KeyClope配置和spring许可证不工作

6ju8rftf 于 2021-08-20 发布在 Java

关注(0)|答案(1)|浏览(315)

我正在尝试用spring boot配置Key斗篷。但是我配置的端点是开放的还是有角色的，我会得到401

@Configuration
   @EnableWebSecurity
   @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, 
    jsr250Enabled = true)
    public class KeycloakSecurityConfig extends 
   KeycloakWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests()
        .antMatchers("/test/anoymous").permitAll();
        .antMatchers("/test/user").hasAnyRole("user")
        .antMatchers("/test/admin").hasAnyRole("admin")
        .antMatchers("/test/all-user").hasAnyRole("user","admin")
        .anyRequest()
    http.csrf().disable();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
    auth.authenticationProvider(keycloakAuthenticationProvider);
}

@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}

@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
    return new KeycloakSpringBootConfigResolver();
}

}
当我点击测试端点匿名时，我返回
{“时间戳”：“2021-07-08t20:39:21.265+0000”，“状态”：401，“错误”：“未授权”，“消息”：“未授权”，“路径”：“/test/anonymous”}
然而，即使使用keydrope令牌，我也会得到一个未经授权的错误。。。与上述相同，但使用不记名令牌。

@RestController
@RequestMapping("/test") 
public class KeyController {

@RequestMapping(value="/anonymous", method=RequestMethod.GET)
public ResponseEntity<String> AdminEndpoint() {
    return ResponseEntity.ok("Hello Anounymous");
}

@RolesAllowed("user")
@RequestMapping(value="/user", method=RequestMethod.GET)
public ResponseEntity<String> getUser(){
    return ResponseEntity.ok("Hello User");
}

@RequestMapping(value="/admin", method=RequestMethod.GET)
public ResponseEntity<String> getAdmin(){
    return ResponseEntity.ok("Hello Admin");
}
@RequestMapping(value="/all-users", method=RequestMethod.GET)
public ResponseEntity<String> getAllUsers(){
    return ResponseEntity.ok("Hello to all");
}
}

它正常运行，但我尽可能检查了堆栈上的每个spring安全配置，但没有任何效果。请帮帮我。
这是pom.xml文件

<project xmlns="http://maven.apache.org/POM/4.0.0" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
    https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.io.keycloak</groupId>
   <artifactId>keycloak</artifactId>
   <version>0.0.1-SNAPSHOT</version>

<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<spring.version>5.3.4</spring.version>
<keycloak.version>14.0.0</keycloak.version>
<java.version>11</java.version>
</properties>

 <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.2.6.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
 </parent>

<dependencies>
  <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
 </dependency>

   <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
        <optional>true</optional>
    </dependency>

        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
        <exclusions>
            <exclusion>
                <groupId>org.junit.vintage</groupId>
                <artifactId>junit-vintage-engine</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>

 <dependency>
  <groupId>org.keycloak</groupId>
  <artifactId>keycloak-spring-boot-starter</artifactId>
  <version>${keycloak.version}</version>
 </dependency>
</dependencies>

   <build>
    <plugins>
     <plugin>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
    </plugin>
  </plugins>
 </build>
</project>

Java spring Keycloak

来源：https://stackoverflow.com/questions/68308507/keycloak-configuration-and-spring-permitall-not-working

1条答案

按热度按时间

klsxnrf11#

我想出来了。。。
1-找不到类restcontroller，因为它位于另一个包中。因此，在主函数为的主类中，我在@componentscan中输入restcontroller所在的位置。

@SpringBootApplication
@ComponentScan("com.io*") //This was the issue...
public class mainApp {
public static void main(String[] args) {
    //Hello
    SpringApplication.run(mainApp.class, args);
  }
}

仅供参考。即使使用@restcontroller、@component、@controller和spring自动查找的其他注解，实际上也不能以这种方式工作。有时还需要输入@componentscan。
结果是：