Spring Cloud Gateway — Resource Server with Keycloak RBAC

Introduction

Adding a custom keycloak role to the user.

Creating a Resource Server

  • OAuth2 resource server
  • Spring Web
@RestController
public class Controller {

@GetMapping("/product")
@RolesAllowed({"product_read"})
public String getProduct(Principal principal) {
return "Response from Product Service, User Id:" + principal.getName();
}
}
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://localhost:8080/auth/realms/My-Realm/protocol/openid-connect/certs

server:
port: 9191
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt(jwt -> jwt.jwtAuthenticationConverter( jwtAuthenticationConverter()));
}

private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtConverter = new JwtAuthenticationConverter();
jwtConverter.setJwtGrantedAuthoritiesConverter(new RealmRoleConverter());
return jwtConverter;
}
}
public class RealmRoleConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
@Override
public Collection<GrantedAuthority> convert(Jwt jwt) {
final Map<String, List<String>> realmAccess = (Map<String, List<String>>) jwt.getClaims().get("realm_access");
return realmAccess.get("roles").stream()
.map(roleName -> "ROLE_" + roleName)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
}

Connecting Resource Server to API Gateway

spring:
cloud:
gateway:
default-filters:
- TokenRelay
routes:
- id: product-resource-service
uri: http://localhost:9191
predicates:
- Path=/product/**

Running the Applications

java -jar target/spring-cloud-gateway-keycloak-oauth2-0.0.1-SNAPSHOT.jarjava -jar target/product-service-0.0.1-SNAPSHOT.jar

Conclusion

--

--

--

Software Craftsman, Tech Enthusiast. I run https://refactorfirst.com to post all my articles

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Interact with Docker

How to Integrate Kafka Connect With Mysql Server on Command Line Interface Over Multi-Node Multi-B

[Leetcode]690: Employee Importance

So, You want to Contribute to Cpython : Gather here !!

Extracting Embedded Payloads From Malware

Setup Environment React Native

How to onboard a new Customer on Oracle Cloud Infrastructure with Terraform

Branching model considerations for modern organizations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amrut Prabhu

Amrut Prabhu

Software Craftsman, Tech Enthusiast. I run https://refactorfirst.com to post all my articles

More from Medium

Distributed micro-services using Spring Cloud — Introduction

Microservices (Spring boot) centralised logging with ELK Stack and Kafka.

Service-to-service Spring 5 + OAuth2 integration

Generating Docker images for your Spring Boot app using Maven and Jkube (Introduction)