Hi, I’d like to get some suggestions on how to best leverage KeyCloak within my architecture.
Our current setup is a set of Java (Springboot) Microservices. We use spring security oauth’s authorization service with a custom data model of users, roles, and permissions.
Users are assigned to roles; Permissions are assigned to roles.
Roles can be added/removed, permission membership changed without technical impact.
All APIs use @PreAuthorize to check for the existence of a specific permission.
We’re looking to use KeyCloak in a multi-tenanted structure (similar to this example: https://github.com/vimalKeshu/movie-app/tree/spring-boot-2-kc-multitenancy) – what is the best approach for managing users in roles and then applying that to individual API endpoints?