CODEWITHSUNDEEP
springsecuritycloudkeycloakgateway
Jakub By ByJacob
Jakub By ByJacob

Reputation: 33

How connect Spring Cloud Gateway + Spring Cloud Security + Keycloak

He has been trying to connect s-c-gateway and s-c-security with Keycloak for a couple of days. I want the modules that are located behind the gateway not to have a keycloak configuration. Is Spring Cloud Gateway not supported by Spring Cloud Security?

Upvotes: 3

Views: 5124

Answers (4)

Adrian Peng
Adrian Peng

Reputation: 124

See my detailed answer here: https://stackoverflow.com/a/78476524/1249237

In summary, you can integrate Spring Cloud Gateway with Keycloak using Spring Security by following two main patterns:

  1. OAuth 2.0 Client (or OIDC Relying Party - RP) with Spring Cloud Gateway:
  • Setup: Add spring-boot-starter-oauth2-client as a dependency.
  • Configuration: In application.yml, configure the Keycloak URL and client credentials under the security.oauth2.client section.
  • Token Propagation: Use the TokenRelay filter in Spring Cloud Gateway routes to propagate access tokens.
  1. OAuth 2.0 Resource Server (or OpenID Provider - OP) with Spring Cloud Gateway:
  • Setup: Include spring-boot-starter-oauth2-resource-server as a dependency.
  • Configuration: Define Keycloak as the JWT issuer in application.yml under spring.security.oauth2.resourceserver.jwt.
  • Security Configuration: Implement JWT validation in Spring Security using a custom SecurityFilterChain.

Both patterns allow Spring Cloud Gateway to authenticate and authorize requests using Keycloak, handling tokens (in standard JWT form) for secure communication. You can also combine these patterns to allow Spring Cloud Gateway to act as both a client and a resource server.

Upvotes: 0

Ali Behzadian Nejad
Ali Behzadian Nejad

Reputation: 9044

I know this is an old question with an answer but now it is possible and very common to integrate Spring cloud Gateway, Spring cloud Security and Keycloak. You can find a good tutorial here:
https://kunkkali.blogspot.com/2020/10/build-j2ee-micro-services-architecture.html
Source code: https://github.com/liqili/spring-microservice-oauth2-keycloak-starter

Upvotes: 0

Valchev
Valchev

Reputation: 1530

You could use @EnableWebFluxSecurity in cloud gateway, since it's reactive project.

Upvotes: 0

Ryan Dawson
Ryan Dawson

Reputation: 12558

There's an issue on the spring cloud gateway github about this - a short summary is that there's currently no official support but I'd suggest reading the full github comments

Upvotes: 1

Related Questions