spring - 未调用自定义 ReactiveJwtAuthenticationConverterAdapter
问题描述
具有显式角色的页面得到 403,并且我的自定义 JwtAuthenticationConverter 没有被调用。怎么来的?
我使用 keycloak 作为 oauth2 提供程序,并且我使用 oauth2Login 来提示登录页面。我使用与spring文档中相同的代码。
package com.eLoomina.gateway.security
import org.slf4j.LoggerFactory
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.core.convert.converter.Converter
import org.springframework.security.authentication.AbstractAuthenticationToken
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
import org.springframework.security.web.server.SecurityWebFilterChain
import reactor.core.publisher.Mono
import java.util.stream.Collectors
@Configuration
@EnableWebFluxSecurity
class SecurityConfig {
companion object {
@Suppress("JAVA_CLASS_ON_COMPANION")
@JvmStatic
private val logger = LoggerFactory.getLogger(javaClass.enclosingClass)
}
@Bean
@Throws(Exception::class)
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http.authorizeExchange()
.pathMatchers("/login", "/").permitAll()
.pathMatchers("/login/with-role").hasRole("populate")
.anyExchange().authenticated()
.and()
.oauth2Login().and()
.oauth2ResourceServer().jwt().jwtAuthenticationConverter(grantedAuthoritiesExtractor())
return http.build()
}
fun grantedAuthoritiesExtractor(): Converter<Jwt, Mono<AbstractAuthenticationToken>> {
val extractor = KeycloakRealmRoleConverter()
return ReactiveJwtAuthenticationConverterAdapter(extractor)
}
class KeycloakRealmRoleConverter : JwtAuthenticationConverter() {
override fun extractAuthorities(jwt: Jwt): Collection<GrantedAuthority> {
val realmAccess = jwt.claims["realm_access"] as Map<String, Any>
logger.info("code not reached")
return (realmAccess["roles"] as List<String>).stream()
.map { roleName: String -> "ROLE_${roleName.toUpperCase()}" } // prefix to map to a Spring Security "role"
.map { role: String? -> SimpleGrantedAuthority(role) }
.collect(Collectors.toList())
}
}
}
解决方案
推荐阅读
- laravel - 当其中一个为空时,如何在雄辩的 laravel 中自定义 whereBetween
- javascript - 如何从 react-native 中的函数返回数据
- r - R中的替代特定条件Logit
- sequelize.js - 如何使用 sequelize 实现批量更新?
- r - 如何使用 pgmm 估计此回归?R
- tensorflow - 如何修复:'RuntimeError:会话图为空。在调用 run() 之前向图中添加操作。
- java - 使用带有身份验证标头的 AWS API 网关上传音频
- php - 管理员在 Laravel 中创建用户
- c++ - 我在这个程序中收到“退出,浮点异常”的错误,你能解释一下并给我新代码,为什么会这样?
- flutter - 使用 getX 颤振图像选择器