Question

Конечные точки:

"/ hello" (SecurityRule.IS_ANONYMOUS) возвращает TEXT_PLAIN "hello world"
"/ admin" (SecurityRule.IS_AUTHENTICATED) возвращает TEXT_PLAIN "привет администратор"

application.yml:

micronaut:
  security:
    enabled: true
    oauth2:
      enabled: true
      default-provider: keycloak
      callback-uri: /loggedin{/provider}
      login-uri: /{/provider}
      clients:
        keycloak:
          client-id: helloclient
          client-secret: SECRET
          openid:
            issuer: http://localhost:8080/auth/realms/hellorealm
    token:
      jwt:
        enabled: true
        cookie:
          enabled: false
    session:
      enabled: true

pom. xml:

    <dependency>
      <groupId>io.micronaut.configuration</groupId>
      <artifactId>micronaut-security-oauth2</artifactId>
    </dependency>
    <dependency>
      <groupId>io.micronaut</groupId>
      <artifactId>micronaut-security-jwt</artifactId>
    </dependency>
    <dependency>
      <groupId>io.micronaut</groupId>
      <artifactId>micronaut-security-session</artifactId>
    </dependency>
    <dependency>
      <groupId>io.micronaut</groupId>
      <artifactId>micronaut-security</artifactId>

Поведение:

На "/ Привет" я вижу "Привет, мир".

На "/ admin" я перенаправлен на страницу входа Keycloak, что я и хочу. После успешного входа в систему, кажется, снова и снова запрашивается «GET /», и в конце концов я вижу «ERR_TOO_MANY_REDIRECTS». Вместо этого я ожидал появления «hello admin».

Вопрос: Что не так и как мне это исправить?

Я новичок в Micronaut, поэтому может понадобиться объяснение "идиота".

РЕДАКТИРОВАТЬ

Conflic and log Keycloak

Область имеет одного пользователя (без ролей) и одного конфиденциального клиента с включенным только стандартным потоком. Описанный вариант использования не запускает какой-либо вывод в журнале. У пользователя есть активный сеанс после входа в систему. Используется версия 7.0.1.

Журнал приложения

$ mvn compile exec:exec
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/usr/share/maven/lib/guice.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Scanning for projects...
[INFO]
[INFO] ----------------------< hello.world:hello-world >-----------------------
[INFO] Building hello-world 0.1
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ hello-world ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ hello-world ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- exec-maven-plugin:1.6.0:exec (default-cli) @ hello-world ---
11:13:42.857 [main] DEBUG i.m.s.o.client.OpenIdClientFactory - Sending request for OpenID configuration for provider [keycloak] to URL [http://localhost:8080/auth/realms/hellorealm/.well-known/openid-configuration]
11:13:43.192 [main] DEBUG i.m.s.o.e.e.r.EndSessionEndpointResolver - Resolving the end session endpoint for provider [keycloak]. Looking for a bean with the provider name qualifier
11:13:43.196 [main] DEBUG i.m.s.o.e.e.r.EndSessionEndpointResolver - No EndSessionEndpoint bean found with a name qualifier of [keycloak]
11:13:43.199 [main] DEBUG i.m.s.o.e.e.r.EndSessionEndpointResolver - No EndSessionEndpoint can be resolved. The issuer for provider [keycloak] does not match any of the providers supported by default
11:13:43.221 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering login route [GET: ] for oauth configuration [keycloak]
11:13:43.223 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering default login route [GET: /] for oauth configuration [keycloak]
11:13:43.224 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering callback route [GET: /loggedin/keycloak] for oauth configuration [keycloak]
11:13:43.224 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering callback route [POST: /loggedin/keycloak] for oauth configuration [keycloak]
11:13:43.225 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering default callback route [GET: /loggedin] for oauth configuration [keycloak]
11:13:43.225 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Registering default callback route [POST: /loggedin] for oauth configuration [keycloak]
11:13:43.225 [main] DEBUG i.m.s.o.routes.OauthRouteBuilder - Skipped registration of logout route. No openid clients found that support end session
11:13:43.265 [main] INFO  io.micronaut.runtime.Micronaut - Startup completed in 12074ms. Server Running: http://localhost:8086
11:13:48.212 [nioEventLoopGroup-1-18] DEBUG i.m.s.o.e.t.r.p.PasswordGrantFactory - Skipped password grant flow for provider [keycloak] because the grant type is not 'password'
11:13:48.248 [pool-1-thread-4] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:48.249 [pool-1-thread-4] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:48.249 [pool-1-thread-4] DEBUG i.m.s.t.reader.DefaultTokenResolver - Request GET, /hello, no token found.
11:13:48.251 [pool-1-thread-4] DEBUG i.m.security.filters.SecurityFilter - No Authentication fetched for request. GET /hello.
11:13:48.253 [pool-1-thread-4] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /hello. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:13:48.330 [nioEventLoopGroup-1-18] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:48.331 [nioEventLoopGroup-1-18] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:48.331 [nioEventLoopGroup-1-18] DEBUG i.m.s.t.reader.DefaultTokenResolver - Request GET, /favicon.ico, no token found.
11:13:48.331 [nioEventLoopGroup-1-18] DEBUG i.m.security.filters.SecurityFilter - No Authentication fetched for request. GET /favicon.ico.
11:13:48.333 [nioEventLoopGroup-1-18] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /favicon.ico. No rule provider authorized or rejected the request.
11:13:56.693 [pool-1-thread-4] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:56.693 [pool-1-thread-4] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:56.693 [pool-1-thread-4] DEBUG i.m.s.t.reader.DefaultTokenResolver - Request GET, /admin, no token found.
11:13:56.693 [pool-1-thread-4] DEBUG i.m.security.filters.SecurityFilter - No Authentication fetched for request. GET /admin.
11:13:56.694 [pool-1-thread-4] DEBUG i.m.security.filters.SecurityFilter - Unauthorized request GET /admin. The rule provider io.micronaut.security.rules.SecuredAnnotationRule rejected the request.
11:13:56.713 [nioEventLoopGroup-1-20] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:56.713 [nioEventLoopGroup-1-20] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:13:56.713 [nioEventLoopGroup-1-20] DEBUG i.m.s.t.reader.DefaultTokenResolver - Request GET, /, no token found.
11:13:56.714 [nioEventLoopGroup-1-20] DEBUG i.m.security.filters.SecurityFilter - No Authentication fetched for request. GET /.
11:13:56.714 [nioEventLoopGroup-1-20] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.578 [nioEventLoopGroup-1-21] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:14:01.579 [nioEventLoopGroup-1-21] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:14:01.579 [nioEventLoopGroup-1-21] DEBUG i.m.s.t.reader.DefaultTokenResolver - Request GET, /loggedin/keycloak, no token found.
11:14:01.579 [nioEventLoopGroup-1-21] DEBUG i.m.security.filters.SecurityFilter - No Authentication fetched for request. GET /loggedin/keycloak.
11:14:01.580 [nioEventLoopGroup-1-21] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.662 [nioEventLoopGroup-1-22] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:01.709 [nioEventLoopGroup-1-22] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:01.710 [nioEventLoopGroup-1-22] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@650a71aa
11:14:01.712 [nioEventLoopGroup-1-22] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:01.732 [nioEventLoopGroup-1-22] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.749 [nioEventLoopGroup-1-23] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.749 [nioEventLoopGroup-1-23] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:01.752 [nioEventLoopGroup-1-23] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>1, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.752 [nioEventLoopGroup-1-23] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.754 [nioEventLoopGroup-1-23] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.784 [nioEventLoopGroup-1-24] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.784 [nioEventLoopGroup-1-24] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:01.784 [nioEventLoopGroup-1-24] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>1, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.785 [nioEventLoopGroup-1-24] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.818 [nioEventLoopGroup-1-25] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:01.824 [nioEventLoopGroup-1-25] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:01.824 [nioEventLoopGroup-1-25] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@190712ff
11:14:01.824 [nioEventLoopGroup-1-25] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:01.829 [nioEventLoopGroup-1-25] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.845 [nioEventLoopGroup-1-26] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.845 [nioEventLoopGroup-1-26] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:01.846 [nioEventLoopGroup-1-26] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.846 [nioEventLoopGroup-1-26] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.850 [nioEventLoopGroup-1-26] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.876 [nioEventLoopGroup-1-27] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.877 [nioEventLoopGroup-1-27] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:01.877 [nioEventLoopGroup-1-27] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.878 [nioEventLoopGroup-1-27] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.914 [nioEventLoopGroup-1-28] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:01.921 [nioEventLoopGroup-1-28] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:01.922 [nioEventLoopGroup-1-28] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@62789236
11:14:01.922 [nioEventLoopGroup-1-28] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:01.925 [nioEventLoopGroup-1-28] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.940 [nioEventLoopGroup-1-29] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.940 [nioEventLoopGroup-1-29] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:01.941 [nioEventLoopGroup-1-29] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.942 [nioEventLoopGroup-1-29] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:01.945 [nioEventLoopGroup-1-29] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.974 [nioEventLoopGroup-1-30] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:01.974 [nioEventLoopGroup-1-30] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:01.974 [nioEventLoopGroup-1-30] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:01.974 [nioEventLoopGroup-1-30] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.008 [nioEventLoopGroup-1-31] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:02.015 [nioEventLoopGroup-1-31] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:02.015 [nioEventLoopGroup-1-31] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@5b093c1f
11:14:02.015 [nioEventLoopGroup-1-31] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:02.019 [nioEventLoopGroup-1-31] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.039 [nioEventLoopGroup-1-32] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.039 [nioEventLoopGroup-1-32] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:02.041 [nioEventLoopGroup-1-32] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.041 [nioEventLoopGroup-1-32] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.043 [nioEventLoopGroup-1-32] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.067 [nioEventLoopGroup-1-33] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.068 [nioEventLoopGroup-1-33] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:02.069 [nioEventLoopGroup-1-33] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.070 [nioEventLoopGroup-1-33] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.101 [nioEventLoopGroup-1-34] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:02.106 [nioEventLoopGroup-1-34] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:02.107 [nioEventLoopGroup-1-34] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@4bc35592
11:14:02.107 [nioEventLoopGroup-1-34] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:02.111 [nioEventLoopGroup-1-34] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.124 [nioEventLoopGroup-1-35] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.124 [nioEventLoopGroup-1-35] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:02.126 [nioEventLoopGroup-1-35] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.126 [nioEventLoopGroup-1-35] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.129 [nioEventLoopGroup-1-35] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.147 [nioEventLoopGroup-1-36] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.147 [nioEventLoopGroup-1-36] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:02.148 [nioEventLoopGroup-1-36] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.148 [nioEventLoopGroup-1-36] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.177 [nioEventLoopGroup-1-37] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:02.183 [nioEventLoopGroup-1-37] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:02.183 [nioEventLoopGroup-1-37] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@453a590f
11:14:02.183 [nioEventLoopGroup-1-37] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:02.186 [nioEventLoopGroup-1-37] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.194 [nioEventLoopGroup-1-38] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.194 [nioEventLoopGroup-1-38] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /
11:14:02.195 [nioEventLoopGroup-1-38] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.195 [nioEventLoopGroup-1-38] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.198 [nioEventLoopGroup-1-38] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.217 [nioEventLoopGroup-1-39] DEBUG i.m.s.h.CookieHttpSessionIdGenerator - cookie value: NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh
11:14:02.217 [nioEventLoopGroup-1-39] DEBUG i.m.s.http.CookieHttpSessionStrategy - path 66781c5b-c33c-4a2b-bf18-b0bef4feb2ba, session id: /loggedin/keycloak
11:14:02.218 [nioEventLoopGroup-1-39] DEBUG i.m.security.filters.SecurityFilter - Attributes: acr=>0, email_verified=>false, azp=>helloclient, auth_time=>1579256041, roles=>[], typ=>ID, preferred_username=>testuser, session_state=>97dc8d71-1e01-4cc4-b975-c5956bd56700, oauth2Provider=>keycloak, username=>0d348cc9-e8ef-41bd-9628-7d9ec58972d8
11:14:02.218 [nioEventLoopGroup-1-39] DEBUG i.m.security.filters.SecurityFilter - Authorized request GET /loggedin/keycloak. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
11:14:02.253 [nioEventLoopGroup-1-40] DEBUG i.m.s.t.j.s.jwks.JwksSignature - JWT validation URL: http://localhost:8080/auth/realms/hellorealm/protocol/openid-connect/certs
11:14:02.258 [nioEventLoopGroup-1-40] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - JWT is signed
11:14:02.258 [nioEventLoopGroup-1-40] DEBUG i.m.s.t.j.v.JwtTokenValidatorUtils - Using signature configuration: io.micronaut.security.token.jwt.signature.jwks.JwksSignature@220355fc
11:14:02.259 [nioEventLoopGroup-1-40] DEBUG i.m.s.t.j.s.jwks.JwksSignature - Found 1 matching JWKs
11:14:02.263 [nioEventLoopGroup-1-40] DEBUG i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, cookie value NjY3ODFjNWItYzMzYy00YTJiLWJmMTgtYjBiZWY0ZmViMmJh

James Kleeh · Answer 1 · 18 января 2020

Проблема заключается в вашей конфигурации.

Вы установили маршрут входа по умолчанию равным /, поэтому после перенаправления обратно на / он перенаправляется обратно на keycloak.

Попробуйте: login-uri: /login{/provider}

/loggedin/keycloak вызывает перенаправление на /, что вызывает перенаправление на ключ, который затем возвращается обратно к /loggedin/keycloak, то есть к кругу.

i.m.s.http.CookieHttpSessionStrategy - path /loggedin/keycloak, 
...
i.m.s.http.CookieHttpSessionStrategy - path /,

«Слишком много перенаправлений» при защите приложения micronaut с помощью openid (keycloak)

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

«Слишком много перенаправлений» при защите приложения micronaut с помощью openid (keycloak)

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Похожие темы