Simplifying Authentication and Authorization in Spring Boot with Keycloak

Technology Blogs

When building modern web applications, managing user authentication and authorization can get complex and time-consuming. That’s where Keycloak comes in — a powerful open-source identity and access management solution that integrates seamlessly with Spring Boot.

What is Keycloak?

Keycloak is an open-source Identity and Access Management (IAM) tool developed by Red Hat. It provides:

  • • Single Sign-On (SSO)
  • • User federation (LDAP, Active Directory)
  • • Social login (Google, GitHub, Facebook)
  • • Multifactor authentication
  • • OAuth2 / OpenID Connect / SAML support
  • • Centralized user & role management

With Keycloak, developers can offload the heavy lifting of user management and security, focusing more on application logic.

Common Use Cases

  • • Secure REST APIs and web apps
  • • SSO across microservices
  • • Role-based access control (RBAC)
  • • External login provider support (Google, Azure AD, etc.)
  • • Identity federation for enterprise apps

Setting Up Keycloak

Running Keycloak Locally

There are multiple ways to run Keycloak locally. The easiest and most flexible way for developers is using Docker.

Option 1: Using Docker (Recommended)

docker run -p 8080:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:25.0.3 \
start-dev

After starting, access the Keycloak admin console at: http://localhost:8080

Option 2: Using Local Scripts

1. Download Keycloak: Click here

2. Extract and run

./kc.sh start-dev --admin admin --password admin

3. Access the admin console at: http://localhost:8080

Other Setup Options

Keycloak supports Kubernetes, Podman, and production deployments via HTTPS and external databases. Explore more: Keycloak Getting Started

Keycloak Admin Console Basic Configuration

  1. Create a Realm:
    • → Go to Realms > Create Realm
    • → Name it demo-realm and save
  2. Create a Client:
    • → Go to Clients > Create Client
    • → Client ID: spring-boot-client
    • → Protocol: openid-connect
    • → Access Type: confidential
    • → Valid Redirect URIs: http://localhost:8081/*
    • → Web Origins: +
    • → Save and copy the client secret from the Credentials tab
  3. Create Roles:
    • → Go to Roles > Add Role
    • → Add roles like ROLE_USER and ROLE_ADMIN
  4. Create Users:
    • → Go to Users > Add User
    • → Set username, email, and other info > Save
    • → Go to Credentials, set a password, and turn off temporary status > Save
    • → Go to Role Mappings tab > Assign appropriate roles to the user

Running Keycloak in Production

For production environments, follow these best practices:

  • • Use HTTPS (self-signed or reverse proxy like NGINX)
  • • Use a production-grade database (PostgreSQL, MySQL)
  • • Enable clustering for high availability
  • • Configure token lifespans and session timeouts
  • • Secure and isolate the admin console
  • • Use realm exports and Keycloak Admin CLI (kcadm.sh) for automation and version control

You can also use docker-compose to manage production-like local environments. It’s ideal for simulating multi-service architectures.

version: '3.8'
services:
keycloak:
image: quay.io/keycloak/keycloak:25.0.3
ports:
- "8080:8080"
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
command: start-dev

Spring Boot Integration Example

Let’s build a Spring Boot Book Management System that uses Keycloak for authentication and role-based access.

Add Maven Dependencies

<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>25.0.3</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

Add properties

application.properties

server.port=8081

keycloak.auth-server-url=http://localhost:8080
keycloak.realm=demo-realm
keycloak.resource=spring-boot-client
keycloak.credentials.secret=YOUR_CLIENT_SECRET
keycloak.ssl-required=none
keycloak.use-resource-role-mappings=true

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/demo-realm
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:8080/realms/demo-realm/protocol/openid-connect/certs

Spring Security Configuration

@EnableWebSecurity
public class SecurityConfig {

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/books/admin/**").hasRole("ADMIN")
.requestMatchers("/books/user/**").hasRole("USER")
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2.jwt());

return http.build();
}
}

Book Controller Example

@RestController
@RequestMapping("/books")
public class BookController {

@GetMapping("/user/list")
public ResponseEntity<String> userBooks() {
return ResponseEntity.ok("Books available for USER role.");
}

@GetMapping("/admin/list")
public ResponseEntity<String> adminBooks() {
return ResponseEntity.ok("Books available for ADMIN role.");
}
}

Admin Console Settings

  • • Assign Roles in Keycloak:
    → Go to Users → Select a user → Role Mappings, and assign roles (ROLE_USER, ROLE_ADMIN). → These roles control access to your Spring Boot endpoints.
  • • Other Key Features:
    → Manage and configure realms, roles, users, sessions, login flows, event logs, identity providers, and security policies. The admin console also allows integration with external directories (LDAP/AD) and supports enabling two-factor authentication.

Admin Console is intuitive, supports debugging, monitoring, and secure configuration for authentication flows

Extending Keycloak Integration in Spring Boot

Here are more things you can do with Keycloak:

Fine-Grained Authorization

  • • Use @PreAuthorize(“hasRole(‘ADMIN’)”) for method-level access control.
  • • Map Keycloak roles to your own domain model using custom mappers.

Custom Login Flows

  • • Use Keycloak’s theming support to customize login pages.
  • • Enable 2FA (two-factor authentication) for sensitive apps.

Admin APIs

  • • Use Keycloak’s Admin REST API to manage users, roles, and groups programmatically.

Frontend Integration

Use OpenID Connect to secure SPA apps (React, Angular) and have SSO with your Spring Boot backend.

coma

Conclusion

Keycloak offers a powerful, flexible, and production-ready solution for authentication and authorization in modern applications. With minimal configuration, you can secure your Spring Boot apps, manage roles, and integrate external identity providers — all from a central admin interface.

Don’t reinvent the wheel. Let Keycloak handle your user management so you can focus on building your application.

Ashitosh Mane

Associate Software Engineer

Ashitosh is passionate about building efficient and scalable web applications in Spring and thrives on solving complex problems and learning new technologies. At MindBrowser, he contributes to innovative projects that enhance user experiences and drive digital transformation. Outside of work, he enjoys exploring open-source projects and staying updated with the latest tech trends.

How-To-Hire-Remote-Developers

How to Effectively Hire and Manage a Remote Team of Developers.

Download Now

Keep Reading

Technology Blogs
Spring Boot Microservices and Eureka Server: Setup and Benefits
Read More
Technology Blogs
19 Point Checklist: Starting a New Project in Spring Boot
Read More
Technology Blogs
Custom Annotation In Spring Boot
Read More

Keep Reading

Technology Blogs
Spring Boot Microservices and Eureka Server: Setup and Benefits
Read More
Technology Blogs
19 Point Checklist: Starting a New Project in Spring Boot
Read More
Technology Blogs
Custom Annotation In Spring Boot
Read More
  • Service
  • Career

  • Let's create something together!

  • We’re looking for the best. Are you in?

quote

We worked with Mindbowser on a design sprint, and their team did an awesome job. They really helped us shape the look and feel of our web app and gave us a clean, thoughtful design that our build team could...

author

Scriptyak Founder

quote

The team at Mindbowser was highly professional, patient, and collaborative throughout our engagement. They struck the right balance between offering guidance and taking direction, which made the development process smooth. Although our project wasn’t related to healthcare, we clearly benefited...

author

Dan Barnes

Founder, Texas Ranch Security

quote

Mindbowser played a crucial role in helping us bring everything together into a unified, cohesive product. Their commitment to industry-standard coding practices made an enormous difference, allowing developers to seamlessly transition in and out of the project without any confusion....

author

David Hoffman

CEO, MarketsAI

quote

I'm thrilled to be partnering with Mindbowser on our journey with TravelRite. The collaboration has been exceptional, and I’m truly grateful for the dedication and expertise the team has brought to the development process. Their commitment to our mission is...

author

Marc Ott

Founder & CEO, TravelRite

quote

The Mindbowser team's professionalism consistently impressed me. Their commitment to quality shone through in every aspect of the project. They truly went the extra mile, ensuring they understood our needs perfectly and were always willing to invest the time to...

author

Spencer Barns

CTO, New Day Therapeutics

quote

I collaborated with Mindbowser for several years on a complex SaaS platform project. They took over a partially completed project and successfully transformed it into a fully functional and robust platform. Throughout the entire process, the quality of their work...

author

David Rhodes

President, E.B. Carlson

quote

Mindbowser and team are professional, talented and very responsive. They got us through a challenging situation with our IOT product successfully. They will be our go to dev team going forward.

author

Dan Munro

Founder, Cascada

quote

Amazing team to work with. Very responsive and very skilled in both front and backend engineering. Looking forward to our next project together.

author

Anthony Lewis

Co-Founder, Emerge

quote

The team is great to work with. Very professional, on task, and efficient.

author

Matthew Holsclaw

Founder, PeriopMD

quote

I can not express enough how pleased we are with the whole team. From the first call and meeting, they took our vision and ran with it. Communication was easy and everyone was flexible to our schedule. I’m excited to...

author

Angela Boudreaux

Founder, Seeke

quote

We had very close go live timeline and Mindbowser team got us live a month before.

author

Shaz Khan

CEO, BuyNow WorldWide

quote

If you want a team of great developers, I recommend them for the next project.  

author

Vladimir Kudryavtsev

Founder, Teach Reach

quote

Mindbowser built both iOS and Android apps for Mindworks, that have stood the test of time. 5 years later they still function quite beautifully. Their team always met their objectives and I'm very happy with the end result. Thank you!

author

Bart Mendel

Founder, Mindworks

quote

Mindbowser has delivered a much better quality product than our previous tech vendors. Our product is stable and passed Well Architected Framework Review from AWS.

author

Pankaj Parashar

CEO, PurpleAnt

quote

I am happy to share that we got USD 10k in cloud credits courtesy of our friends at Mindbowser. Thank you Pravin and Ayush, this means a lot to us.

author

Sudheer Bandaru

CTO, Shortlist

quote

Mindbowser is one of the reasons that our app is successful. These guys have been a great team.

author

Dave Dubier

Founder & CEO, MangoMirror

quote

Kudos for all your hard work and diligence on the Telehealth platform project. You made it possible.

author

Joyce Nwatuobi

CEO, ThriveHealth

quote

Mindbowser helped us build an awesome iOS app to bring balance to people’s lives.

author

Addie Wootten

CEO, SMILINGMIND

quote

They were a very responsive team! Extremely easy to communicate and work with!

author

Kristen M.

Founder & CEO, TotTech

quote

We’ve had very little-to-no hiccups at all—it’s been a really pleasurable experience.

author

Chacko Thomas

Co-Founder, TEAM8s

quote

Mindbowser was very helpful with explaining the development process and started quickly on the project.

author

Hieu Le

Executive Director of Product Development, Innovation Lab

quote

The greatest benefit we got from Mindbowser is the expertise. Their team has developed apps in all different industries with all types of social proofs.

author

Alex Gobel

Co-Founder, Vesica

quote

Mindbowser is professional, efficient and thorough. 

author

MacKenzie Richter

Consultant, XPRIZE

quote

Very committed, they create beautiful apps and are very benevolent. They have brilliant Ideas.

author

Laurie Mastrogiani

Founder, S.T.A.R.S of Wellness

quote

Mindbowser was great; they listened to us a lot and helped us hone in on the actual idea of the app. They had put together fantastic wireframes for us.

author

Bennet Gillogly

Co-Founder, Flat Earth

quote

Ayush was responsive and paired me with the best team member possible, to complete my complex vision and project. Could not be happier.

author

Katie Taylor

Founder, Child Life On Call

quote

The team from Mindbowser stayed on task, asked the right questions, and completed the required tasks in a timely fashion! Strong work team!

author

Michael Wright

CEO, SDOH2Health LLC

quote

Mindbowser was easy to work with and hit the ground running, immediately feeling like part of our team.

author

George Hodulik

CEO, Stealth Startup

quote

Mindbowser was an excellent partner in developing my fitness app. They were patient, attentive, & understood my business needs. The end product exceeded my expectations. Thrilled to share it globally.

author

Jirina Harastova

Owner, Phalanx

quote

Mindbowser's expertise in tech, process & mobile development made them our choice for our app. The team was dedicated to the process & delivered high-quality features on time. They also gave valuable industry advice. Highly recommend them for app development...

author

Marty Betz

Co-Founder, Fox&Fork