Keycloak 使用 securityCollections
Keycloak use of securityCollections
我在某处看到人们将此配置放入他们的 Spring 应用程序:
keycloak.securityConstraints[0].authRoles[0]=user
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/testUser
keycloak.securityConstraints[1].authRoles[0]=offline_access
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/testAdmin
您可以看到 securityCollections 索引始终为零。我的问题是:
- 什么是
securityCollections,它有什么用?
- 我们什么时候有
securityCollections[1],
securityCollections[2], ...?
Keycloak 的 securityCollections 配置类似于 Java EE web-resource-collection 配置,参见 Easily secure your Spring Boot applications with Keycloak:
Defining Keycloak's configuration
[...]
Then we need to define some Security constraints as you will do with a Java EE app in your web.xml:
keycloak.security-constraints[0].authRoles[0]=user
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/products/*
Here, we simply define that every request to /products/* should be done with an authenticated user and that this user should have the role "user".
和Securing Applications and Services Guide
2.1.6. Spring Boot Adapter
[...]
You also need to specify the Java EE security config that would normally go in the web.xml. The Spring Boot Adapter will set the login-method to KEYCLOAK and configure the security-constraints at startup time. Here’s an example configuration:
keycloak.securityConstraints[0].authRoles[0] = admin
keycloak.securityConstraints[0].authRoles[1] = user
keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure
keycloak.securityConstraints[1].authRoles[0] = admin
keycloak.securityConstraints[1].securityCollections[0].name = admin stuff
keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /admin
有关 web-resource-collection 的更多信息,请参阅 Java Platform, Enterprise Edition: The Java EE Tutorial。
我在某处看到人们将此配置放入他们的 Spring 应用程序:
keycloak.securityConstraints[0].authRoles[0]=user
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/testUser
keycloak.securityConstraints[1].authRoles[0]=offline_access
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/testAdmin
您可以看到 securityCollections 索引始终为零。我的问题是:
- 什么是
securityCollections,它有什么用? - 我们什么时候有
securityCollections[1],securityCollections[2], ...?
Keycloak 的 securityCollections 配置类似于 Java EE web-resource-collection 配置,参见 Easily secure your Spring Boot applications with Keycloak:
Defining Keycloak's configuration
[...]
Then we need to define some Security constraints as you will do with a Java EE app in your web.xml:keycloak.security-constraints[0].authRoles[0]=user keycloak.security-constraints[0].securityCollections[0].patterns[0]=/products/*Here, we simply define that every request to /products/* should be done with an authenticated user and that this user should have the role "user".
和Securing Applications and Services Guide
2.1.6. Spring Boot Adapter
[...]
You also need to specify the Java EE security config that would normally go in the web.xml. The Spring Boot Adapter will set the login-method to KEYCLOAK and configure the security-constraints at startup time. Here’s an example configuration:keycloak.securityConstraints[0].authRoles[0] = admin keycloak.securityConstraints[0].authRoles[1] = user keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /insecure keycloak.securityConstraints[1].authRoles[0] = admin keycloak.securityConstraints[1].securityCollections[0].name = admin stuff keycloak.securityConstraints[1].securityCollections[0].patterns[0] = /admin
有关 web-resource-collection 的更多信息,请参阅 Java Platform, Enterprise Edition: The Java EE Tutorial。