java - 在我的 Spring 应用程序上启用 Keycloak 时没有被重定向到 Keycloak
问题描述
我正在按照本指南尝试让我的 Spring 应用程序(使用 JHipster 制作)使用 Keycloak 进行身份验证。https://www.baeldung.com/spring-boot-keycloak。我将 keycloak 代码放入dependencies
and中,并使用以下内容进行dependencyManagement
编辑:src/main/resources/config/application.yml
keycloak:
auth-server-url: https://my-keycloak-server.com/auth
realm: my-realm
resource: login-app
public-client: true
security-constraints:
- securityCollections:
- patterns: /api/*
但是当我加载站点时,它不会将我重定向到我的 keycloak 服务器,并且我在日志中得到以下信息。该站点之前使用的是用户名/密码,这些凭据存储在我的 H2 数据库中。但我现在正试图将其更改为我正在运行的密钥斗篷。
该页面确实谈到了从 Keycloak 获取access_token
and refresh_token
,但我不确定我拥有的 keycloak 代码是否应该自动执行此操作,或者我是否有太多代码用于它的其他内容。
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z INFO 29291 - [ XNIO-2 task-1] io.undertow.servlet : Initializing Spring FrameworkServlet 'dispatcherServlet'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
同样在 SecurityConfiguration.java 中,我还有
http.addFilterBefore(corsFilter,UsernamePasswordAuthenticationFilter.class)
...
.antMatchers("/api/**").authenticated()
. 我是否必须更改大部分曾经查看用户名/密码进行身份验证的代码?
这是我完整的 SecurityConfiguration.java - WebSecurityConfigurerAdapter
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final UserDetailsService userDetailsService;
private final TokenProvider tokenProvider;
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
private final ApplicationProperties applicationProperties;
private final SSOUserService ssoUserService;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService,
TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport,
ApplicationProperties applicationProperties, SSOUserService ssoUserService) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.userDetailsService = userDetailsService;
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
this.applicationProperties = applicationProperties;
this.ssoUserService = ssoUserService;
}
@PostConstruct
public void init() {
try {
authenticationManagerBuilder
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/app/**/*.{js,html}")
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling()
.authenticationEntryPoint(problemSupport)
.accessDeniedHandler(problemSupport)
.and()
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.apply(securityConfigurerAdapter());
if(applicationProperties.getSso().isEnabled()) {
http.apply(ssoConfigurerAdapter());
}
}
private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
private IdAMSSOConfigurer ssoConfigurerAdapter() {
/*
* Set password encoder from this bean in this class.
* We can't use dependency injection because it
* creates a dependency cycle.
*/
ssoUserService.setPasswordEncoder(passwordEncoder());
return new IdAMSSOConfigurer(tokenProvider, ssoUserService);
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
解决方案
推荐阅读
- date - Google表格摘要数据-根据日期选择最新行
- amazon-web-services - aws S3 ListObjectsV2 api中的start-after是什么意思?
- r - 在 R 中使用 tapply(dataframe, index, function) 作为函数 2 列的参数
- google-cloud-platform - 外部 IP 无法访问 Google 云实例
- javascript - 连接函数名称reactjs
- python - 按钮不出现
- pine-script - 松脚本的开盘收盘价差
- javascript - 如何对 MapBox javascript 中的第二个标记进行地理编码?
- javascript - 将 UL LI 转换为多维数组
- braintree - Braintree 和 Node.js 创建子商户错误未授权