This directory consists of a sample resource server (Spring Boot based) which can validate OAuth2.0 access tokens issued by Keycloak.
It uses keycloak-spring-boot-starter to minimize the code that needs to be written.
- A running instance of Keycloak with a realm and a
bearer-onlyclient configured according to thesrc/main/resources/application.properties. - Java JDK 8+
- Maven
A resource server hosts the protected resources and is capable of accepting and responding to protected resource requests using access tokens. Access tokens are passed using the Authorization HTTP header as an additional information to a typical server request, i.e.:
GET http://localhost:9999/api/products
Authorization: Bearer [access_token]
Access tokens, sent this way, give us an abstraction layer which removes the resource server's need to understand a wide range of authentication methods (incl. Basic auth) even though different type of clients (OAuth2.0 grants) are used.
This example implements a resource server
which exposes a protected /api/products resource.
However, in order to access it, a valid access token needs to be issued by the authorization server.
The quickest way to go through this example is to:
- Run the resource server.
mvn spring-boot:run
- Visit the
localhost:9999to verify that the server is up and running (it should return a whitelabel page). - Switch to the app-web-react, run it and log in as
astark:astark. - Once logged in, request for a list of products hosted by the resource server using the
List Productsbutton. - Notice how a user is validated by watching resource server's logs.
- Now, try to do the same using the
jsnow:jsnowcredentials. Sincejsnowhas noview-productsrole assigned - a role which is required when accessing the/api/productsroute, this call won't be possible.