diff --git a/spring-cloud/spring-cloud-gateway/README-OAuth.md b/spring-cloud/spring-cloud-gateway/README-OAuth.md
new file mode 100644
index 0000000000..c186114589
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/README-OAuth.md
@@ -0,0 +1,40 @@
+# OAuth Test Setup
+
+In order to test the OAuth-secured gateway configurations, please follow the steps below
+
+## Keycloak setup
+
+1. Clone or download the https://github.com/Baeldung/spring-security-oauth project
+2. Replace the file `oauth-rest/oauth-authorization-server/src/main/resources/baeldung-realm.json`
+ with the one provider here
+3. Go to the oauth-rest/oauth-authorization-server folder and use maven to build the project
+4. Run the Keycloack service with `mvn spring-boot:run`
+5. Once Keycloak is up and running, go to `http://localhost:8083/auth/admin/master/console/#/realms/baeldung` and
+ log in with using `bael-admin/pass` as credentials
+6. Create two test users, so that one belongs to the *Golden Customers* group and the other doesn't.
+
+## Quotes backend
+
+Use the provided maven profile:
+
+```
+$ mvn spring-boot:run -Pquotes-application
+```
+
+## Gateway as Resource Server
+
+Use the provided maven profile:
+
+```
+$ mvn spring-boot:run -Pgateway-as-resource-server
+```
+
+## Gateway as OAuth 2.0 Client
+
+Use the provided maven profile:
+
+```
+$ mvn spring-boot:run -Pgateway-as-oauth-client
+```
+
+
diff --git a/spring-cloud/spring-cloud-gateway/baeldung-realm.json b/spring-cloud/spring-cloud-gateway/baeldung-realm.json
new file mode 100644
index 0000000000..4dad262568
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/baeldung-realm.json
@@ -0,0 +1,2186 @@
+{
+ "id": "baeldung",
+ "realm": "baeldung",
+ "notBefore": 0,
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "2f721e46-398b-43ff-845f-3c747f1f69f5",
+ "name": "standard",
+ "description": "Standard customer",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ },
+ {
+ "id": "b8b1cb49-c953-4cb0-acea-62b24c4b6d30",
+ "name": "silver",
+ "description": "Silver customer",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ },
+ {
+ "id": "f44f5ba9-2393-4d2a-b581-81cf8dd7f245",
+ "name": "gold",
+ "description": "Gold customers",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ },
+ {
+ "id": "3b6109f5-6e5a-4578-83c3-791ec3e2bf9e",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ },
+ {
+ "id": "0dd6a8c7-d669-4941-9ea1-521980e9c53f",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ },
+ {
+ "id": "ca962095-7f9b-49e2-a190-e391a0d4b704",
+ "name": "user",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "baeldung",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "newClient": [],
+ "realm-management": [
+ {
+ "id": "5d00243f-ceec-4b0c-995e-d86d5b8a0ae6",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "941612de-bd85-47a5-8dfa-37c270dde28c",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "5ea9810d-63cc-4277-9b32-ba8a3d3c6091",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "8b7b0dd8-350b-473e-b8cd-8acad34f1358",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "0f8e5ee8-b014-4b7c-9b69-50f46abcba5f",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "911b1489-9383-4734-b134-bf49bf992ce9",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "5d48274c-bd6b-4c26-ad54-f1a2254beac0",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "3ea43b64-316f-4693-8346-9ee78b24adaf",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "49735614-96ec-49b2-98fe-3af9bcd1a33a",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "e8f8c3cc-0ff1-4f72-a271-db6821a3cdb6",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "387418b1-4f80-4b00-b9dd-805ca041f805",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "427c27d4-521a-464b-a0df-16d7f537e8d5",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "view-clients",
+ "view-authorization",
+ "query-groups",
+ "manage-realm",
+ "query-clients",
+ "manage-clients",
+ "view-realm",
+ "manage-identity-providers",
+ "create-client",
+ "manage-users",
+ "view-identity-providers",
+ "query-users",
+ "query-realms",
+ "view-users",
+ "impersonation",
+ "manage-authorization",
+ "manage-events",
+ "view-events"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "a574cf01-03e4-4573-ab9e-276d13a1ce8d",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "c3a253a8-a1b6-4d38-9677-f728f32482ad",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "f3cb93da-273e-419a-b2f4-93f09896abcf",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "6eedf2b7-50ef-4495-a89b-54aef751b7fa",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "0332e99b-3dfc-4193-9e13-5728f8f3e6d6",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "b690cb9c-0f4a-4be5-ade0-b40443d8149d",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ },
+ {
+ "id": "aac3def5-f193-4a6c-9065-1667a0746a8a",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "attributes": {}
+ }
+ ],
+ "security-admin-console": [],
+ "quotes-client": [],
+ "admin-cli": [],
+ "account-console": [],
+ "broker": [
+ {
+ "id": "397b5703-4c81-48fd-a24c-a7e8177ef657",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "4b9609f0-48d1-4e71-9381-2ecec08616f9",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "8daa8096-d14e-4d1c-ad1f-83f822016aa1",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ },
+ {
+ "id": "15f0d8be-932b-4565-8ad0-e8aa170093dd",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ },
+ {
+ "id": "c5aa697c-bf87-47c6-bd94-9121b72420b9",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ },
+ {
+ "id": "f0b3bbe4-aec1-4227-b9d3-2c314d612a04",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ },
+ {
+ "id": "948269c7-a69c-4c82-a7f3-88868713dfd9",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ },
+ {
+ "id": "aed18201-2433-4998-8fa3-0979b0b31c10",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [
+ {
+ "id": "635c3314-f15f-4c02-bcb7-8739fd4c21b7",
+ "name": "golden_customers",
+ "path": "/golden_customers",
+ "attributes": {},
+ "realmRoles": [
+ "gold"
+ ],
+ "clientRoles": {},
+ "subGroups": []
+ },
+ {
+ "id": "279c5ec4-0588-4884-91c1-2697ed5c9826",
+ "name": "silver_customers",
+ "path": "/silver_customers",
+ "attributes": {},
+ "realmRoles": [
+ "silver"
+ ],
+ "clientRoles": {},
+ "subGroups": []
+ }
+ ],
+ "defaultRoles": [
+ "uma_authorization",
+ "offline_access"
+ ],
+ "requiredCredentials": [
+ "password"
+ ],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpSupportedApplications": [
+ "FreeOTP",
+ "Google Authenticator"
+ ],
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "12eebf0b-a3eb-49f8-9ecf-173cf8a00145",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/baeldung/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "defaultRoles": [
+ "manage-account",
+ "view-profile"
+ ],
+ "redirectUris": [
+ "/realms/baeldung/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "8209784b-8540-43c2-aece-241acf12ea5a",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/baeldung/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [
+ "/realms/baeldung/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "58395b96-1718-4787-8f92-74577e2bfc30",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "13d76feb-d762-4409-bb84-7a75bc395a61",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "4b9609f0-48d1-4e71-9381-2ecec08616f9",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "b88ce206-63d6-43b6-87c9-ea09d8c02f32",
+ "clientId": "newClient",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [
+ "http://localhost:8082/new-client/login/oauth2/code/custom",
+ "http://localhost:8089/",
+ "http://localhost:8089/auth/redirect/"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "saml.force.post.binding": "false",
+ "saml.multivalued.roles": "false",
+ "saml.encrypt": "false",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "role_list",
+ "profile"
+ ],
+ "optionalClientScopes": [
+ "web-origins",
+ "address",
+ "read",
+ "phone",
+ "roles",
+ "offline_access",
+ "microprofile-jwt",
+ "write",
+ "email"
+ ]
+ },
+ {
+ "id": "5898f71f-b91e-4c3f-9c86-48de0e8665c4",
+ "clientId": "quotes-client",
+ "name": "Quotes Client",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "0e082231-a70d-48e8-b8a5-fbfb743041b6",
+ "redirectUris": [
+ "http://localhost:8082/*",
+ "http://localhost:8087/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "saml.assertion.signature": "false",
+ "saml.multivalued.roles": "false",
+ "saml.force.post.binding": "false",
+ "saml.encrypt": "false",
+ "saml.server.signature": "false",
+ "saml.server.signature.keyinfo.ext": "false",
+ "exclude.session.state.from.auth.response": "false",
+ "saml_force_name_id_format": "false",
+ "saml.client.signature": "false",
+ "tls.client.certificate.bound.access.tokens": "false",
+ "saml.authnstatement": "false",
+ "display.on.consent.screen": "false",
+ "saml.onetimeuse.condition": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "008d32b5-ea7b-4739-89af-e90fe137bda9",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "6a4bfbd0-576d-4778-af56-56f876647355",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "8e358d2f-b085-4243-8e6e-c175431e5eeb",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/baeldung/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "**********",
+ "redirectUris": [
+ "/admin/baeldung/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "9cfca9ee-493d-4b5e-8170-2d364149de59",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "role_list",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "77c7e29d-1a22-4419-bbfb-4a62bb033449",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "94e1879d-b49e-4178-96e0-bf8d7f32c160",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "b3526ac1-10e2-4344-8621-9c5a0853e97a",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "d30270dc-baa6-455a-8ff6-ddccf8a78d86",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "f5b1684d-e479-4134-8578-457fa64717da",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "c658ae14-e96a-4745-b21b-2ed5c4c63f5f",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "959521bc-5ffd-465b-95f2-5b0c20d1909c",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "07b8550c-b298-4cce-9ffb-900182575b76",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "multivalued": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "569b3d44-4ecd-4768-a58c-70ff38f4b4fe",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "a3e7b19d-df6c-437e-9eea-06fec1becb2f",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "72a070f7-4363-4c88-8153-6fd2d12b9b04",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ },
+ {
+ "id": "24b42c6d-a93c-4aa1-9a03-2a2b55954c13",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "ba8c9950-fd0b-4434-8be6-b58456d7b6d4",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "0a9ddd71-309c-40f0-8ea6-a0791070c6ed",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "fbf53bbd-1ad0-4bf8-8030-50f81696d8ee",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "423be2cd-42c0-462e-9030-18f9b28ff2d3",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "53eb9006-4b81-474a-8b60-80f775d54b63",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4d8bc82a-eaeb-499e-8eb2-0f1dcbe91699",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "d3b25485-4042-419d-afff-cfd63a76e229",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "422cfa5a-f2f4-4f36-82df-91b47ae1ea50",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "3f2863c1-d98d-45b5-b08f-af9c4d9c10f8",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c98c063d-eee4-41a0-9130-595afd709d1f",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8dbed80a-d672-4185-8dda-4bba2a56ec83",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "5e5c690c-93cf-489d-a054-b109eab8911b",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "3b985202-af8a-42f1-ac5f-0966a404f5d7",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "6eafd1b3-7121-4919-ad1e-039fa58acc32",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "73cba925-8c31-443f-9601-b1514e6396c1",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "c1a2eb23-25c6-4be7-a791-bbdca99c83f7",
+ "name": "read",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "18e141bf-dabe-4858-879c-dbc439cdead4",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "10cbe37f-0198-4d65-bc8a-bfe5ad8145d1",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "111ed87a-5fd3-4cee-96df-8dbfb88cfdc0",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "24924d8d-6071-4a93-b40f-326176cb335e",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "2f6a9bdf-3758-484c-996d-e4f93555559f",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ },
+ {
+ "id": "804d4798-d9a3-4fd3-8b28-d12142e8cb3d",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "51d49314-b511-43e0-9258-bfb873758a78",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "2b384cd0-9e85-4a87-8eeb-2b480b0587b7",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "c3e253fb-7361-47cf-9d4a-86245686fdf1",
+ "name": "write",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true"
+ }
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "roles",
+ "role_list",
+ "web-origins",
+ "email",
+ "profile"
+ ],
+ "defaultOptionalClientScopes": [
+ "offline_access",
+ "address",
+ "phone",
+ "microprofile-jwt"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "84305f42-4b6d-4b0a-ac7c-53e406e3ac63",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "c7c38a95-744f-4558-a403-9cf692fe1944",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "365b2899-befe-4417-b89b-562650ec4446",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "81c32244-7921-43e9-9356-a3469259b78c",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "d09b2147-afea-4f7f-a49c-0aec7eee10de",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "41ffde1b-72a2-416f-87a7-94989e940dc0",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "saml-user-property-mapper",
+ "oidc-address-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-full-name-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-role-list-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "saml-user-attribute-mapper"
+ ]
+ }
+ },
+ {
+ "id": "76075388-2782-4656-a986-313493239a9f",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "3caaf57a-9cd7-48c1-b709-b40b887414f7",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-attribute-mapper",
+ "saml-user-property-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-full-name-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-address-mapper",
+ "saml-role-list-mapper",
+ "oidc-sha256-pairwise-sub-mapper"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "d67a940a-52e4-44a5-9f69-6ffdd67a188f",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "48d40de3-6234-42e8-9449-f68f56abb54b",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "52ea1c5d-2a30-459f-b66a-249f298b32f8",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS256"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "b35b726e-c1cc-4a31-8670-8c858c088498",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "flowAlias": "Handle Existing Account - Alternatives - 0",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "b7cb4b8c-0064-4c6b-95ee-d7f50011bae7",
+ "alias": "Handle Existing Account - Alternatives - 0",
+ "description": "Subflow of Handle Existing Account with alternative executions",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "2576bf21-a516-4e22-8ed8-8a1a3d35c06a",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "867b0355-c2b0-4f4e-b535-09406e2bc086",
+ "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional",
+ "description": "Flow to determine if the auth-otp-form authenticator should be used or not.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "52e45a6a-292f-4a34-9c02-7f97d9997a9c",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "flowAlias": "forms",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "ef818d24-fb06-418a-a093-16239068cb58",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "client-x509",
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "f7864004-be4b-40f2-8534-454981f09f98",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "flowAlias": "direct grant - direct-grant-validate-otp - Conditional",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "233225f2-78b0-4756-9568-a775ea7cc975",
+ "alias": "direct grant - direct-grant-validate-otp - Conditional",
+ "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "2787939c-3312-4d56-9d61-22a71947e154",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "c80ca473-6e65-4140-a9d1-035414546bfb",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "flowAlias": "first broker login - Alternatives - 0",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "700a71e1-f176-432e-9e70-ccb06d539730",
+ "alias": "first broker login - Alternatives - 0",
+ "description": "Subflow of first broker login with alternative executions",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "13cd2ee9-8ebb-4651-8a9d-535d4020d889",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "flowAlias": "forms - auth-otp-form - Conditional",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "80067ebf-72b9-4ba5-abc3-161dfdd53938",
+ "alias": "forms - auth-otp-form - Conditional",
+ "description": "Flow to determine if the auth-otp-form authenticator should be used or not.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "269354b1-7dd7-46ff-8a69-084cd2c7be80",
+ "alias": "http challenge",
+ "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "no-cookie-redirect",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "basic-auth",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "basic-auth-otp",
+ "requirement": "DISABLED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "requirement": "DISABLED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "c5fa64a0-e784-490f-8879-0e8a209e3636",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "bc48f897-4d16-49a8-be70-183c7867e20a",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "requirement": "DISABLED",
+ "priority": 60,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "fddaba41-87b1-40d1-b147-f062c38e39ad",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-password",
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "flowAlias": "reset credentials - reset-otp - Conditional",
+ "userSetupAllowed": false,
+ "autheticatorFlow": true
+ }
+ ]
+ },
+ {
+ "id": "6b9fa295-1eb4-48b0-a286-b17ebd6be7e1",
+ "alias": "reset credentials - reset-otp - Conditional",
+ "description": "Flow to determine if the reset-otp authenticator should be used or not.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ },
+ {
+ "id": "c890d4c4-e4e2-4618-b69d-8d30f8278965",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "userSetupAllowed": false,
+ "autheticatorFlow": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "2b02fbe4-e05e-4238-bb0e-04da7d4efd4e",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "07dd933b-ce95-4a7c-bd81-3efa24f9558c",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "attributes": {
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "clientSessionMaxLifespan": "0",
+ "clientOfflineSessionIdleTimeout": "0"
+ },
+ "keycloakVersion": "11.0.2",
+ "userManagedAccessAllowed": false
+}
\ No newline at end of file
diff --git a/spring-cloud/spring-cloud-gateway/pom.xml b/spring-cloud/spring-cloud-gateway/pom.xml
index 609ba54481..dcad2b7da6 100644
--- a/spring-cloud/spring-cloud-gateway/pom.xml
+++ b/spring-cloud/spring-cloud-gateway/pom.xml
@@ -83,23 +83,99 @@
org.springframework.boot
spring-boot-devtools
+
+
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
+
+
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.8.1
+
+ ${java.version}
+ ${java.version}
+
+
org.springframework.boot
spring-boot-maven-plugin
+
+
+
+ org.projectlombok
+ lombok
+
+
+
- Hoxton.SR3
- 2.2.6.RELEASE
+
+
6.0.2.Final
0.7.2
- 5.5.2
+ 9.19
+
-
+
+
+
+ quotes-application
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+ com.baeldung.springcloudgateway.oauth.backend.QuotesApplication
+
+
+
+
+
+
+ gateway-as-resource-server
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+ com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication
+ -Dspring.profiles.active=resource-server
+
+
+
+
+
+
+ gateway-as-oauth-client
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+ com.baeldung.springcloudgateway.oauth.server.ResourceServerGatewayApplication
+ -Dspring.profiles.active=oauth-client
+
+
+
+
+
+
\ No newline at end of file
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/custompredicates/config/CustomPredicatesConfig.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/custompredicates/config/CustomPredicatesConfig.java
index 0e88b29bcf..ea58eb7e46 100644
--- a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/custompredicates/config/CustomPredicatesConfig.java
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/custompredicates/config/CustomPredicatesConfig.java
@@ -1,6 +1,5 @@
package com.baeldung.springcloudgateway.custompredicates.config;
-import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.context.annotation.Bean;
@@ -24,14 +23,20 @@ public class CustomPredicatesConfig {
public RouteLocator routes(RouteLocatorBuilder builder, GoldenCustomerRoutePredicateFactory gf ) {
return builder.routes()
- .route("dsl_golden_route", r -> r.path("/dsl_api/**")
- .filters(f -> f.stripPrefix(1))
- .uri("https://httpbin.org")
- .predicate(gf.apply(new Config(true, "customerId"))))
- .route("dsl_common_route", r -> r.path("/dsl_api/**")
- .filters(f -> f.stripPrefix(1))
- .uri("https://httpbin.org")
- .predicate(gf.apply(new Config(false, "customerId"))))
+ .route("dsl_golden_route", r ->
+ r.predicate(gf.apply(new Config(true, "customerId")))
+ .and()
+ .path("/dsl_api/**")
+ .filters(f -> f.stripPrefix(1))
+ .uri("https://httpbin.org")
+ )
+ .route("dsl_common_route", r ->
+ r.predicate(gf.apply(new Config(false, "customerId")))
+ .and()
+ .path("/dsl_api/**")
+ .filters(f -> f.stripPrefix(1))
+ .uri("https://httpbin.org")
+ )
.build();
}
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/QuotesApplication.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/QuotesApplication.java
new file mode 100644
index 0000000000..96daf8a73d
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/QuotesApplication.java
@@ -0,0 +1,44 @@
+/**
+ *
+ */
+package com.baeldung.springcloudgateway.oauth.backend;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
+
+import com.baeldung.springcloudgateway.oauth.shared.KeycloakReactiveTokenInstrospector;
+
+/**
+ * @author Philippe
+ *
+ */
+@SpringBootApplication
+@PropertySource("classpath:quotes-application.properties")
+@EnableWebFluxSecurity
+public class QuotesApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(QuotesApplication.class);
+ }
+
+
+ @Bean
+ public ReactiveOpaqueTokenIntrospector keycloakIntrospector(OAuth2ResourceServerProperties props) {
+
+ NimbusReactiveOpaqueTokenIntrospector delegate = new NimbusReactiveOpaqueTokenIntrospector(
+ props.getOpaquetoken().getIntrospectionUri(),
+ props.getOpaquetoken().getClientId(),
+ props.getOpaquetoken().getClientSecret());
+
+ return new KeycloakReactiveTokenInstrospector(delegate);
+ }
+
+
+}
+
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/domain/Quote.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/domain/Quote.java
new file mode 100644
index 0000000000..042cfa63fa
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/domain/Quote.java
@@ -0,0 +1,35 @@
+package com.baeldung.springcloudgateway.oauth.backend.domain;
+
+
+public class Quote {
+
+ private String symbol;
+ private double price;
+
+ /**
+ * @return the symbol
+ */
+ public String getSymbol() {
+ return symbol;
+ }
+ /**
+ * @param symbol the symbol to set
+ */
+ public void setSymbol(String symbol) {
+ this.symbol = symbol;
+ }
+ /**
+ * @return the price
+ */
+ public double getPrice() {
+ return price;
+ }
+ /**
+ * @param price the price to set
+ */
+ public void setPrice(double price) {
+ this.price = price;
+ }
+
+
+}
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/web/QuoteApi.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/web/QuoteApi.java
new file mode 100644
index 0000000000..6d3721166c
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/backend/web/QuoteApi.java
@@ -0,0 +1,34 @@
+package com.baeldung.springcloudgateway.oauth.backend.web;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.baeldung.springcloudgateway.oauth.backend.domain.Quote;
+
+import reactor.core.publisher.Mono;
+
+@RestController
+public class QuoteApi {
+ private static final GrantedAuthority GOLD_CUSTOMER = new SimpleGrantedAuthority("gold");
+
+ @GetMapping("/quotes/{symbol}")
+ public Mono getQuote(@PathVariable("symbol") String symbol, BearerTokenAuthentication auth ) {
+
+ Quote q = new Quote();
+ q.setSymbol(symbol);
+
+ if ( auth.getAuthorities().contains(GOLD_CUSTOMER)) {
+ q.setPrice(10.0);
+ }
+ else {
+ q.setPrice(12.0);
+ }
+ return Mono.just(q);
+ }
+}
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/server/ResourceServerGatewayApplication.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/server/ResourceServerGatewayApplication.java
new file mode 100644
index 0000000000..1b85867f3b
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/server/ResourceServerGatewayApplication.java
@@ -0,0 +1,13 @@
+package com.baeldung.springcloudgateway.oauth.server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+
+@SpringBootApplication
+@EnableWebFluxSecurity
+public class ResourceServerGatewayApplication {
+ public static void main(String[] args) {
+ SpringApplication.run(ResourceServerGatewayApplication.class,args);
+ }
+}
diff --git a/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/shared/KeycloakReactiveTokenInstrospector.java b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/shared/KeycloakReactiveTokenInstrospector.java
new file mode 100644
index 0000000000..e834e6934d
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/java/com/baeldung/springcloudgateway/oauth/shared/KeycloakReactiveTokenInstrospector.java
@@ -0,0 +1,65 @@
+/**
+ *
+ */
+package com.baeldung.springcloudgateway.oauth.shared;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
+
+import reactor.core.publisher.Mono;
+
+/**
+ * Custom ReactiveTokenIntrospector to map realm roles into Spring GrantedAuthorities
+ *
+ */
+public class KeycloakReactiveTokenInstrospector implements ReactiveOpaqueTokenIntrospector {
+
+ private final ReactiveOpaqueTokenIntrospector delegate;
+
+ public KeycloakReactiveTokenInstrospector(ReactiveOpaqueTokenIntrospector delegate) {
+ this.delegate = delegate;
+ }
+
+ @Override
+ public Mono introspect(String token) {
+
+ return delegate.introspect(token)
+ .map( this::mapPrincipal);
+ }
+
+ protected OAuth2AuthenticatedPrincipal mapPrincipal(OAuth2AuthenticatedPrincipal principal) {
+
+ return new DefaultOAuth2AuthenticatedPrincipal(
+ principal.getName(),
+ principal.getAttributes(),
+ extractAuthorities(principal));
+ }
+
+ protected Collection extractAuthorities(OAuth2AuthenticatedPrincipal principal) {
+
+ //
+ Map> realm_access = principal.getAttribute("realm_access");
+ List roles = realm_access.getOrDefault("roles", Collections.emptyList());
+ List rolesAuthorities = roles.stream()
+ .map(SimpleGrantedAuthority::new)
+ .collect(Collectors.toList());
+
+ Set allAuthorities = new HashSet<>();
+ allAuthorities.addAll(principal.getAuthorities());
+ allAuthorities.addAll(rolesAuthorities);
+
+ return allAuthorities;
+ }
+
+}
diff --git a/spring-cloud/spring-cloud-gateway/src/main/resources/application-oauth-client.yml b/spring-cloud/spring-cloud-gateway/src/main/resources/application-oauth-client.yml
new file mode 100644
index 0000000000..b097c54eb1
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/resources/application-oauth-client.yml
@@ -0,0 +1,26 @@
+server:
+ port: 8087
+spring:
+ cloud:
+ gateway:
+ redis:
+ enabled: false
+ routes:
+ - id: quotes
+ uri: http://localhost:8085
+ predicates:
+ - Path=/quotes/**
+ filters:
- TokenRelay=
+ security:
+ oauth2:
+ client:
provider:
keycloak:
+ issuer-uri: http://localhost:8083/auth/realms/baeldung
+ registration:
quotes-client:
+ provider: keycloak
+ client-id: quotes-client
+ client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
+ scope:
- email
+ - profile
+ - roles
+
+
\ No newline at end of file
diff --git a/spring-cloud/spring-cloud-gateway/src/main/resources/application-resource-server.yml b/spring-cloud/spring-cloud-gateway/src/main/resources/application-resource-server.yml
new file mode 100644
index 0000000000..14f713a04a
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/resources/application-resource-server.yml
@@ -0,0 +1,19 @@
+server:
+ port: 8086
+spring:
+ security:
+ oauth2:
+ resourceserver:
+ opaquetoken:
+ introspection-uri: http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
+ client-id: quotes-client
+ client-secret: 0e082231-a70d-48e8-b8a5-fbfb743041b6
+ cloud:
+ gateway:
+ redis:
+ enabled: false
+ routes:
+ - id: quotes
+ uri: http://localhost:8085
+ predicates:
+ - Path=/quotes/**
diff --git a/spring-cloud/spring-cloud-gateway/src/main/resources/quotes-application.properties b/spring-cloud/spring-cloud-gateway/src/main/resources/quotes-application.properties
new file mode 100644
index 0000000000..48e8999b1b
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/main/resources/quotes-application.properties
@@ -0,0 +1,12 @@
+server.port=8085
+# Disable gateway & redis as we don't need them in this application
+spring.cloud.gateway.enabled=false
+spring.cloud.gateway.redis.enabled=false
+
+# Resource server settings
+spring.security.oauth2.resourceserver.opaquetoken.introspection-uri=http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/token/introspect
+spring.security.oauth2.resourceserver.opaquetoken.client-id=quotes-client
+spring.security.oauth2.resourceserver.opaquetoken.client-secret=0e082231-a70d-48e8-b8a5-fbfb743041b6
+
+
+
diff --git a/spring-cloud/spring-cloud-gateway/src/test/postman/OAuth_Gateway.postman_collection.json b/spring-cloud/spring-cloud-gateway/src/test/postman/OAuth_Gateway.postman_collection.json
new file mode 100644
index 0000000000..ac920a271b
--- /dev/null
+++ b/spring-cloud/spring-cloud-gateway/src/test/postman/OAuth_Gateway.postman_collection.json
@@ -0,0 +1,203 @@
+{
+ "info": {
+ "_postman_id": "b3d00e23-c2cd-40ce-a90b-673efb25e5c0",
+ "name": "Baeldung - OAuth",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+ },
+ "item": [
+ {
+ "name": "Token",
+ "event": [
+ {
+ "listen": "test",
+ "script": {
+ "exec": [
+ "var jsonData = pm.response.json();\r",
+ "pm.environment.set(\"access_token\", jsonData.access_token);\r",
+ "pm.environment.set(\"refresh_token\", jsonData.refresh_token);\r",
+ "pm.environment.set(\"backend_token\", \"Bearer \" + jsonData.access_token);"
+ ],
+ "type": "text/javascript"
+ }
+ }
+ ],
+ "request": {
+ "method": "POST",
+ "header": [],
+ "body": {
+ "mode": "urlencoded",
+ "urlencoded": [
+ {
+ "key": "client_id",
+ "value": "{{client_id}}",
+ "type": "text"
+ },
+ {
+ "key": "client_secret",
+ "value": "{{client_secret}}",
+ "type": "text"
+ },
+ {
+ "key": "grant_type",
+ "value": "password",
+ "type": "text"
+ },
+ {
+ "key": "scope",
+ "value": "email roles profile",
+ "type": "text"
+ },
+ {
+ "key": "username",
+ "value": "maxwell.smart",
+ "type": "text"
+ },
+ {
+ "key": "password",
+ "value": "1234",
+ "type": "text"
+ }
+ ]
+ },
+ "url": {
+ "raw": "{{keycloack_base}}/token",
+ "host": [
+ "{{keycloack_base}}"
+ ],
+ "path": [
+ "token"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Quote",
+ "protocolProfileBehavior": {
+ "disabledSystemHeaders": {
+ "accept": true
+ }
+ },
+ "request": {
+ "auth": {
+ "type": "bearer",
+ "bearer": [
+ {
+ "key": "token",
+ "value": "{{access_token}}",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "http://localhost:8085/quotes/:symbol",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8085",
+ "path": [
+ "quotes",
+ ":symbol"
+ ],
+ "variable": [
+ {
+ "key": "symbol",
+ "value": "IBM"
+ }
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Quote via Gateway",
+ "protocolProfileBehavior": {
+ "disabledSystemHeaders": {
+ "accept": true
+ }
+ },
+ "request": {
+ "auth": {
+ "type": "bearer",
+ "bearer": [
+ {
+ "key": "token",
+ "value": "{{access_token}}",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "http://localhost:8086/quotes/:symbol",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "8086",
+ "path": [
+ "quotes",
+ ":symbol"
+ ],
+ "variable": [
+ {
+ "key": "symbol",
+ "value": "IBM"
+ }
+ ]
+ }
+ },
+ "response": []
+ }
+ ],
+ "event": [
+ {
+ "listen": "prerequest",
+ "script": {
+ "type": "text/javascript",
+ "exec": [
+ ""
+ ]
+ }
+ },
+ {
+ "listen": "test",
+ "script": {
+ "type": "text/javascript",
+ "exec": [
+ ""
+ ]
+ }
+ }
+ ],
+ "variable": [
+ {
+ "key": "keycloack_base",
+ "value": "http://localhost:8083/auth/realms/baeldung/protocol/openid-connect"
+ },
+ {
+ "key": "client_id",
+ "value": "quotes-client"
+ },
+ {
+ "key": "client_secret",
+ "value": "56be94c8-b20a-4374-899c-e39cb022d3f8"
+ }
+ ]
+}
\ No newline at end of file