Securing Javaee Rest Api With Keycloak

In this video, we will secure a JavaEE REST API using Keycloak.

This is a companion video of my previous tutorial available at https://czetsuya-tech.blogspot.com/2019/08/how-to-secure-angular-app-with-keycloak.html.

Needless to say, we first need to go through that tutorial before this one. Things to remember:

• Make sure that the environment is correctly set (take note of base and API URL). Remember that I’m running Keycloak on another machine, thus I’m using a network IP and port 8080. You can run Keycloak on the same machine by updating the standalone configuration, port-offset value at the end of the file (do message me if you need help)
• The API call is in the home component.
• Http interceptor is at secure-http-interceptor.ts file.
• Keycloak server must be running

If you watched that video, at the end I left an exercise where the Angular app will call a secured REST API. The code in the Angular project is already configured, bearer token is correctly set so all we need to do is configure the REST project.

Before we can run the app we first need to configure the Wildfly server where we will deploy the API project. I’m using version 15.

1. Download Keycloak’s client from their website that matches your Keycloak installation, in our case keycloak-wildfly-adapter-dist-6.0.1.
2. Extract and copy into the Wildfly folder. It should have 3 folders: bin, docs, and modules.
3. Go to the bin folder and run jboss-cli.bat --file=adapter-install-offline.cli. Your keycloak subsystem should’ve been installed on standalone.xml. If you need to work on another configuration like standalone-full then edit adapter-install-offline.cli and change the server.config parameter.

Let’s check the API project.

1. There should be a keycloak.json configuration that we can download from the Keycloak server in the project’s src/main/webapp/WEB-INF folder.
2. JaxRsActivator, where we define the package location of the REST API and configure a cors filter.
3. AnimeRs, which is an interface annotated with @Path, that tells us this is a REST endpoint. In here, we have a GET method that returns a list of string.
4. AnimeRsImpl, the implementation class.

Let’s deploy the application in the Wildfly server, run the client and call the API.

References

• https://github.com/czetsuya/Keycloak-Auth
• https://github.com/czetsuya/Keycloak-Auth-API
• https://www.keycloak.org/downloads.html
• https://wildfly.org/downloads
• https://cli.angular.io
• https://hub.docker.com/r/jboss/keycloak