Reputation: 421
Secure methods using SpringBoot and Keycloak
The "demo" configuration for securing app in Keycloak is like this:
keycloak.securityConstraints[0].securityCollections[0].name = edit
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = edit
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /api/edit/*
keycloak.securityConstraints[0].securityCollections[1].name = view
keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = view
keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /api/view/*
But I don't want to use securing by path, but rather by methods (generally POST, PUT and DELETE available for "edit", GET for "view"). Is it even possible? I tried with pure Spring Data solutions, but Keycloak doesn't seem to work fine with that.
Upvotes: 1
Views: 1561
Answers (2)
Reputation: 321
you can add method level security in your spring boot application.
you just need to add @PreAuthorize("hasRole('ROLE_USER')") in method level.
to use method level security you need to add
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
in securityconfig class level.
Upvotes: 0
Reputation: 3239
you can specify methods in the security constraints, like : keycloak.securityConstraints[0].securityCollections[0].methods[0] = GET
Upvotes: 2
Related Questions
- Keycloak Spring boot configuration
- How to integrate Keycloak with Spring (boot-less)?
- Keycloak and Spring Boot: session creation policy
- Keycloak and spring security usage
- Protect individual resources from Spring Boot via Keycloak
- Integrating Spring Security Global Method Security with Keycloak
- Keycloak 4.0.0 Beta 2 with Spring Boot 2
- Keycloak Integration with Spring Boot
- Spring boot and Keycloak
- Keycloak security for Spring base rest apis