Step-by-step guide to building a Spring Boot OAuth 2.0 Resource Server secured with Spring Security and Keycloak. Covers configuring the JWT issuer URI, implementing REST endpoints, customizing SecurityFilterChain for mixed public/protected access, extracting current user details from JWT claims, and implementing a custom KeycloakJwtAuthenticationConverter to map Keycloak realm roles into Spring Security authorities for role-based access control (RBAC).
Table of contents
Create messages-serviceAccessing Secured API Endpoints using PostmanCustomizing Security ConfigurationGetting Current User DetailsVerify the Role Based Access ControlConclusionSort: