Spring Boot Archives - keep

Simplify the management of user roles in Spring Boot

25th March 20228th April 2022 little_pineconeSpring Boot

Spring Security allows us to use role-based control to restrict access to API resources. However, inserting role names as simple strings can quickly become cumbersome and increase development cost. Fortunately, we can enclose role details in an Enum and use custom annotations to simplify management of user roles in a Spring Boot application. While it still doesn’t provide type-safe roles, most IDEs will be able to support changes in the code and simplify maintenance.

Create a custom annotation to configure Spring Boot tests

6th March 20226th March 2022 little_pineconeSpring Boot

A custom annotation in Spring Boot tests is an easy and flexible way to provide the required configuration. We can use it to efficiently group all the annotations and configuration classes that we would otherwise apply to each test class separately.

Keycloak with Spring Boot #4 – Simple guide for roles and authorities

27th February 202225th March 2022 little_pineconeSpring Boot

Delegating user management to Keycloak allows us to better focus on meeting the business needs of an application. However, we still need to provide the appropriate configuration to translate user roles and privileges between Keycloak and Spring Boot. Additionally, we’re going to need some handy techniques for debugging how roles are converted between the two services.

Keycloak with Spring Boot #3 – How to authorize requests in Swagger UI

24th February 202223rd March 2022 little_pineconeSpring Boot

Swagger offers various methods to authorize requests to our Keycloak secured API. I’ll show you how to implement the recommended grant types and why certain flows are advised against in the OAuth 2.0 specification.

Keycloak with Spring Boot #2 – Spring Security instead of Keycloak in tests

24th February 202224th February 2022 little_pineconeSpring Boot

Configuring our Spring Boot API to use Keycloak as an authentication and authorization server can greatly simplify our codebase. However, it adds another external dependency that will complicate the integration testing. As a remedy, we can switch to native Spring Security when executing tests to verify only the business rules for access control instead of cluttering the code with Keycloak dependencies.

Keycloak with Spring Boot #1 – Configure Spring Security with Keycloak

24th February 202224th February 2022 little_pineconeSpring Boot

Keycloak provides simple integration with Spring applications. As a result, we can easily configure our Spring Boot API security to delegate authentication and authorization to a Keycloak server.

How to authorize Basic Auth requests in Spring Boot Swagger UI

25th July 202128th September 2022 little_pineconeSpring Boot

We’re going to apply Basic Auth on API calls made from Swagger UI. OpenAPI allows us to provide security configuration for calling our documented endpoints and offers a few security schemes. Once we have our Spring Security configured and endpoints secured, we can show a project documentation to everyone, and allow visitors to provide credentials if they want to call a protected endpoint.

Spring Boot