant Open Platform. First we need to register a client on these open platforms to get a set of credentials like username and password. Some of them are called appid and secret; some are called clientid and secret,
Unified authentication authorization platform keycloak first experience
This article will further experience Keycloak, give us an intuitive understanding of it, and then go deeper and deeper to break down its design concepts and ideas.
General idea Since we already know beforehand that Keycloak provides an adapter for Spring Security. Let’s first get the core concepts of Keycloak clear independently and then work on how it incorporates Spring Security.
Installing Keycloak The Keycloak version for this article is 14.
Unified authentication authorization platform keycloak Introduction
Recently, I want to open up the user relationship of several applications and get a centralized user management system to unify the user system of the application. After some research, I selected Red Hat’s open source Keycloak, which is a very powerful unified authentication authorization management platform. The reason why Keycloak was selected is based on the following reasons.
Ease of Use Keycloak provides a one-stop single sign-on solution for web applications and Restful services.
Spring 6 And Spring Boot 3
The annual SpringOne conference was held online last September 1-2 due to an epidemic, and Pivotal (the owner of the Spring Project) hosts this conference once a year to meet with thousands of developers, customers and partners from around the world to share technical practices and discuss technology trends. Each conference also reveals the next big step in the Spring Project’s evolution. The highlight of this year’s conference is definitely Spring Framework 6.
SpringMVC exception handling system in-depth analysis
SpringMVC has a complete system for handling exceptions, and it works very well. This article talks about the exception handling system in SpringMVC. We will sort out the exception system in SpringMVC from beginning to end.
1. Exception Resolver Overview In SpringMVC’s exception system, the big boss at the top is the HandlerExceptionResolver, an interface with a single method.
1 2 3 4 5 public interface HandlerExceptionResolver { @Nullable ModelAndView resolveException( HttpServletRequest request, HttpServletResponse response, @Nullable Object handler, Exception ex); } The resolveException method is used to resolve the exceptions generated during the request processing and eventually return a ModelAndView.
Jwt should be present in the cookie
I have been using JWT as authentication token for my projects in the last few years. I’ve always had a question: where exactly should the server-side issued JWT be stored? Only the browser scenario is discussed here, in which there are three options.
Cookies The server side can send the JWT token to the browser through a cookie, and the browser will automatically bring the JWT token in the cookie header when requesting the server-side interface, and the server side can verify the JWT token in the cookie header to achieve authentication.
Spring Boot logs access logs in several ways
Certain business requirements require tracking our interface access, i.e. logging the requests and responses. The basic logging dimension contains request parameters (path query parameters, request body), request path (uri), request method (method), request headers (headers), and response status, response headers, and even contains sensitive response bodies, etc. Today summarizes several methods, you can choose as needed. How request tracking is implemented Gateways Many gateway facilities have httptrace capabilities that help
Spring Authorization Server version 0.2.2 released
Spring Authorization Server 0.2.2 is released, this version is mainly about optimizations and bug fixes, the more important new feature is Client authentication support for JWT assertions.
Release Notes New features JdbcOAuth2AuthorizationService now supports large database fields. Deprecated OAuth2TokenIntrospectionClaimAccessor, will use Spring Security 5.6 implementation. Deprecate JwtEncoder related classes and use Spring Security jose library implementation. The token field in the JdbcOAuth2AuthorizationService now supports clob and text data types. Token revocation logic is now customizable.
Configuration of mongotemplate and transactions for mongodb multiple data sources
Maven 1 2 3 4 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-mongodb</artifactId> </dependency> Multiple Data Source Configuration Configuration file. 1 2 3 4 5 6 7 8 spring: data: mongodb: uri: mongodb://192.168.150.154:17017 database: ewell-label mongodb-target: uri: mongodb://192.168.150.154:17017 database: ewell-label-target java configuration Master data source 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Content negotiation in Spring MVC
In the HTTP protocol, when a client initiates an HTTP request, it can carry a request header Accept to tell the server which response types the client can accept (MIME), either one or more. It is now common for front- and back-end separation to use this.
1 Accept:application/json For Spring MVC framework to accept the corresponding Accept will be based on a certain policy to find the corresponding HttpMessageConverter to handle the format of the response data.
Protecting Resources with Resource Server in OAuth 2.0
Initial understanding of the resource server in OAuth 2.0 Resource Server is exactly what and how to use few tutorials to talk specifically about this stuff, today we will talk about the concept first, to lay a foundation for subsequent use. The shortcomings of the traditional security approach The traditional way to protect an application is to get the credentials (JWT is one of them) given by the server through
Spring Boot implements client-side theme switching
Theme, click to change a theme for the site, I believe we have used a similar function, this is actually very similar to the internationalization function, the code is actually very similar, today we will run through it. Considering that some of you may not have used Theme yet, let’s talk about the usage here first, and then we will do the source code analysis. 1. One click to switch
SpringBoot+RabbitMQ for RPC calls
When we talk about RPC (Remote Procedure Call Protocol), what pops into your mind is probably RESTful API, Dubbo, WebService, Java RMI, CORBA and so on. In fact, RabbitMQ also provides us with RPC function, and it is very easy to use. Today I’ll share with you a simple case of how to implement a simple RPC call with Spring Boot+RabbitMQ. Some readers may have misunderstandings about RabbitMQ’s implementation of
AOP in Spring Boot, is it a JDK dynamic proxy or a Cglib dynamic proxy?
As we all know, the underlying AOP is dynamic proxies, and there are two ways to implement dynamic proxies in Java:
JDK-based dynamic proxy Dynamic proxy based on Cglib The biggest difference between these two is that JDK-based dynamic proxies require the object being proxied to implement an interface, while Cglib-based dynamic proxies do not require the object being proxied to implement an interface.
So, how is AOP implemented in Spring?