spring-boot - 具有 SSO 和表单登录的 Spring 安全性
问题描述
我的应用程序有表单登录,现在我想使用 Keycloak 集成我的 freeIPA 帐户。
我WebSecurityConfigurerAdapter
下面有2个
安全配置.java
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final AccountDetailsService accountDetailsService;
private static final String[] IGNORED_RESOURCE_LIST = new String[]{
"/resources/**",
"/static/**",
"/webjars/**",
"/plugins/**",
"/imgs/**",
"/fonts/**",
"/vendors/**",
"/flags/**",
"/js/**",
"/sso/login",
"/css/**"};
private static final String[] PERMIT_ALL_RESOURCE_LIST = new String[]{
"/actuator/health/**",
"/login/**",
"/json/**",
"/auth/**",
"/error/**"};
@Autowired
public SecurityConfiguration(AccountDetailsService accountDetailsService) {
this.accountDetailsService = accountDetailsService;
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(IGNORED_RESOURCE_LIST);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider
= new DaoAuthenticationProvider();
authProvider.setUserDetailsService(accountDetailsService);
authProvider.setPasswordEncoder(encoder());
return authProvider;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers(PERMIT_ALL_RESOURCE_LIST).permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/auth/login").failureUrl("/auth/login?message=error").permitAll()
.and().logout().permitAll();
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry()).expiredUrl("/auth/login");
}
}
和 KeycloakSecurityConfig.java
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
@Order(2)
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(
AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(
new SessionRegistryImpl());
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().anyRequest().authenticated();
}
}
从登录页面我有一个使用 Keycloak 登录的按钮。它使用 url 重定向到 Keycloak 登录页面,/sso/login
但登录后我被重定向回应用程序登录页面。
任何人都可以启发我这个案例。如何在我的应用程序中实现表单登录和 SSO 登录?
提前致谢。任何帮助,将不胜感激。
解决方案
推荐阅读
- apache - 启动 httpd:/usr/sbin/httpd:符号查找错误:/usr/sbin/httpd:未定义符号:apr_procattr_perms_set_register
- tensorflow - 将 Google colab 连接到 Google Cloud Platform 中的 VM 实例?
- laravel - Laravel Cache 的 owner release 和 forceRelease 的区别
- python - Django 搜索向量
- django - 在启动 celery 和 celery-beat 容器之前等待 django app 容器运行以防止 UniqueViolation 错误?
- database - How do we perform swap operation in conflict-serializability?
- python - Apache Airflow 中的 Python 语法
- python - MATLAB中是否有与纤维测量等效的Python函数?
- python - Pytorch,将顺序输出转换为二进制的标准层?
- java - 使用 Primefaces 数据表显示嵌套列表