spring boot2 + spring security + keycloak 4.1 demo

问题：

网上的大多是 spring boot 1.x

解决；

完整的代码 : https://github.com/giant35/sp-keycloak1
应该重点看官方文档中的 spring security 部分，然后再把 spring boot 部分的也加上

重点：

pom.xml

<dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-security-adapter</artifactId>
            <version>4.1.0.Final</version>
        </dependency>
        <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-boot-starter</artifactId>
            <version>4.1.0.Final</version>
        </dependency>

<groupId>org.keycloak</groupId>

<artifactId>keycloak-spring-security-adapter</artifactId>

<version>4.1.0.Final</version>

</dependency>

<groupId>org.keycloak</groupId>

<artifactId>keycloak-spring-boot-starter</artifactId>

<version>4.1.0.Final</version>

</dependency>

application.yml

server:
    port: 8888
spring:
    mvc:
        view:
            prefix: /WEB-INF/
            suffix: .jsp
keycloak:
    realm: master
    #auth-server-url: http://203.195.145.114:8080/auth
    auth-server-url: http://localhost:8080/auth
    ssl-required: none
    resource: sp-keycloak1
    credentials.secret: 11111111-1111-1111-1111-111111111111
    use-resource-role-mappings: true  
    principal-attribute: preferred_username
logging:
    level:
        org.springframework: DEBUG
        org.keycloak: DEBUG

server:

port: 8888

spring:

mvc:

view:

prefix: /WEB-INF/

suffix: .jsp

keycloak:

realm: master

#auth-server-url: http://203.195.145.114:8080/auth

auth-server-url: http://localhost:8080/auth

ssl-required: none

resource: sp-keycloak1

credentials.secret: 11111111-1111-1111-1111-111111111111

use-resource-role-mappings: true

principal-attribute: preferred_username

logging:

level:

org.springframework: DEBUG

org.keycloak: DEBUG

securityConfig.java

package demo.spkeycloak1;

import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter;
import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Bean
    public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(
            KeycloakAuthenticationProcessingFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(
            KeycloakPreAuthActionsFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(
            KeycloakAuthenticatedActionsFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Bean
    public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(
            KeycloakSecurityContextRequestFilter filter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    /**
     * Registers the KeycloakAuthenticationProvider with the authentication
     * manager.
     * @param auth
     * @throws java.lang.Exception
     */
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    @Bean
    public KeycloakConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    /**
     * Defines the session authentication strategy.
     * @return 
     */
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .authorizeRequests()
                .antMatchers("/user*").authenticated()
                //.antMatchers("/admin*").hasRole("ADMIN")
                .anyRequest().permitAll();
    }
}

package demo.spkeycloak1;

import org.keycloak.adapters.KeycloakConfigResolver;

import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;

import org.keycloak.adapters.springsecurity.KeycloakConfiguration;

import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;

import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter;

import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;

import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter;

import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.core.session.SessionRegistryImpl;

import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;

import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@KeycloakConfiguration

public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

@Bean

public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(

KeycloakAuthenticationProcessingFilter filter) {

FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);

registrationBean.setEnabled(false);

return registrationBean;

}

@Bean

public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(

KeycloakPreAuthActionsFilter filter) {

FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);

registrationBean.setEnabled(false);

return registrationBean;

}

@Bean

public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(

KeycloakAuthenticatedActionsFilter filter) {

FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);

registrationBean.setEnabled(false);

return registrationBean;

}

@Bean

public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(

KeycloakSecurityContextRequestFilter filter) {

FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);

registrationBean.setEnabled(false);

return registrationBean;

}

/**

* Registers the KeycloakAuthenticationProvider with the authentication

* manager.

* @param auth

* @throws java.lang.Exception

@Autowired

public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

auth.authenticationProvider(keycloakAuthenticationProvider());

}

@Bean

public KeycloakConfigResolver KeycloakConfigResolver() {

return new KeycloakSpringBootConfigResolver();

}

/**

* Defines the session authentication strategy.

* @return

@Bean

@Override

protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {

return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());

}

@Override

protected void configure(HttpSecurity http) throws Exception {

super.configure(http);

http

.authorizeRequests()

.antMatchers("/user*").authenticated()

//.antMatchers("/admin*").hasRole("ADMIN")

.anyRequest().permitAll();

}

参考：

https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_boot_adapter

IT问题

程序员的疑难杂症录

spring boot2 + spring security + keycloak 4.1 demo

发表评论取消回复

发表评论 取消回复

发表评论取消回复