Spring Boot 3 support for Basic Auth

I am looking to upgrade a Spring Boot 2.7 WebAPI which needs to support Basic Auth and I am currently using the provided Keycloak Adapter. However when upgrading the application to Spring Boot 3.0 the adapter is no longer supported.

I am struggling to find any resource which describes how I can handle the Basic Auth (both as a Authentication Challenge and as a Auth Basic http header) and use the Keycloak Server as my authentication and authorisation server.

The client device connecting to the WebAPI is outside of my control so Basic Auth is all that is available to me.

I have followed the advice when using the KeyCloak adapters with SpringBoot 2.7 and implemented the KeycloakWebSecurityConfigurerAdapter with a custom KeycloakWithBasicAuthAuthenticationEntryPoint as per many published examples and it works perfectly. From this I am able to test for the users assigned roles and grant access to the API methods.

I can’t see how this can be achieved using the spring-boot-starter-oauth2-resource-server package. Is there a way I can use an OAuth2 call to pass the provided Username/Password to Keycloak and get back the success/failure and the user’s roles? Or is there a Basic Auth provider I should be using?

This Web API is just one component of a larger project and is specifically written to handle these devices, the remaining components use OAuth2 authentication, which I think I can refactor to use the spring-boot-oauth2-resource-server package instead of the Keycloak adapters.

Any help would be gratefully appreciated.


i have same issue, join the discussion here Spring Security and Boot deprecation · keycloak/keycloak · Discussion #10187 · GitHub