KeyCloak 配置和 Spring permitAll 不工作
KeyCloak configuration and Spring permitAll not working
我正在尝试使用 spring 引导配置 Keycloak。但是我配置的端点无论是打开的还是具有我 walys 的角色的端点都得到 401
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true,
jsr250Enabled = true)
public class KeycloakSecurityConfig extends
KeycloakWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/test/anoymous").permitAll();
.antMatchers("/test/user").hasAnyRole("user")
.antMatchers("/test/admin").hasAnyRole("admin")
.antMatchers("/test/all-user").hasAnyRole("user","admin")
.anyRequest()
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}
当我匿名访问测试端点时,我回来了
{
“时间戳”:“2021-07-08T20:39:21.265+0000”,
“状态”:401,
“错误”:“未经授权”,
"message": "未经授权",
“路径”:“/test/anonymous”
}
然而,即使使用 keycloak 令牌,我也会收到一个未授权的错误...与上面相同,但使用 Bearer 令牌。
@RestController
@RequestMapping("/test")
public class KeyController {
@RequestMapping(value="/anonymous", method=RequestMethod.GET)
public ResponseEntity<String> AdminEndpoint() {
return ResponseEntity.ok("Hello Anounymous");
}
@RolesAllowed("user")
@RequestMapping(value="/user", method=RequestMethod.GET)
public ResponseEntity<String> getUser(){
return ResponseEntity.ok("Hello User");
}
@RequestMapping(value="/admin", method=RequestMethod.GET)
public ResponseEntity<String> getAdmin(){
return ResponseEntity.ok("Hello Admin");
}
@RequestMapping(value="/all-users", method=RequestMethod.GET)
public ResponseEntity<String> getAllUsers(){
return ResponseEntity.ok("Hello to all");
}
}
它运行正常,但我尽可能地检查了堆栈上的每个 spring 安全配置,但没有任何效果。请帮助我。
这是Pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.io.keycloak</groupId>
<artifactId>keycloak</artifactId>
<version>0.0.1-SNAPSHOT</version>
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<spring.version>5.3.4</spring.version>
<keycloak.version>14.0.0</keycloak.version>
<java.version>11</java.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${keycloak.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我想通了...
1 - 找不到 class RestController,因为它在另一个包中。因此,在 main class 的主要功能所在的位置,我输入了 @ComponentScan 作为 RestController 所在的位置。
@SpringBootApplication
@ComponentScan("com.io*") //This was the issue...
public class mainApp {
public static void main(String[] args) {
//Hello
SpringApplication.run(mainApp.class, args);
}
}
仅供参考。即使使用 @RestController、@Component、@Controller 和其他自动 spring 会发现的注释,实际上也不会那样工作。有时您还需要输入@ComponentScan。
结果:
我正在尝试使用 spring 引导配置 Keycloak。但是我配置的端点无论是打开的还是具有我 walys 的角色的端点都得到 401
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true,
jsr250Enabled = true)
public class KeycloakSecurityConfig extends
KeycloakWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/test/anoymous").permitAll();
.antMatchers("/test/user").hasAnyRole("user")
.antMatchers("/test/admin").hasAnyRole("admin")
.antMatchers("/test/all-user").hasAnyRole("user","admin")
.anyRequest()
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}
当我匿名访问测试端点时,我回来了
{ “时间戳”:“2021-07-08T20:39:21.265+0000”, “状态”:401, “错误”:“未经授权”, "message": "未经授权", “路径”:“/test/anonymous” }
然而,即使使用 keycloak 令牌,我也会收到一个未授权的错误...与上面相同,但使用 Bearer 令牌。
@RestController
@RequestMapping("/test")
public class KeyController {
@RequestMapping(value="/anonymous", method=RequestMethod.GET)
public ResponseEntity<String> AdminEndpoint() {
return ResponseEntity.ok("Hello Anounymous");
}
@RolesAllowed("user")
@RequestMapping(value="/user", method=RequestMethod.GET)
public ResponseEntity<String> getUser(){
return ResponseEntity.ok("Hello User");
}
@RequestMapping(value="/admin", method=RequestMethod.GET)
public ResponseEntity<String> getAdmin(){
return ResponseEntity.ok("Hello Admin");
}
@RequestMapping(value="/all-users", method=RequestMethod.GET)
public ResponseEntity<String> getAllUsers(){
return ResponseEntity.ok("Hello to all");
}
}
它运行正常,但我尽可能地检查了堆栈上的每个 spring 安全配置,但没有任何效果。请帮助我。
这是Pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.io.keycloak</groupId>
<artifactId>keycloak</artifactId>
<version>0.0.1-SNAPSHOT</version>
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<spring.version>5.3.4</spring.version>
<keycloak.version>14.0.0</keycloak.version>
<java.version>11</java.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${keycloak.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我想通了...
1 - 找不到 class RestController,因为它在另一个包中。因此,在 main class 的主要功能所在的位置,我输入了 @ComponentScan 作为 RestController 所在的位置。
@SpringBootApplication
@ComponentScan("com.io*") //This was the issue...
public class mainApp {
public static void main(String[] args) {
//Hello
SpringApplication.run(mainApp.class, args);
}
}
仅供参考。即使使用 @RestController、@Component、@Controller 和其他自动 spring 会发现的注释,实际上也不会那样工作。有时您还需要输入@ComponentScan。
结果: