{"id":17999087,"url":"https://github.com/wkrzywiec/keycloak-security-example","last_synced_at":"2026-03-06T15:02:15.099Z","repository":{"id":44098698,"uuid":"308126246","full_name":"wkrzywiec/keycloak-security-example","owner":"wkrzywiec","description":"Sandbox project to play around with keyclaok and integrating it with Spring Boot and Angular apps (using OAuth 2.0 protocol)  ","archived":false,"fork":false,"pushed_at":"2022-09-07T04:26:03.000Z","size":633,"stargazers_count":95,"open_issues_count":0,"forks_count":80,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-07T01:40:56.332Z","etag":null,"topics":["angular","java","jwt","keycloak","learning","learning-by-doing","oauth2","security","spring-boot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wkrzywiec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-10-28T19:55:16.000Z","updated_at":"2025-03-31T00:42:11.000Z","dependencies_parsed_at":"2023-01-17T22:31:30.748Z","dependency_job_id":null,"html_url":"https://github.com/wkrzywiec/keycloak-security-example","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/wkrzywiec/keycloak-security-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wkrzywiec%2Fkeycloak-security-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wkrzywiec%2Fkeycloak-security-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wkrzywiec%2Fkeycloak-security-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wkrzywiec%2Fkeycloak-security-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wkrzywiec","download_url":"https://codeload.github.com/wkrzywiec/keycloak-security-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wkrzywiec%2Fkeycloak-security-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30182686,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T14:42:24.748Z","status":"ssl_error","status_checked_at":"2026-03-06T14:42:14.925Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","java","jwt","keycloak","learning","learning-by-doing","oauth2","security","spring-boot"],"created_at":"2024-10-29T22:09:58.488Z","updated_at":"2026-03-06T15:02:15.039Z","avatar_url":"https://github.com/wkrzywiec.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# keycloak-security-example\n\n[![MIT License](https://img.shields.io/apm/l/atomic-design-ui.svg?)](https://github.com/tterb/atomic-design-ui/blob/master/LICENSEs) [![Main Branch workflow](https://github.com/wkrzywiec/keycloak-security-example/actions/workflows/main.yaml/badge.svg?branch=main)](https://github.com/wkrzywiec/keycloak-security-example/actions/workflows/main.yaml)\n\nThis project is all about example implementation of OAuth 2.0 framework, both in a backend and a frontend application. It contains 3 major services:\n\n* *Keycloak* (authorization server) - open-source tool for identity and access management,\n* *backend* (protected resource) - a Java, Spring Boot service that provides a REST API endpoints which requires to provide a valid access token,\n* *frontend* (client) - an Angular application that make use of backend's protected REST API endpoints. \n\nThis project was created for learning purposes, if you would like to know more about OAuth 2.0 in general go check my blog posts listed below.\n\n## Prerequisites\n\nTo run all necessary applications first you need to install Docker with Docker Compose (for Windows and MacOS it's already bundled with Docker). Instructions can be found on the official website:\n\n* [Ubuntu (Linux)](https://docs.docker.com/install/linux/docker-ce/ubuntu/),\n* [Windows](https://docs.docker.com/docker-for-windows/install/),\n* [MacOS](https://docs.docker.com/docker-for-mac/install/).\n\nInstructions for installing Docker Compose on Linux can be found [here](https://docs.docker.com/compose/install/).\n\n### Edit hosts file\n\nApart from installing Docker you also need to edit **hosts** file of your OS.\n\nJWT's payload contains a field **iss** (issuer). It's an URL of an authorization server, in our case Keycloak. In the backend application we need to provide exactly the same URL to the keycloak. But here is the problem that a Docker network and machine's hosts are not the same. From point of view of a backend service a keycloak will have different URL than from point of view of a user! \n\nTo mitigate this problem you need to add following lines to the *hosts* file:\n```\n127.0.0.1\tkeycloak\n```\n\nLocation of *hosts* file on different OS:\n* [Linux (Ubuntu)](http://manpages.ubuntu.com/manpages/trusty/man5/hosts.5.html)\n* [Windows 10](https://www.groovypost.com/howto/edit-hosts-file-windows-10/)\n* [Mac](https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want#page1)\n\n## Usage\n\nTo run all apps just run following command in a terminal\n\n```bash\n\u003e docker-compose up -d frontend\n```\n\nIt will spin up all necessary parts like Keycloak with its database, frontend and backend service. During first run it might take couple of minutes, becasue Docker images needs to be either downloaded or build. Also first startup of all Docker containers might take awhile, especially a Keycloak container, because it not only run it but also it's applying an initial configuration like a predefined Keycloak realm, users, roles and clients. \n\nTo check if everything is working you can list all running containers:\n\n```bash\n\u003e docker ps\n\nCONTAINER ID    STATUS          PORTS                              NAMES\n1840d7564aeb   Up 46 seconds   0.0.0.0:80-\u003e80/tcp                 frontend\ncba18013881c   Up 47 seconds   0.0.0.0:9000-\u003e9000/tcp             backend\n01f15608d210   Up 47 seconds   0.0.0.0:8080-\u003e8080/tcp, 8443/tcp   keycloak\nac67959019f9   Up 48 seconds   0.0.0.0:5432-\u003e5432/tcp             postgres\n```\n\nTo check if a Keycloak is good to look at its logs if it contains log ` Admin console listening on http://127.0.0.1:9990`:\n\n```bash\n\u003e docker logs keycloak\n... other logs\n\n05:56:25,513 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 62) WFLYUT0021: Registered web context: '/auth' for server 'default-server'\n05:56:25,603 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\")\n05:56:25,655 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server\n05:56:25,658 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 11.0.2 (WildFly Core 12.0.3.Final) started in 14383ms - Started 687 of 992 services (703 services are lazy, passive or on-demand)\n05:56:25,660 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management\n05:56:25,660 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990\n```\n\nOnce everything is set up you can enter the page `http://localhost` and it will redirect you to the login page. After providing username and password you can playaround with an app.\n\nIn default Keycloak configurarion there is one realm defined - `test` that has two users: \n\n| Username  | Password | Roles   |\n| --------- | -------- | ------- |\n| luke      | password | VISITOR |\n| han       | password | ADMIN   |\n\n\nTo enter the Keyclaok admin page use `http://localhost:8080` url where credentials are `admin` (both for username and password).\n\n### Monitoring \n\nApart from key services in the *docker-compose.yaml* file there are defined two monitoring services:\n\n* Prometheus (`http://localhost:5000`),\n* Grafana (`http://localhost:3000`).\n\nTo run them use on of the following commands:\n\n```bash\n# this one will run all services defined docker-compose.yaml\n\u003e docker-compose up -d\n\n# this one will run only Prometheus and Grafana\n\u003e docker-compose up -d grafana\n```\n\n## Articles\n\n* [Introduction to OAuth 2.0](https://medium.com/nerd-for-tech/introduction-to-oauth-2-0-7aa885a3db36)\n* [Create and configure Keycloak OAuth 2.0 authorization server](https://wkrzywiec.medium.com/create-and-configure-keycloak-oauth-2-0-authorization-server-f75e2f6f6046)\n* [Implementing OAuth 2.0 access token validation with Spring Security](https://wkrzywiec.medium.com/implementing-oauth-2-0-access-token-validation-with-spring-security-64c797b42b36)\n* [Step-by-step guide how integrate Keycloak with Angular application](https://wkrzywiec.medium.com/step-by-step-guide-how-integrate-keycloak-with-angular-application-d96b05f7dfdd)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwkrzywiec%2Fkeycloak-security-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwkrzywiec%2Fkeycloak-security-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwkrzywiec%2Fkeycloak-security-example/lists"}