How to secure spring cloud data flow server with keycloak?

Question

I want to use keycloak as authentication and authorization server to secure a spring cloud data flow server and manage access to its endpoints.

I set up the scdf server's yml as described in spring's documentation: http://docs.spring.io/spring-cloud-dataflow/docs/1.7.0.RC1/reference/htmlsingle/#configuration-security-oauth2

As a result, authenticaton with users registered in keycloak works. But the authorization rules defined in keycloak do not apply. The reason seems to be the one described in the spring's documentation: http://docs.spring.io/spring-cloud-dataflow/docs/1.7.0.RC1/reference/htmlsingle/#configuration-security-oauth2-authorization

I have difficulties with "customizing the behavior" mentioned there. What exactly must be done? How do I provide the different bean needed? Is there another solution to using keycloak as authorization server for spring cloud dataflow? Does the recent spring security 5.1 release have an effect on this problem?

I am struggling with this for some time now and would appreciate any help or feedback. Thank you in advance!

Ilayaperumal Gopinathan Ilayaperumal Gopinathan · Accepted Answer · 2018-10-24T12:28:18

Spring Cloud Data Flow authorization is driven by the configuration set in the Authorization Properties with the prefix spring.cloud.dataflow.security.authorization as defined in SCDF.

The OAuth configuration retrieves this Authorization config to apply the rules. I am not familiar with keycloak rules. But, SCDF only allows HTTP based method rules as verified here

As long as you have the valid rules set in this, they will get applied in OAuth authorization configuration.

How to secure spring cloud data flow server with keycloak?

2 Answers