Keycloak & Spring Security Bootcamp: API Auth for News App

Name: Keycloak & Spring Security Bootcamp: API Auth for News App
Rating: 4.5 (27 reviews)

Build and Secure REST API for News Application: Hands-On with OAuth 2.0, Postman, JWT, and Role-Based Access Control

Created byShota Fukuyama

Last updated 10/2024

English

What you'll learn

Understand Keycloak's core security features(Functional overview, Basic terminology)
Understand Spring Security's key protection mechanisms(Token-based access control methods, Role-based access control methods)
Understand API authorization mechanism (roles of Keycloak server/client/API)
Develop and secure APIs using Keycloak and Spring Security(Keycloak server OAuth 2.0-based configuration, REST API development, Token/role-based implementation)

Course content

3 sections • 23 lectures • 3h 20m total length

Hands-on Digest & Secure API Demo5:23
Important Notes for This Course1:19
About your Instructor1:14
Course Objectives and Prerequisites6:23

Overview Part 1 - What is Keycloak?5:59
We will explain the overview of Keycloak used to secure APIs in this course.
Overview Part 2 - Mechanism of API Authorization8:05
We'll focus on how to grant permissions to access APIs and how to implement role-based access control on the API side, which are the main themes of this course. We'll cover the mechanisms to ensure you can configure and implement each part of the authorization process without confusion during hands-on sessions, and deepen your understanding of the relationship between theory and practical implementation.
Overview Part 3 - Basic Keycloak Terminology2:23
Let's review the minimum essential terminology you need to remember for configuring Keycloak.
Keycloak Part 1 - Installation6:35
As the first step in the Keycloak section, we'll install Keycloak, start the server, and log in to the admin console to register clients and users who will access the article retrieval API and set up access control.
Keycloak Part 2 - Creating a Realm2:56
We'll create a Realm, which is the management unit for clients and users.
Keycloak Part 3 - Creating a Client12:08
We'll create a Client in the Realm we created previously.
Keycloak Part 4 - Creating Users13:22
We'll create Users who will use the Client we created earlier.
Keycloak Part 5 - Obtaining JSON Web Token (JWT)16:30
We'll send requests to Keycloak as both basic and premium users, and obtain JSON Web Tokens (JWTs) as access rights in response.
Spring Part 1 - Creating an Application Template8:19
As the first step in developing the article retrieval API that will be accessed using the access token issued by Keycloak, we'll create a Spring Boot project template.
Spring Part 2 - API Development5:50
We'll develop the article retrieval API that will be accessed using the access token issued by Keycloak.
Spring Part 3 - Adding Security11:55
We'll add security to the API we developed previously using Spring Security features.
Spring Part 4 - Application Configuration(Adding OAuth2 Resource Server Setting)6:54
We'll configure Spring Security's OAuth2 resource server functionality to verify JWTs.
Spring Part 5 - API Access9:07
To confirm that the previous configuration is effective, we'll actually access the API using tokens obtained from Keycloak.
Spring Part 6 - API Modification5:58
We'll implement more granular role-based access control for the API that can now be accessed using tokens.
Spring Part 7 - JSON Web Token (JWT) Conversion29:59
As a prerequisite for the role-based access control implemented earlier, we'll implement a process to convert the JWT format to extract roles from the JWT.
Spring Part 8 - API Authorization Confirmation (Pre-authorization)6:18
We'll start the application we've been implementing and verify the role-based access control.
Spring Part 9 - API Modification24:54
As the second phase of implementing more granular role-based access control, we'll implement method-level authorization to protect premium articles by controlling access based on user roles within methods.
Spring Part 10 - API Authorization Confirmation (In-Method Authorization)7:45
Finally, we'll start the application we've been implementing and verify the role-based access control.

Requirements

Basic knowledge of web application development (essential) -
Basic understanding of web security (beneficial, but not mandatory)
Basic knowledge of the Spring Framework (beneficial, but not mandatory)

Description

<Course Overview>

Hands-on Experience: Develop a news article retrieval REST API secured by Keycloak and Spring Security using your own PC.
Learning Path:
- Start with the basics of Keycloak and the role of Spring Security.
- Learn to configure the OAuth 2.0 token issuance flow with Keycloak.
- Develop a REST API for news article retrieval using Spring.
- Add token-based and role-based access control.
Practical Learning: Gain in-depth knowledge of API authorization through a hands-on approach.

<Differences from Other Materials>

This course differs from other educational resources (such as books or YouTube video tutorials) in the following ways:

It's a self-contained course, eliminating the need for additional internet searches or manual checks.
It provides detailed explanations of the reasons and background for each technology and procedure, ensuring you can progress without interruptions.
All lecture videos are downloadable, allowing you to study from anywhere.
Complete code versions are attached to all hands-on exercises, saving you from troubleshooting coding errors.

<Course Content>

The course includes the following topics:

Course Overview

Hands-on Digest & Secure API Demo
Important Notes for This Course
About your Instructor
Course Objectives and Prerequisites

Keycloak & Spring Security Hands-on

Overview Part 1 - What is Keycloak?
Overview Part 2 - Mechanism of API Authorization
Overview Part 3 - Basic Keycloak Terminology
Keycloak Part 1 - Installation
Keycloak Part 2 - Creating a Realm
Keycloak Part 3 - Creating a Client
Keycloak Part 4 - Creating Users
Keycloak Part 5 - Obtaining JSON Web Token (JWT)
Spring Part 1 - Creating an Application Template
Spring Part 2 - API Development
Spring Part 3 - Adding Security
Spring Part 4 - Application Configuration (Adding OAuth2 Resource Server Settings)
Spring Part 5 - API Access
Spring Part 6 - API Modification
Spring Part 7 - JSON Web Token (JWT) Conversion
Spring Part 8 - API Authorization Confirmation (Pre-authorization)
Spring Part 9 - API Modification
Spring Part 10 - API Authorization Confirmation (In-Method Authorization)

Who this course is for:

Basic knowledge of web application development (essential) - Server-side technology fundamentals (basic Java syntax knowledge/object-oriented concepts) - Basic network knowledge (HTTP methods, status codes, etc.)
Basic understanding of web security (beneficial, but not mandatory) - Basic understanding of OAuth 2.0 - Familiarity with terms like stateless/stateful/CSRF
Basic knowledge of the Spring Framework (beneficial, but not mandatory) - Understanding of Dependency Injection (DI) concepts - Familiarity with annotation-based implementation methods

Keycloak & Spring Security Bootcamp: API Auth for News App

What you'll learn

Explore related topics

Course content

Course Overview4 lectures • 14min

Keycloak & Spring Security Hands-on18 lectures • 3hr 5min

Bonus Lecture1 lecture • 1min

Requirements

Description

Who this course is for: