Reputation: 4709
Keycloak - securing a Spring Boot application
I am using Keycloak to secure my Spring Boot rest application.
The application also has a React front end.
My question is - should the front end also be secured using Keycloak?
If not, when would you secure the front end as well as the backend?
Upvotes: 2
Views: 3315
Answers (1)
Reputation: 12548
Yes it's normal to secure both frontend and backend with keycloak. Then the single sign-on login can happen in the frontend and the access token can be passed to the backend.
JHipster provides a way of creating projects that use this setup but that's more for projects starting from scratch. If you've already got your backend app setup then you'll want to add keycloak to your frontend so a better example might be https://github.com/novomatic-tech/keycloak-examples, https://github.com/andres81/spring-boot-reactjs-keycloak-webapp or https://blog.scalac.io/user-authentication-with-keycloak-part1.html
Or if you're just using Oauth2 (and not any of the other methods that keycloak supports) then you can use an Oauth2 or OIDC library to handle the login and passing of the token to the backend instead of a keycloak-specific frontend library.
Upvotes: 3
Related Questions
- Keycloak Spring boot configuration
- Keycloak and spring security usage
- Keycloak secured Spring Boot Application CORS error when hitting endpoint using ReactJS application
- KeyCloak - Javascript & Spring boot application
- Keycloak Integration with Spring Boot
- Keycloak Policy Enforcing
- Spring Boot Configuration -- keycloak
- Secure methods using SpringBoot and Keycloak
- Spring boot and Keycloak
- Keycloak security for Spring base rest apis