Step-by-step guide to securing a Spring MVC + Thymeleaf web application using Spring Security OAuth 2.0 with Keycloak as the identity provider. Covers setting up Keycloak via Docker Compose, configuring a realm and client, wiring OAuth2 client registration properties in Spring Boot, implementing login via Authorization Code flow, customizing security rules, and handling OIDC logout with OidcClientInitiatedLogoutSuccessHandler.
Table of contents
Setup Keycloak using Docker ComposeCreate Keycloak Realm, Client and UsersCreate messages-webappConclusionSort: