Recently I started an SaaS project. For any project, one of the first problems you need to solve is authentication and authorization. It's 2021 and it's quite foolish to build your own system to log users in and check their role. After a few weeks study available options, I decided to go with Spring Boot & Keycloak.
If you don't know Keycloak, it's an opensource project that help you quickly setup authentication & authorization for your app. In my case, this is a perfect fit.
- App has three roles member, moderator, admin
- API must have endpoints to create user and let user login
- Endpoints authorization could be configure with path prefix (for example /admin...) or by developer specifies the role allowed for each endpoint (using @RolesAllowed)
The project is available here on Github, you can checkout and try it right away:
If you need step by step tutorial, check my post here:
Keycloak is a mature solution for authorization and authentication. It has quite many customization that can fit into various needs. If you can use it in your project, it can save you a great deal of valuable time.