Keycloak & Spring Cloud Gateway

Securing Microservices with Keycloak and Spring Cloud Gateway…
Can somebody share their story, best practices and trick before starting.

My goal is to validate every request in gateway and to pass it further to the microservices if everything is ok.

Today I tried following this tutorial:

https://blog.jdriven.com/2019/11/spring-cloud-gateway-with-openid-connect-and-token-relay/

When send request with Postman everything is good, but when send GET request from React app I got preflight cors error.

192.168.0.101:3000 is React App
192.168.0.101:4000 Spring Gateway
192.168.0.101:4001 Resource Stores server

(If not already done) Try adding Web Origin in you client setting in Keycloak realm. See in image below.

In Spring Cloud Gateway application.properties, you can also specify allowedOrigins. I was facing similar (not exact) pre-flight request issue and got over it by adding authorization in allowedHeaders and OPTIONS in allowedMethods -

I faced pre-flight request error when I started passing Authorization header in request. These steps helped me get over it.

I tried to follow the same tutorial but it does not work for me even with Postman.
Can you tell me how did you get the token and how do you perform a resource request with token?

I tried the following: https://medium.com/@bcarunmail/securing-rest-api-using-keycloak-and-spring-oauth2-6ddf3a1efcc2

#Gateway
I also get to the keycloak login screen by using the following in the application.properties:
spring.cloud.gateway.routes[1].id=keycloak
spring.cloud.gateway.routes[1].uri=http://localhost:8180/
spring.cloud.gateway.routes[1].predicates[0].name=Path
spring.cloud.gateway.routes[1].predicates[0].args[pattern]=/auth/**

#Keycloak
spring.security.oauth2.client.registration.keycloak.client-id=gateway-app
spring.security.oauth2.client.registration.keycloak.client-secret=f52b34e1-3cae-4de7-83ae-2d795e3b72d7
spring.security.oauth2.client.registration.keycloak.clientName=gateway-app
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.redirectUri=http://localhost/personprocess/
spring.security.oauth2.client.provider.keycloak.authorization-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.user-info-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.jwk-set-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/certs

POM.xml:

	<!-- gateway -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-actuator</artifactId>
	</dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-config</artifactId>
    </dependency>		
	<dependency>
		<groupId>org.springframework.cloud</groupId>
		<artifactId>spring-cloud-starter-gateway</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.cloud</groupId>
		<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
	</dependency>

	<!-- using CircuitBreaker -->
	<dependency>
	    <groupId>org.springframework.cloud</groupId>
	    <artifactId>spring-cloud-starter-circuitbreaker-reactor-resilience4j</artifactId>
	</dependency>
	<!-- end of CircuitBreaker -->

	<!-- oauth2 keycloak -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-webflux</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-oauth2-client</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.cloud</groupId>
		<artifactId>spring-cloud-starter-security</artifactId>
	</dependency>

Got to login using the realm’s username and password. After login it redirects to: http://localhost/oauth2/authorization/keycloak

Not sure what’s happening. I’m still working on it. If there’s any pointer, please share.

Thanks.