The latest articles on Forem by Pham Xuan Hoang Long (@hoanglong2534). https://forem.com/hoanglong2534 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3819388%2Fdd7dac54-aa3b-4a8a-a033-b03d1c868670.png https://forem.com/hoanglong2534 en Pham Xuan Hoang Long Thu, 12 Mar 2026 04:12:49 +0000 https://forem.com/hoanglong2534/the-simplest-way-to-integrate-keycloak-with-spring-boot-3-36h7 https://forem.com/hoanglong2534/the-simplest-way-to-integrate-keycloak-with-spring-boot-3-36h7 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4tj95w93kiqubcqoknph.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4tj95w93kiqubcqoknph.png" alt=" " width="800" height="482"></a></p> <p>Keycloak is a fantastic open-source Identity and Access Management tool, but integrating it into a Spring Boot application can sometimes feel overwhelming for beginners.</p> <p>In this quick guide, I'll show you the <strong>simplest way</strong> to secure your Spring Boot 3 REST APIs using Keycloak as an OAuth2 Resource Server. We will go straight to the code!</p> <h2> Step 1: Add the required dependencies </h2> <p>First, you don't need any complex Keycloak adapters anymore! Spring Security has built-in support for OAuth2 Resource Servers. Just add this to your <code>pom.xml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-security-oauth2-resource-server<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-web<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <h2> Step 2: Configure application.yaml </h2> <p>Next, tell Spring Boot where your Keycloak server is running. You only need to provide the <code>issuer-uri</code> of your Keycloak Realm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spring</span><span class="pi">:</span> <span class="na">security</span><span class="pi">:</span> <span class="na">oauth2</span><span class="pi">:</span> <span class="na">resourceserver</span><span class="pi">:</span> <span class="na">jwt</span><span class="pi">:</span> <span class="c1"># Replace with your actual Keycloak URL and Realm Name</span> <span class="na">issuer-uri</span><span class="pi">:</span> <span class="s">http://localhost:8180/realms/demo-keycloak</span> </code></pre> </div> <p><em>(Spring Boot will automatically fetch the public keys from Keycloak to validate incoming JWTs!)</em></p> <h2> Step 3: Setup Security Configuration </h2> <p>Now, let's configure <code>SecurityFilterChain</code> to protect our endpoints and enable the OAuth2 Resource Server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">import</span> <span class="nn">org.springframework.context.annotation.Bean</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.context.annotation.Configuration</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.security.config.annotation.web.builders.HttpSecurity</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.security.config.annotation.web.configuration.EnableWebSecurity</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.security.web.SecurityFilterChain</span><span class="o">;</span> <span class="nd">@Configuration</span> <span class="nd">@EnableWebSecurity</span> <span class="nd">@EnableMethodSecurity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecurityConfig</span> <span class="o">{</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">SecurityFilterChain</span> <span class="nf">filterChain</span><span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">http</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">http</span> <span class="o">.</span><span class="na">csrf</span><span class="o">(</span><span class="n">csrf</span> <span class="o">-&gt;</span> <span class="n">csrf</span><span class="o">.</span><span class="na">disable</span><span class="o">())</span> <span class="o">.</span><span class="na">authorizeHttpRequests</span><span class="o">(</span><span class="n">authorize</span> <span class="o">-&gt;</span> <span class="n">authorize</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/public-api/**"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">()</span> <span class="c1">// Public endpoints</span> <span class="o">.</span><span class="na">anyRequest</span><span class="o">().</span><span class="na">authenticated</span><span class="o">()</span> <span class="c1">// Protect everything else</span> <span class="o">)</span> <span class="o">.</span><span class="na">oauth2ResourceServer</span><span class="o">(</span><span class="n">oauth2</span> <span class="o">-&gt;</span> <span class="n">oauth2</span><span class="o">.</span><span class="na">jwt</span><span class="o">());</span> <span class="c1">// Enable JWT validation</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h2> Step 4: Get Current User Info in Controller </h2> <p>How do you know who is calling your API after they are authenticated? It's extremely simple! Just use <code>@AuthenticationPrincipal</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">import</span> <span class="nn">org.springframework.security.core.annotation.AuthenticationPrincipal</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.security.oauth2.jwt.Jwt</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.web.bind.annotation.GetMapping</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.web.bind.annotation.RestController</span><span class="o">;</span> <span class="nd">@RestController</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">UserController</span> <span class="o">{</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/profile"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getUserProfile</span><span class="o">(</span><span class="nd">@AuthenticationPrincipal</span> <span class="nc">Jwt</span> <span class="n">jwt</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Get Keycloak User ID</span> <span class="nc">String</span> <span class="n">keycloakId</span> <span class="o">=</span> <span class="n">jwt</span><span class="o">.</span><span class="na">getSubject</span><span class="o">();</span> <span class="c1">// You can also extract custom claims!</span> <span class="nc">String</span> <span class="n">username</span> <span class="o">=</span> <span class="n">jwt</span><span class="o">.</span><span class="na">getClaimAsString</span><span class="o">(</span><span class="s">"preferred_username"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">email</span> <span class="o">=</span> <span class="n">jwt</span><span class="o">.</span><span class="na">getClaimAsString</span><span class="o">(</span><span class="s">"email"</span><span class="o">);</span> <span class="k">return</span> <span class="s">"Hello "</span> <span class="o">+</span> <span class="n">username</span> <span class="o">+</span> <span class="s">"! Your ID is: "</span> <span class="o">+</span> <span class="n">keycloakId</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h2> 🎯 Conclusion </h2> <p>That's it! With just a few lines of configuration, your Spring Boot app is now securely integrated with Keycloak using modern OAuth2 standards. No messy XML, no deprecated Keycloak adapters.</p> <p>If you want to see the complete working project, including custom User and Avatar upload integrations, check out my <strong>GitHub Repository:</strong><br> 👉 <strong><a href="https://github.com/hoanglong2534/spring-keycloak" rel="noopener noreferrer">hoanglong2534/spring-keycloak</a></strong></p> <p>Happy coding! 💻🔥</p> java springboot keycloak tutorial