Я следую этому руководству, чтобы попытаться заставить мое приложение Spring (сделанное с JHipster) использовать Keycloak для аутентификации. https://www.baeldung.com/spring-boot-keycloak. Я помещаю код клавиатуры в dependencies и dependencyManagement и редактирую src/main/resources/config/application.yml следующим образом:
keycloak:
auth-server-url: https://my-keycloak-server.com/auth
realm: my-realm
resource: login-app
public-client: true
security-constraints:
- securityCollections:
- patterns: /api/*
Но когда я загружаю сайт, он делает не перенаправить меня на мой сервер keycloak, и я получаю ниже в журналах. Сайт ранее использовал имя пользователя / пароль, и эти учетные данные были сохранены в моей базе данных H2. Но сейчас я пытаюсь сменить это на брелок для ключей.
На этой странице рассказывается о получении access_token и refresh_token из Keycloak, но я не уверен, что код моей клавиатуры должен делать это автоматически, или если у меня слишком много кода в дополнительном вещи для него.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'login-app'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://my-keycloak-server/auth, tokenUrl: https://my-keycloak-server/auth/realms/my-realm/protocol/openid-connect/token, relativeUrls: NEVER
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/account
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/application-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z INFO 29291 - [ XNIO-2 task-1] io.undertow.servlet : Initializing Spring FrameworkServlet 'dispatcherServlet'
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-3] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-1] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.undertow.ServletSessionTokenStore : session was null, returning null
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : there was no code
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/api/profile-info
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:9061/error
2020-04-14T18:41:14Z DEBUG 29291 - [ XNIO-2 task-4] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
Также в SecurityConfiguration. java, у меня все еще есть такие вещи, как http.addFilterBefore(corsFilter,UsernamePasswordAuthenticationFilter.class)
...
.antMatchers("/api/**").authenticated(). Нужно ли мне менять большую часть этого кода, который когда-то просматривал имя пользователя / пароль для аутентификации?
Вот моя полная SecurityConfiguration. java - WebSecurityConfigurerAdapter
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final UserDetailsService userDetailsService;
private final TokenProvider tokenProvider;
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
private final ApplicationProperties applicationProperties;
private final SSOUserService ssoUserService;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService,
TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport,
ApplicationProperties applicationProperties, SSOUserService ssoUserService) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.userDetailsService = userDetailsService;
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
this.applicationProperties = applicationProperties;
this.ssoUserService = ssoUserService;
}
@PostConstruct
public void init() {
try {
authenticationManagerBuilder
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/app/**/*.{js,html}")
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling()
.authenticationEntryPoint(problemSupport)
.accessDeniedHandler(problemSupport)
.and()
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.apply(securityConfigurerAdapter());
if(applicationProperties.getSso().isEnabled()) {
http.apply(ssoConfigurerAdapter());
}
}
private JWTConfigurer securityConfigurerAdapter() {
return new JWTConfigurer(tokenProvider);
}
private IdAMSSOConfigurer ssoConfigurerAdapter() {
/*
* Set password encoder from this bean in this class.
* We can't use dependency injection because it
* creates a dependency cycle.
*/
ssoUserService.setPasswordEncoder(passwordEncoder());
return new IdAMSSOConfigurer(tokenProvider, ssoUserService);
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}