I have a spring boot application and I need to protect it with the keycloak gatekeeper. Should I configure the properties file or just add the gatekeeper config file in the application? Or should I have the gatekeeper config file separately? Are there any configurations to be made in keycloak admin console?
Related
I have a spring application (not boot) that is deployed on a jboss 7.2.4 as an .ear file.
For security reasons I have to protect all REST-API ports that are provided by the application. For this our AD provides users and user groups to use.
As I cannot migrate the application into spring boot I have to use the existing spring/jboss installation and have to use keycloak for security handling.
I found no information how to use keycloak inside an jboss installation. Can anybody help? Is it possible at all?
Just configure an authorities converter to map authorities from keycloak roles and configure your authentication converter to use this authorities converter.
You can refer to this article for #Beans definition (yes, it is boot app, but it configures the two beans I'm talking about).
Is is possible to access Azzure app settings variables in spring boot application.properties?
Azzure app settings variables
like this?
application.properties
I have configured my trustsore and keystore information in the external tomcat's server.xml in the Connector tag. The certificates are stored in the tomcat's /base/lib directory.
I need to deploy a spring boot application to this external tomcat.
How can I make the information about trustsore and keystore available to the spring boot application?
Where in the spring boot application do I need to store the trsustore and keystore .jks files?
I did the same with the datasource in Resource tag in server.xml, and in spring boot application I used
spring.datasource.jndi-name=some name to jndi. How can I configure the same for trsustore and keystore?
The keystore and truststore in Tomcat's <Connector> have a single purpose:
the keystore contains the certificate (and private key) used by the server's SSL port,
the truststore contains the list of CAs, which are trusted if mutual SSL authentication is enabled.
Therefore these settings are specific to each deployment of your application. You shouldn't provide them yourself.
You should only provide system administrators a way to configure those settings. In your case Spring Boot already takes care of it (cf. server.ssl properties).
See also:
What is the difference between javax.net.ssl.keyStore and server.ssl.key-store properties when specifying keystore for a SpringBoot app
here i am trying to get a list with users from keycloak.
it works withe docker compose, but not in openshift?!
my application.property
keycloak.enabled=true
keycloak.realm=somname
keycloak.ssl-required=none
keycloak.resource=someapp
keycloak.public-client=true
keycloak.auth-server-url=${KEYCLOAK_AUTH-SERVER-URL:https://localhost/auth}
keycloak.disable-trust-manager=true
app.connectors.KeyCloakAdminConnector.serverUri=${KEYCLOAK_ADMIN-URL:http://idm.local:8081/auth}
app.connectors.KeyCloakAdminConnector.realm=${keycloak.realm}
app.connectors.KeyCloakAdminConnector.username=admin
app.connectors.KeyCloakAdminConnector.password=pass
app.connectors.KeyCloakAdminConnector.clientId=${keycloak.resource}
As a solution i changed the:
keycloak-admin-url: 'my-keycloak-route/auth'
in application.property to
keycloak-admin-url: 'http://myservice-keycloak-http:8080/auth'
so i change the connection between the Spring boot App and Keycloack from Rout-Object to a Service-Object.
its works because Service is not https. so i dont need to provide a certificate to JVM keytrust in the Spring boot App
I am working on spring boot app which will be deployed in pcf and it will use pcf config server service which is backed by hashicorp vault. What I would like to know is which dependencies I should be adding in my spring boot app other that spring-cloud-config-client. Do I need to add spring-cloud-vault, if yes then why does it need to be added if app only talks to config server? I would like to know how this end to end interaction works.