2018年8月2日 | Leave a comment 问题: 解决: keycloak server 可以用 keycloak 4.1.0 ,其他版本应该也可以 。但是 adapter 需要用 4.0.0 ,adapter 4.1.0 不行 完整代码:https://github.com/giant35/sp1-keycloak pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>demo</groupId> <artifactId>sp1-keycloak</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.3.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-security-adapter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-boot-starter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> </project> 1234567891011121314151617181920212223242526272829303132333435363738 <?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>demo</groupId> <artifactId>sp1-keycloak</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.3.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-security-adapter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-boot-starter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties></project> application.yml server: port: 8888 spring: keycloak: realm: master auth-server-url: http://****/auth ssl-required: none resource: test1 credentials.secret: 11111111-1111-1111-1111-111111111111 use-resource-role-mappings: true principal-attribute: preferred_username logging: level: org.springframework: INFO org.keycloak: DEBUG 123456789101112131415 server: port: 8888spring:keycloak: realm: master auth-server-url: http://****/auth ssl-required: none resource: test1 credentials.secret: 11111111-1111-1111-1111-111111111111 use-resource-role-mappings: true principal-attribute: preferred_usernamelogging: level: org.springframework: INFO org.keycloak: DEBUG App.java package demo.sp1keycloak; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * * @author 老唐 */ @SpringBootApplication public class App { public static void main(String[] argv) { SpringApplication.run(App.class, argv); } } 1234567891011121314151617 package demo.sp1keycloak; import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication; /** * * @author 老唐 */@SpringBootApplicationpublic class App { public static void main(String[] argv) { SpringApplication.run(App.class, argv); } } KeycloakSecurity.java package demo.sp1keycloak; import org.keycloak.adapters.KeycloakConfigResolver; import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; import org.keycloak.adapters.springsecurity.KeycloakConfiguration; import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.session.SessionRegistryImpl; import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; @KeycloakConfiguration public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { @Bean public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean( KeycloakAuthenticationProcessingFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean( KeycloakPreAuthActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean( KeycloakAuthenticatedActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakSecurityContextRequestFilterBean( KeycloakSecurityContextRequestFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } /** * Registers the KeycloakAuthenticationProvider with the authentication * manager. * * @param auth * @throws java.lang.Exception */ @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { final KeycloakAuthenticationProvider p = keycloakAuthenticationProvider(); //final SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); //mapper.setPrefix(""); //p.setGrantedAuthoritiesMapper(mapper); auth.authenticationProvider(p); } @Bean public KeycloakConfigResolver KeycloakConfigResolver() { return new KeycloakSpringBootConfigResolver(); } /** * Defines the session authentication strategy. * * @return */ @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); } @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .authorizeRequests() .antMatchers("/user*").authenticated() //.antMatchers("/admin*").hasRole("ADMIN") .anyRequest().permitAll().and().logout().logoutUrl("/ssologout").addLogoutHandler(this.keycloakLogoutHandler()); } } 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 package demo.sp1keycloak; import org.keycloak.adapters.KeycloakConfigResolver;import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;import org.keycloak.adapters.springsecurity.KeycloakConfiguration;import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter;import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter;import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.core.session.SessionRegistryImpl;import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; @KeycloakConfigurationpublic class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { @Bean public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean( KeycloakAuthenticationProcessingFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean( KeycloakPreAuthActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean( KeycloakAuthenticatedActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakSecurityContextRequestFilterBean( KeycloakSecurityContextRequestFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } /** * Registers the KeycloakAuthenticationProvider with the authentication * manager. * * @param auth * @throws java.lang.Exception */ @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { final KeycloakAuthenticationProvider p = keycloakAuthenticationProvider(); //final SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); //mapper.setPrefix(""); //p.setGrantedAuthoritiesMapper(mapper); auth.authenticationProvider(p); } @Bean public KeycloakConfigResolver KeycloakConfigResolver() { return new KeycloakSpringBootConfigResolver(); } /** * Defines the session authentication strategy. * * @return */ @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); } @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .authorizeRequests() .antMatchers("/user*").authenticated() //.antMatchers("/admin*").hasRole("ADMIN") .anyRequest().permitAll().and().logout().logoutUrl("/ssologout").addLogoutHandler(this.keycloakLogoutHandler()); }} Controller1.java package demo.sp1keycloak; import java.security.Principal; import java.util.Objects; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * * @author 老唐 */ @RestController public class Controller1 { @RequestMapping("/") public String index() { return "hello"; } @RequestMapping("/user") public String user(Principal p) { Objects.requireNonNull(p); final StringBuffer sb = new StringBuffer(); sb.append("user:").append(p.getName()).append("\n"); sb.append("role:").append(SecurityContextHolder.getContext().getAuthentication().getAuthorities()); return sb.toString(); } @RequestMapping("/logout") public String logout(HttpServletRequest req) throws ServletException { req.logout(); return null; } } 12345678910111213141516171819202122232425262728293031323334353637 package demo.sp1keycloak; import java.security.Principal;import java.util.Objects;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController; /** * * @author 老唐 */@RestControllerpublic class Controller1 { @RequestMapping("/") public String index() { return "hello"; } @RequestMapping("/user") public String user(Principal p) { Objects.requireNonNull(p); final StringBuffer sb = new StringBuffer(); sb.append("user:").append(p.getName()).append("\n"); sb.append("role:").append(SecurityContextHolder.getContext().getAuthentication().getAuthorities()); return sb.toString(); } @RequestMapping("/logout") public String logout(HttpServletRequest req) throws ServletException { req.logout(); return null; }} 参考: https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter