Spring Boot with Keylocak for Authorization REST API

Hi,

I’m trying to start using Keycloack for Authorisation. At the beginning I wanted to protect my Spring Boot application. I thought it will be not complicated but I was wrong. I’ve read a lot of tutorials and documentation but… all tutorials that I found is using older version than I (19.0.3) and even official documentation and examples has discrepancies. It looks like new Keycloack version has been update but documentation/examples not. But Back to the point.

I wanted to implement following scenario

  1. User gets token form Keycloak

  2. User uses Bearer token in HTTP requests to my Spring Boot application

  3. Spring security checks whether or not user can query specific REST endpoint and grant/reject access.

It is very simple scenario. I solved almost all problems but still I can not force Keycloack and Spring to do what I want.

Probably I did some simple mistake or did not set up some parameter.

Here is my source code Lukasz Sierakowski / spring-boot-keycloak-demo · GitLab

Currently I don’t have any communication errors however I don’t know how to configure Keycloak/Spring to allow access to clock API for Alice account

What error or status code are u getting from the spring api?

Currently I’ve got 403 FORBIDDEN. No errors.
My current final state is that I’m able to do authorization but using roles from realm. This works but I would like to authorize access to clock API for specific users. For example Alice can call clock API but John can’t. I thing this is possible to don’t know how to achieve it.

Your use case is supported and can work. Its likely some config is wrong or missing.

Try adding debug logging:

logging.level.org.keycloak=DEBUG
# also add this is you using tomcat to host your spring boot app as keycloak adapter integrates with tomcat
logging.level.org.apache.catalina=DEBUG