对于带有SpringBoot2的Keycloak4.0.0Beta2感兴趣的读者,本文将会是一篇不错的选择,我们将详细介绍springbootactuatorv2,并为您提供关于ASP.NETCore
对于带有Spring Boot 2的Keycloak 4.0.0 Beta 2感兴趣的读者,本文将会是一篇不错的选择,我们将详细介绍spring boot actuator v2,并为您提供关于ASP.NET Core的Keycloak客户端、Docker(Spring Boot或Thorntail)和Keycloak、java – Docker(Spring Boot或Thorntail)和Keycloak、java – Spring Boot – KeyCloak指向403禁止的有用信息。
本文目录一览:- 带有Spring Boot 2的Keycloak 4.0.0 Beta 2(spring boot actuator v2)
- ASP.NET Core的Keycloak客户端
- Docker(Spring Boot或Thorntail)和Keycloak
- java – Docker(Spring Boot或Thorntail)和Keycloak
- java – Spring Boot – KeyCloak指向403禁止
带有Spring Boot 2的Keycloak 4.0.0 Beta 2(spring boot actuator v2)
当我尝试使用keycloak-spring-boot-starter(+ keycloak-adapter-bom)时。我得到一个错误。我想念什么吗?
我的密钥克隆运行正常。如果我尝试从pom文件中删除keycloak依赖项,那么Spring Boot应用程序也可以正常工作。
Java.lang.IllegalStateException:无法从ClassLoader内省Class
[org.keycloak.adapters.springboot.KeycloakAutoConfiguration]
java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.jmx.JmxAutoConfiguration.mbeanExporter at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:64) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:108) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForBeanMethod(ConfigurationClassBeanDefinitionReader.java:179) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForConfigurationClass(ConfigurationClassBeanDefinitionReader.java:141) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitions(ConfigurationClassBeanDefinitionReader.java:117) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:328) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:233) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:273) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:93) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:694) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:532) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1255) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1243) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at com.harmonies.chords.cloudfactory.CloudFactoryApplication.main(CloudFactoryApplication.java:14) [classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:564) ~[na:na] at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.0.1.RELEASE.jar:2.0.1.RELEASE]Caused by: java.lang.IllegalStateException: Failed to introspect Class [org.keycloak.adapters.springboot.KeycloakAutoConfiguration] from ClassLoader [jdk.internal.loader.ClassLoaders$AppClassLoader@1b9e1916] at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:659) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:556) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:541) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.getUniqueDeclaredMethods(ReflectionUtils.java:599) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryMethod(AbstractAutowireCapableBeanFactory.java:724) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineTargetType(AbstractAutowireCapableBeanFactory.java:665) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:633) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1489) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1012) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.boot.autoconfigure.condition.BeanTypeRegistry.addBeanTypeForNonAliasDefinition(BeanTypeRegistry.java:164) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.BeanTypeRegistry.addBeanType(BeanTypeRegistry.java:153) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.BeanTypeRegistry.updateTypesIfNecessary(BeanTypeRegistry.java:203) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.BeanTypeRegistry.getNamesForType(BeanTypeRegistry.java:115) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.OnBeanCondition.collectBeanNamesForType(OnBeanCondition.java:265) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getBeanNamesForType(OnBeanCondition.java:254) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getMatchingBeans(OnBeanCondition.java:196) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getMatchOutcome(OnBeanCondition.java:116) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:47) ~[spring-boot-autoconfigure-2.0.1.RELEASE.jar:2.0.1.RELEASE] ... 22 common frames omittedCaused by: java.lang.NoClassDefFoundError: org/springframework/boot/context/embedded/EmbeddedServletContainerCustomizer at java.base/java.lang.Class.getDeclaredMethods0(Native Method) ~[na:na] at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3139) ~[na:na] at java.base/java.lang.Class.getDeclaredMethods(Class.java:2266) ~[na:na] at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:641) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] ... 39 common frames omittedCaused by: java.lang.ClassNotFoundException: org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582) ~[na:na] at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:185) ~[na:na] at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496) ~[na:na] ... 43 common frames omitted2018-05-09 00:04:18.072 INFO 5898 --- [ restartedMain] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@1cc24c32: startup date [Wed May 09 00:04:17 CEST 2018]; parent: org.springframework.context.annotation.AnnotationConfigApplicationContext@6f034cb22018-05-09 00:04:18.074 WARN 5898 --- [ restartedMain] o.s.boot.SpringApplication : Unable to close ApplicationContextjava.lang.IllegalStateException: Failed to introspect Class [org.keycloak.adapters.springboot.KeycloakAutoConfiguration] from ClassLoader [jdk.internal.loader.ClassLoaders$AppClassLoader@1b9e1916] at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:659) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:556) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:541) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.util.ReflectionUtils.getUniqueDeclaredMethods(ReflectionUtils.java:599) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryMethod(AbstractAutowireCapableBeanFactory.java:724) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineTargetType(AbstractAutowireCapableBeanFactory.java:665) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:633) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1489) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:420) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:390) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:511) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:503) ~[spring-beans-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1198) ~[spring-context-5.0.5.RELEASE.jar:5.0.5.RELEASE] at org.springframework.boot.SpringApplication.getExitCodeFromMappedException(SpringApplication.java:889) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.getExitCodeFromException(SpringApplication.java:875) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.handleExitCode(SpringApplication.java:861) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.handleRunFailure(SpringApplication.java:810) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:338) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1255) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1243) [spring-boot-2.0.1.RELEASE.jar:2.0.1.RELEASE] at com.harmonies.chords.cloudfactory.CloudFactoryApplication.main(CloudFactoryApplication.java:14) [classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:564) ~[na:na] at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.0.1.RELEASE.jar:2.0.1.RELEASE]Caused by: java.lang.NoClassDefFoundError: org/springframework/boot/context/embedded/EmbeddedServletContainerCustomizer at java.base/java.lang.Class.getDeclaredMethods0(Native Method) ~[na:na] at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3139) ~[na:na] at java.base/java.lang.Class.getDeclaredMethods(Class.java:2266) ~[na:na] at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:641) ~[spring-core-5.0.5.RELEASE.jar:5.0.5.RELEASE] ... 25 common frames omittedCaused by: java.lang.ClassNotFoundException: org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582) ~[na:na] at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:185) ~[na:na] at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496) ~[na:na] ... 29 common frames omitted答案1
小编典典我有同样的问题。只要确保您包括spring boot 2启动器,就不要直接使用适配器。
compile ''org.keycloak:keycloak-spring-boot-2-starter:4.0.0.Beta2''
ASP.NET Core的Keycloak客户端
是否存在
Asp.net Core的Keycloak客户端?
I have found a NuGet package for .net但它不适用于Core.您是否有任何想法如何轻松地与此安全服务器集成(或可能使用任何其他替代方案)?
解决方法
我今天玩了一下这个.最简单的方法是使用OpenId标准.
在Startup.cs中,我使用了OpenIdConnect身份验证:
public void Configure(...)
{ (...)
app.UseCookieAuthentication(new CookieAuthenticationoptions
{
AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,AutomaticAuthenticate = true,CookieHttpOnly = true,CookieSecure = CookieSecurePolicy.SameAsRequest
});
app.USEOpenIdConnectAuthentication(CreateKeycloakOpenIdConnectOptions());`(...)
}`
OpenIdConnectOptions方法:
private OpenIdConnectOptions CreateKeycloakOpenIdConnectOptions()
{
var options = new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,Authority = Configuration["Authentication:KeycloakAuthentication:ServerAddress"]+"/auth/realms/"+ Configuration["Authentication:KeycloakAuthentication:Realm"],RequireHttpsMetadata = false,//only in development
PostlogoutRedirectUri = Configuration["Authentication:KeycloakAuthentication:PostlogoutRedirectUri"],ClientId = Configuration["Authentication:KeycloakAuthentication:ClientId"],ClientSecret = Configuration["Authentication:KeycloakAuthentication:ClientSecret"],ResponseType = OpenIdConnectResponseType.Code,GetClaimsFromUserInfoEndpoint = true,Savetokens = true
};
options.Scope.Add("openid");
return options;
}
在appsettings.json中添加Keycloak的配置:
{
(...),"Authentication": {
"KeycloakAuthentication": {
"ServerAddress": "http://localhost:8180","Realm": "demo","PostlogoutRedirectUri": "http://localhost:57630/","ClientId": "KeycloakASPNETCore","ClientSecret": "secret-get-it-in-keycloakConsole-client-credentials"
}
}
}
Keycloak客户端配置如下:
> Client settings,
> I’ve added ‘accounting’ role for test,
> I added mapper ‘member_of’ of type ‘User Client Role’ for roles so that roles are added in the claims
如果我想按角色授权用户,我会这样做:
在ConfigureServices方法中添加authorization by claims:
public void ConfigureServices(IServiceCollection services)
{
(...)
services.AddAuthorization(options =>
{
options.AddPolicy("Accounting",policy =>
policy.RequireClaim("member_of","[accounting]")); //this claim value is an array. Any suggestions how to extract just single role? This still works.
});
}
我在ValuesController(默认Web API模板)中编辑了get方法:
[Authorize(Policy = "Accounting")]
[Route("api/[controller]")]
public class ValuesController : Controller
{
// GET api/values
[HttpGet]
public Dictionary<string,string> Get()
{
var userPrinciple = User as ClaimsPrincipal;
var claims = new Dictionary<string,string>();
foreach (var claim in userPrinciple.Claims)
{
var key = claim.Type;
var value = claim.Value;
claims.Add(key,value);
}
return claims;
}
如果我使用具有会计角色的用户登录或具有会计角色的组,则应在地址localhost:57630 / api / values上显示我的用户声明.
我希望这适合你.
Docker(Spring Boot或Thorntail)和Keycloak
我在docker容器中都运行Spring Boot和Keycloak时遇到问题。
我首先在docker中运行带有MySQL的Keycloak和db。
services:
mysql:
image: mysql:5.7
container_name: mysql
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
networks:
- testNetwork
keycloak:
image: jboss/keycloak
container_name: keycloak
restart: on-failure
volumes:
- ./config:/config/
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: xxx
KEYCLOAK_PASSWORD: yyy
KEYCLOAK_IMPORT_REALM: /keycloak/import/realm-import.json
ports:
- 8180:8080
depends_on:
- mysql
networks:
- testNetwork
然后,我添加了我的领域(SpringBootKeycloak),我的客户端(testclient)和一个角色为’user’的用户。之后,我在Spring-
boot-application中添加了spring-security。并编辑了我的application.yml
spring:
main:
banner-mode: 'off'
application:
name: testclient
version: @project.version@
jpa:
hibernate:
ddl-auto: create
datasource:
url: jdbc:h2:mem:testclient;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
username: xxx
password: xxx
keycloak:
auth-server-url: http://localhost:8180/auth
realm: SpringBootKeycloak
resource: testclient
public-client: true
principal-attribute: preferred_username
security-constraints:
- authRoles:
- user
securityCollections:
- patterns:
- /*
server:
port: ${port:8090}
rest:
path: testclient
根据我添加了我的SecurityConfig:
/**
* Secure appropriate endpoints
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/*").hasRole("user") // only user with role user are allowed to access
.anyRequest().permitAll();
}
在本地运行SpringBoot-
Application运行正常。我必须使用keycloak登录并重定向到localhost:8090。但是,当我将SpringBoot-
Application添加到我的docker-compose并在容器中启动它时,我仍然会进入keycloak进行登录,但是当我应该重定向时会得到403。
testclient:
image: testclient
container_name: testclient
environment:
JAVA_OPTS: "-agentlib:jdwp=transport=dt_socket,address=5005,server=y,suspend=n"
build:
context: testclient-application
ports:
- 8090:8090
- 5006:5005
networks:
- testNetwork
具有以下容器日志:
{"@timestamp":"2018-08-16T11:50:11.530+00:00","@version":"1","message":"failed to turn code into token","logger_name":"org.keycloak.adapters.OAuthRequestAuthenticator","thread_name":"http-nio-8090-exec-6","level":"ERROR","level_value":40000,"stack_trace":"java.net.ConnectException: Connection refused (Connection refused)\n\tat java.net.PlainSocketImpl.socketConnect(Native Method)\n\tat java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)\n\tat java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)\n\tat java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)\n\tat java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)\n\tat java.net.Socket.connect(Socket.java:589)\n\tat org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)\n\tat org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)\n\tat org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)\n\tat org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)\n\tat org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)\n\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)\n\tat org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\n\tat org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111)\n\tat org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:336)\n\tat org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:281)\n\tat org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)\n\tat org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:203)\n\tat org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:50)\n\tat org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:57)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:575)\n\tat org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Thread.java:748)\n","app":"testclient","version":"1.0.0-SNAPSHOT"}
我不知道该怎么解决…
编辑1:更多信息:我在Windows上运行docker。
编辑2:一种解决方案
我的工作解决方案包含以下内容:
- 步骤,将密钥斗篷添加为主机
为了使一切正常,您需要确保将以下内容添加到您的主机文件中(在Mac / Linux中为/ etc / hosts,在Windows中为c:\
Windows \ System32 \ Drivers \ etc \ hosts)。127.0.0.1密钥斗篷
这是因为您将使用计算机上的浏览器(名称为localhost或127.0.0.1)访问应用程序,但是在Docker内部它将在自己的容器(名称为keycloak)中运行。
- 步
内部Docker端口和发布的端口必须相同:
services:
mysql:
image: mysql:5.7
container_name: mysql
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
networks:
- testNetwork
keycloak:
image: jboss/keycloak
container_name: keycloak
restart: on-failure
volumes:
- ./config:/config/
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: xxx
KEYCLOAK_PASSWORD: yyy
KEYCLOAK_IMPORT_REALM: /keycloak/import/realm-import.json
ports:
- 8080:8080 <--- edited
depends_on:
- mysql
networks:
- testNetwork
步骤3:在application.yml中为Spring Boot编辑的auth-server-url中的密钥库定义:
keycloak:
realm: SpringBootKeycloak
auth-server-url: http://keycloak:8080/auth <--- edited
resource: testclient
public-client: true
security-constraints:
- authRoles:
- user
securityCollections:
- patterns:
- /*
ssl-required: external
confidential-port: 0
该解决方案带来的丑陋之处:您无法将Docker
Port映射到另一个端口以从url访问。端口:-8080:8080我花了大量时间测试其他组合,结果访问URL端口必须与内部docker端口相同(在我的情况下为8080)。
编辑4:
同样的事情正在与Thorntail合作。
要更改Keycloak的端口,请添加…
environment:
JAVA_OPTS: "-Djboss.socket.binding.port-offset=10 -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
-Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true"
…用于docker-compose中的密钥斗篷。-Djboss.socket.binding.port-offset =
10设置默认端口(8080)+偏移量(10),其余均为密钥斗篷的默认值。不要忘记编辑“端口”和“ auth-server-url”
java – Docker(Spring Boot或Thorntail)和Keycloak
我在Docker容器中运行Spring Boot和Keycloak时出现问题.
我开始使用Keycloak和MysqL作为db在docker中运行.
services:
MysqL:
image: MysqL:5.7
container_name: MysqL
volumes:
- MysqL_data:/var/lib/MysqL
environment:
MysqL_ROOT_PASSWORD: root
MysqL_DATABASE: keycloak
MysqL_USER: keycloak
MysqL_PASSWORD: password
networks:
- testNetwork
keycloak:
image: jboss/keycloak
container_name: keycloak
restart: on-failure
volumes:
- ./config:/config/
environment:
DB_vendOR: MysqL
DB_ADDR: MysqL
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: xxx
KEYCLOAK_PASSWORD: yyy
KEYCLOAK_IMPORT_REALM: /keycloak/import/realm-import.json
ports:
- 8180:8080
depends_on:
- MysqL
networks:
- testNetwork
然后我添加了我的领域(SpringBootKeycloak),我的客户端(testclient)和一个角色为’user’的用户.
之后,我在Spring-boot-application中添加了spring-security.并编辑了我的application.yml
spring:
main:
banner-mode: 'off'
application:
name: testclient
version: @project.version@
jpa:
hibernate:
ddl-auto: create
datasource:
url: jdbc:h2:mem:testclient;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
username: xxx
password: xxx
keycloak:
auth-server-url: http://localhost:8180/auth
realm: SpringBootKeycloak
resource: testclient
public-client: true
principal-attribute: preferred_username
security-constraints:
- authRoles:
- user
securityCollections:
- patterns:
- /*
server:
port: ${port:8090}
rest:
path: testclient
因为我添加了我的SecurityConfig:
/**
* Secure appropriate endpoints
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/*").hasRole("user") // only user with role user are allowed to access
.anyRequest().permitAll();
}
在本地运行我的SpringBoot-Application工作正常.
我必须使用keycloak登录并重定向到localhost:8090.
但是当我将我的SpringBoot-Application添加到我的docker-compose并在容器中启动时,我仍然可以使用keycloak进行登录,但是当我应该重定向时,我得到403.
testclient:
image: testclient
container_name: testclient
environment:
JAVA_OPTS: "-agentlib:jdwp=transport=dt_socket,address=5005,server=y,suspend=n"
build:
context: testclient-application
ports:
- 8090:8090
- 5006:5005
networks:
- testNetwork
使用以下容器日志:
{"@timestamp":"2018-08-16T11:50:11.530+00:00","@version":"1","message":"Failed to turn code into token","logger_name":"org.keycloak.adapters.OAuthRequestAuthenticator","thread_name":"http-nio-8090-exec-6","level":"ERROR","level_value":40000,"stack_trace":"java.net.ConnectException: Connection refused (Connection refused)\n\tat java.net.PlainSocketImpl.socketConnect(Native Method)\n\tat java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)\n\tat java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)\n\tat java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)\n\tat java.net.socksSocketImpl.connect(SocksSocketImpl.java:392)\n\tat java.net.socket.connect(Socket.java:589)\n\tat org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)\n\tat org.apache.http.impl.conn.DefaultClientConnectionoperator.openConnection(DefaultClientConnectionoperator.java:180)\n\tat org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)\n\tat org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)\n\tat org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)\n\tat org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)\n\tat org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\n\tat org.keycloak.adapters.ServerRequest.invokeAccessCodetoToken(ServerRequest.java:111)\n\tat org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:336)\n\tat org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:281)\n\tat org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139)\n\tat org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:203)\n\tat org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:50)\n\tat org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:57)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:575)\n\tat org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)\n\tat org.apache.tomcat.util.net.socketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Thread.java:748)\n","app":"testclient","version":"1.0.0-SNAPSHOT"}
我无法弄清楚如何解决这个问题……
编辑1:
还有一个信息:我在Windows上运行docker.
编辑2:解决方案
我的工作解决方案包含以
>步骤,添加keycloak作为主机
To make things work, you’ll need to make sure to add the following to your hosts file (/etc/hosts on Mac/Linux, c:\Windows\System32\Drivers\etc\hosts on Windows).
127.0.0.1 keycloak
This is because you will access your application with a browser on your machine (which name is localhost, or 127.0.0.1), but inside Docker it will run in its own container, which name is keycloak.
>一步
内部Docker端口和发布端口需要相同:
services:
MysqL:
image: MysqL:5.7
container_name: MysqL
volumes:
- MysqL_data:/var/lib/MysqL
environment:
MysqL_ROOT_PASSWORD: root
MysqL_DATABASE: keycloak
MysqL_USER: keycloak
MysqL_PASSWORD: password
networks:
- testNetwork
keycloak:
image: jboss/keycloak
container_name: keycloak
restart: on-failure
volumes:
- ./config:/config/
environment:
DB_vendOR: MysqL
DB_ADDR: MysqL
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: xxx
KEYCLOAK_PASSWORD: yyy
KEYCLOAK_IMPORT_REALM: /keycloak/import/realm-import.json
ports:
- 8080:8080 <--- edited
depends_on:
- MysqL
networks:
- testNetwork
第3步:application.yml中的keycloak定义,用于Spring启动编辑的auth-server-url:
keycloak:
realm: SpringBootKeycloak
auth-server-url: http://keycloak:8080/auth <--- edited
resource: testclient
public-client: true
security-constraints:
- authRoles:
- user
securityCollections:
- patterns:
- /*
ssl-required: external
confidential-port: 0
这个解决方案带来了丑陋的事情:
您无法将Docker端口映射到另一个端口以从URL访问.
端口:
– 8080:8080
我花了很多时间测试其他组合,结果是访问URL端口必须与内部docker端口相同(在我的情况下为8080).
编辑4:
同样的事情是与thorntail合作.
要更改Keycloak添加的端口…
environment:
JAVA_OPTS: "-Djboss.socket.binding.port-offset=10 -xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
-Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true"
…对于docker-compose中的keycloak.
-Djboss.socket.binding.port-offset = 10设置默认端口(8080)偏移量(10)
其余是keycloak的默认值.
别忘了编辑“ports”和“auth-server-url”
解决方法:
我认为您的问题是auth-server-url:http:// localhost:8180 / auth.当您的应用程序在docker容器中运行时,localhost实际上具有不同的含义.
在容器内部,它需要是容器的名称,即keycloak.这有点尴尬,因为当您从主机连接到keycloak时,您想要使用localhost,但令牌发行者url需要匹配请求令牌的URL(否则令牌被拒绝),所以你最终必须将keycloak放入etc / hosts文件中.
你和这个问题很好 – 我遇到了这个working with Activiti.你可以找到JHipster project dealing with it in the same way – 他们说:
To make things work, you’ll need to make sure to add the following to your hosts file (
/etc/hostson Mac/Linux,c:\Windows\System32\Drivers\etc\hostson Windows).
127.0.0.1 keycloakThis is because you will access your application with a browser on your machine (which name is
localhost, or127.0.0.1), but inside Docker it will run in its own container, which name iskeycloak.
java – Spring Boot – KeyCloak指向403禁止
我是Keycloak的新手,我正在使用官方教程项目
https://github.com/sebastienblanc/spring-boot-keycloak-tutorial
为了与Springboot应用程序集成,我已经成功设置了KeyCloak服务器,并且Spring引导应用程序也指向我在KeyCloak上创建的Realm上创建的客户端应用程序,之后提供了它指向禁止页面的正确凭据.
@Controller
class ProductController {
@GetMapping(path = "/products")
public String getProducts(Model model){
model.addAttribute("products",Arrays.asList("iPad","iPhone","iPod"));
return "products";
}
@GetMapping(path = "/logout")
public String logout(HttpServletRequest request) throws servletexception {
request.logout();
return "/";
}
}
Application.properties文件
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.realm=springdemo
keycloak.resource=product-app
keycloak.public-client=true
keycloak.security-constraints[0].authRoles[0]=testuser
keycloak.security-
constraints[0].securityCollections[0].patterns[0]=/products/*
server.port=8081
我没有从KeyCloak控制台或spring嵌入式tomcat控制台收到任何错误消息.
Check the tomcat console here – no error
谢谢.
最佳答案
我觉得你有一个错字
keycloak.security-constraints [0] .authRoles [0] = testuser,你应该在这里指定角色而不是用户.
如果您按照博客说明进行操作,则应该是:
keycloak.security约束[0] .authRoles [0] =用户
keycloak.security-constraints [0] .authRoles [0] = testuser,你应该在这里指定角色而不是用户.
如果您按照博客说明进行操作,则应该是:
keycloak.security约束[0] .authRoles [0] =用户
今天的关于带有Spring Boot 2的Keycloak 4.0.0 Beta 2和spring boot actuator v2的分享已经结束,谢谢您的关注,如果想了解更多关于ASP.NET Core的Keycloak客户端、Docker(Spring Boot或Thorntail)和Keycloak、java – Docker(Spring Boot或Thorntail)和Keycloak、java – Spring Boot – KeyCloak指向403禁止的相关知识,请在本站进行查询。
本文标签:
