问题:
解决:
keycloak server 可以用 keycloak 4.1.0 ,其他版本应该也可以 。但是 adapter 需要用 4.0.0 ,adapter 4.1.0 不行
完整代码:https://github.com/giant35/sp1-keycloak
pom.xml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>demo</groupId> <artifactId>sp1-keycloak</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.3.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-security-adapter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-spring-boot-starter</artifactId> <version>4.0.0.Final</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> </project> |
application.yml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
server: port: 8888 spring: keycloak: realm: master auth-server-url: http://****/auth ssl-required: none resource: test1 credentials.secret: 11111111-1111-1111-1111-111111111111 use-resource-role-mappings: true principal-attribute: preferred_username logging: level: org.springframework: INFO org.keycloak: DEBUG |
App.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
package demo.sp1keycloak; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * * @author 老唐 */ @SpringBootApplication public class App { public static void main(String[] argv) { SpringApplication.run(App.class, argv); } } |
KeycloakSecurity.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
package demo.sp1keycloak; import org.keycloak.adapters.KeycloakConfigResolver; import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; import org.keycloak.adapters.springsecurity.KeycloakConfiguration; import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter; import org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.session.SessionRegistryImpl; import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; @KeycloakConfiguration public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter { @Bean public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean( KeycloakAuthenticationProcessingFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean( KeycloakPreAuthActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean( KeycloakAuthenticatedActionsFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } @Bean public FilterRegistrationBean keycloakSecurityContextRequestFilterBean( KeycloakSecurityContextRequestFilter filter) { FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter); registrationBean.setEnabled(false); return registrationBean; } /** * Registers the KeycloakAuthenticationProvider with the authentication * manager. * * @param auth * @throws java.lang.Exception */ @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { final KeycloakAuthenticationProvider p = keycloakAuthenticationProvider(); //final SimpleAuthorityMapper mapper = new SimpleAuthorityMapper(); //mapper.setPrefix(""); //p.setGrantedAuthoritiesMapper(mapper); auth.authenticationProvider(p); } @Bean public KeycloakConfigResolver KeycloakConfigResolver() { return new KeycloakSpringBootConfigResolver(); } /** * Defines the session authentication strategy. * * @return */ @Bean @Override protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); } @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .authorizeRequests() .antMatchers("/user*").authenticated() //.antMatchers("/admin*").hasRole("ADMIN") .anyRequest().permitAll().and().logout().logoutUrl("/ssologout").addLogoutHandler(this.keycloakLogoutHandler()); } } |
Controller1.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
package demo.sp1keycloak; import java.security.Principal; import java.util.Objects; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; /** * * @author 老唐 */ @RestController public class Controller1 { @RequestMapping("/") public String index() { return "hello"; } @RequestMapping("/user") public String user(Principal p) { Objects.requireNonNull(p); final StringBuffer sb = new StringBuffer(); sb.append("user:").append(p.getName()).append("\n"); sb.append("role:").append(SecurityContextHolder.getContext().getAuthentication().getAuthorities()); return sb.toString(); } @RequestMapping("/logout") public String logout(HttpServletRequest req) throws ServletException { req.logout(); return null; } } |
参考:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter