跳至主要内容

博文

目前显示的是 四月, 2018的博文

Secures your applications with Spring Security 5 and Keycloak

Spring Security 5 brought new OAuth2/OIDC client instead of the legacy client support in the old Spring Security OAuth sub project. The new OAuth2 umbrella modules in the core project will replace the old Spring Security OAuth, Spring Social etc. In the further 5.1, OAuth2 authorization server and resource server are planned to implement, check the OAuth2 related issues on Github . Spring Security 5 OAuth2 client has built-in supports for facebook, github, okta, Google etc, unlike Spring Social, in this new client, Spring Security 5 provides a generic solution for client registration, thus you can configure any OAuth2/OIDC providers without codes. A new oauth2login sample is added in Spring Security source codes to demonstrate the newest OAuth2 client. In this post, we will fork this sample, and try to start up a local keycloak server and configure it as a custom OAuth2/OIDC provider in our project. Setup local keycloak server To simplify the work, I prepared a do