Skip to content
Introducing Aletyx Decision Control — Enterprise decision management with governance and multi-environment deployment ×

Spring Boot Implementation

If you're using Spring Boot™ instead of Quarkus™, here's how to implement similar security:

Step 1: Add Required Dependencies

Add these to your pom.xml:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Step 2: Configure Authentication

In your application.yml or application.properties:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:8280/auth/realms/workflow

Step 3: Configure Security Settings

Create a Security Configuration class:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/health", "/docs/**").permitAll()
                .requestMatchers("/admin/**").hasRole("admin")
                .requestMatchers("/api/**", "/workflows/**").authenticated()
                .anyRequest().authenticated()
            )
            .oauth2ResourceServer(oauth2 -> oauth2
                .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
            );
        return http.build();
    }

    private Converter<Jwt, AbstractAuthenticationToken> jwtAuthenticationConverter() {
        JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
        converter.setJwtGrantedAuthoritiesConverter(jwt -> {
            List<String> roles = jwt.getClaimAsStringList("roles");
            if (roles == null) {
                return Collections.emptyList();
            }
            return roles.stream()
                .map(role -> new SimpleGrantedAuthority("ROLE_" + role))
                .collect(Collectors.toList());
        });
        return converter;
    }
}

Enabling Management Console Connection with Spring Boot

For Spring Boot, you'll need to expose the OIDC configuration:

Step 1: Create a Controller to Expose OIDC Configuration

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class OidcConfigController {

    @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
    private String issuerUri;

    @GetMapping("/.well-known/openid-configuration")
    public Map<String, Object> getOidcConfig() {
        Map<String, Object> config = new HashMap<>();
        config.put("issuer", issuerUri);
        // Add other required OIDC properties
        return config;
    }
}

Empowering businesses with AI-driven decision-making and intelligent automation. Scalable solutions for Apache KIE, Drools, and Kogito.

SERVICES

RESOURCES

DEVELOPER TOOLS

COMPANY

© 2025 Aletyx, Inc. All rights reserved.

Terms of Use Privacy Policy Cookie Policy Cookie Settings