The goal of this project is to secure movies-app using Keycloak (with PKCE). movies-app consists of two applications: one is a Spring Boot Rest API called movies-api and another is a React application called movies-ui.
The Spring Boot and React integration with Keycloak presents an innovative solution for securing web applications, specifically the movies-app that includes two primary components: the movies-api, built with Spring Boot, and the movies-ui, a React frontend. This system effectively leverages Keycloak’s powerful authentication features via Proof Key for Code Exchange (PKCE), ensuring that user data remains secure while allowing for seamless interaction between the backend and frontend applications.
The setup not only provides secure access to sensitive data but also enhances user experience by incorporating a clean, responsive interface in the React application. With the added capability to manage user roles and permissions, this combination holds great potential for developers looking to build secure, full-stack applications quickly and efficiently.
Secure Authentication: Leveraging Keycloak, the application ensures that all sensitive endpoints in the movies-api are protected and can only be accessed with a valid JWT token.
Role-Based Access Control: Access to specific endpoints is restricted based on user roles, such as MOVIES_ADMIN and MOVIES_USER, providing a robust security model.
Data Management: The movies-api allows admin users to create, delete, and manage movie entries through a variety of RESTful endpoints.
Responsive UI: The movies-ui features a modern, user-friendly interface built with Semantic UI React, ensuring that users have an engaging experience when interacting with the application.
Robust Back-End: Built with Spring Boot, the movies-api provides a REST API to manage movie data effectively, connecting to a MongoDB database for optimal data handling.
JWT Integration: The application uses JSON Web Tokens (JWT) for secure, stateless communication between the frontend and backend, enhancing the application’s security posture.
Proof-of-Concept Availability: Users can access a range of Proof-of-Concepts and articles compiled to help guide developers through the process of implementing similar configurations.
User Management: Keycloak manages all user credentials, simplifying the authentication process and allowing for easy role assignments and adjustments within the application.
