Berner Fachhochschule, Technik und Informatik

Spring Security

Using OpenID Connect

The objective of this exercise is to secure the catalog and order microservices using OpenID Connect for authentication. For user management, a Keycloak authorization server is used with the following pre-configured users:
UsernamePasswordRoleID Token
john
alice
bob 		12345
12345
12345		 EMPLOYEE
CUSTOMER
CUSTOMER		 eyJhbGci...QYCMY4AQ
eyJhbGci...oaJguQ5w
eyJhbGci...vOPIUjZg

Replace the spring-boot-starter-security and spring-security-oauth2-jose Maven dependencies with the spring-boot-starter-oauth2-resource-server dependency and remove all JWT classes from the previous exercise.

Security Configuration

Update the configuration class SecurityConfig as follows:
  • In the security filter chain, replace the JwtAuthenticationFilter with support for a resource server using JWT tokens.
  • Provide a bean method that returns a JwtAuthenticationConverter that uses the token claim roles and the prefix ROLE_ for authority mapping and the claim username for principal mapping
Set the application property spring.security.oauth2.resourceserver.jwt.issuer-uri to the address https://auth.distsys.ch/auth/realms/bfh of the Keycloak server.

Testing

Implement tests using the RSET assured library to verify the required security constraints.
© Stephan Fischli, https://distsys.bfh.ch/fischli