Running Keycloak
In this lesson, we'll set up Keycloak, a powerful identity and access management solution, to handle authentication and authorization for our event ticket platform. We'll configure Keycloak using Docker Compose and create the initial realm, client, and user settings needed for our application.
Set Up Keycloak with Docker Compose
Docker Compose makes it easy to run Keycloak alongside our other services. Let's add the Keycloak service to our existing docker-compose.yml:
keycloak:
image: quay.io/keycloak/keycloak:latest
ports:
- "9090:8080"
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
volumes:
- keycloak-data:/opt/keycloak/data
command:
- start-dev
- --db=dev-file
volumes:
keycloak-data:
driver: localThe configuration maps Keycloak's default port 8080 to 9090 on our host machine to avoid conflicts with our Spring Boot application.
We're using volumes to persist Keycloak's data between container restarts, unlike our PostgreSQL setup where we prefer a fresh start each time.
Configuring Keycloak
Once Keycloak is running, we need to set up three main components:
- Create a realm named
event-ticket-platform - Set up a client for our frontend application
- Create a test user to represent an organizer
For the client configuration:
- Client ID:
event-ticket-platform-app - Client authentication: Off (for public access)
- Valid redirect URIs:
http://localhost:5173 - Post logout redirect URIs:
http://localhost:5173
Connecting Spring Boot to Keycloak
To connect our Spring Boot application to Keycloak, we add this property to application.properties:
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:9090/realms/event-ticket-platformThis tells Spring Security to validate JWTs against our Keycloak instance.
Summary
- Set up Keycloak using Docker Compose with data persistence
- Created realm, client, and test user in Keycloak
- Connected Spring Boot application to Keycloak for JWT validation
