spring引导服务身份验证不使用prop config,但使用java config
我们有一个SpringBoot应用程序,它是后端应用程序,还有一个RESTAPI,它使用SpringBoot2.0.4。我们通过KeyClope和版本-4.0.0增加了安全性。最终的最初,我使用java配置进行KeyClope身份验证设置,如下所示
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
private static final String[] AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/actuator",
"/actuator/**",
"/api-docs",
"/api/**",
"/webjars/**"
// other public endpoints of your API may be appended to this array
};
@Autowired
public KeycloakClientRequestFactory keycloakClientRequestFactory;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable().anonymous().disable()
.authorizeRequests()
.antMatchers(AUTH_WHITELIST).permitAll()
.and()
.authorizeRequests()
.antMatchers("/*").hasRole("SERVICE")
.and()
.authorizeRequests()
.anyRequest().permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(AUTH_WHITELIST);
}
@Bean
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public KeycloakRestTemplate keycloakRestTemplate() {
return new KeycloakRestTemplate(keycloakClientRequestFactory);
}
}
和应用。属性具有以下设置
keycloak.auth-server-url=http://localhost:8081/auth
keycloak.realm=realmName
keycloak.resource=masterdata
keycloak.bearer-only=true
keycloak.cors=true
keycloak.enabled=true
keycloak.ssl-required = external
keycloak.use-resource-role-mappings = true
上面的代码工作正常,its正在授权具有承载令牌的传入请求,上面的代码正在成功验证令牌是否具有角色服务
但我们希望有更灵活的conifg,所以我们试图摆脱java配置,并在应用程序中配置它。属性使用下面的代码
keycloak.securityConstraints[0].authRoles[0]=SERVICE
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/*
现在我得到了未经授权的代码。 如果需要,我可以添加日志。有谁能帮我看看appProp配置在哪里出了问题
共 (0) 个答案