11 Security: Authentication and SPA

This chapter covers

Understanding the Spring Security fundamentals
Managing user accounts with Keycloak
Working with OpenID Connect, JWT, and Keycloak
Authenticating users with Spring Security and OpenID Connect
Testing Spring Security and OpenID Connect

Security is one of the most critical aspects of web applications and probably the one with the most catastrophic effects when done wrong. For educational purposes, I’m introducing this topic only now. In a real-world scenario, I recommend considering security from the beginning of each new project or feature and never letting it go until the application is retired.

Access control systems allow users access to resources only when their identity has been proven and they have the required permissions. To accomplish that, we need to follow three pivotal steps: identification, authentication, and authorization.

11.1 Understanding the Spring Security fundamentals

11.2 Managing user accounts with Keycloak

11.2.1 Defining a security realm

11.2.2 Managing users and roles

11.3 Authentication with OpenID Connect, JWT, and Keycloak

11.3.1 Authenticating users with OpenID Connect

11.3.2 Exchanging user information with JWT

11.3.3 Registering an application in Keycloak

11.4 Authenticating users with Spring Security and OpenID Connect

11.4.1 Adding the new dependencies

11.4.2 Configuring the integration between Spring Security and Keycloak

11.4.3 Basic Spring Security configuration

11.4.4 Inspecting the authenticated user context

11.4.5 Configuring user logout in Spring Security and Keycloak

11.5 Integrating Spring Security with SPAs