spring boot Key斗篷版本4.0.0 final落后于haproxy

bmp9r5qi  于 2021-07-23  发布在  Java
关注(0)|答案(3)|浏览(339)

我有一个问题,与 Spring 启动应用程序验证使用key斗篷,我有这个应用程序背后的haproxy坐,并试图完全禁用cors的 Spring 应用程序和管理这方面的代理,但我仍然有问题cors它没有http ok状态“
注意:由于最初的应用程序使用的是spring boot版本1.5.10,所以我使用的是旧版本的spring boot Key斗篷插件。请参阅附件中我探索的一些配置选项:
案例1:在spring应用程序上禁用cors

zbwhf8kr

zbwhf8kr1#


此安装程序返回http status ok not PREFENT on response PREFLIGH标头

@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;

public SecurityWithoutCsrfConfig() {
    super();
}

// Submits the KeycloakAuthenticationProvider to the AuthenticationManager
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
    auth.authenticationProvider(keycloakAuthenticationProvider);
}

@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
    return new KeycloakSpringBootConfigResolver();
}

// Specifies the session authentication strategy
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}

@Override
public void configure(final WebSecurity web) throws Exception {

    web.ignoring().antMatchers("/resources/**",
            "/v2/api-docs",
            "/swagger-ui.html",
            "/swagger2-ui.html",
            "/springfox/**",
            "/v2/swagger.json",
            "/_twilio/**",
            "/webjars/**",
            "/configuration/**",
            "/swagger-resources/**");
}

@Override
protected void configure(final HttpSecurity http) throws Exception {

    super.configure(http);

            http.csrf().disable()
            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .antMatchers("/mypath/**").hasAnyRole("USER")
            .antMatchers("/mypath_admin/**").hasAnyRole("USER_ADMIN", "ADMIN")      
                    .anyRequest().fullyAuthenticated()
                    .and().httpBasic().and().cors().disable();
    http.headers().cacheControl();
}

第二种情况:在spring应用程序端设置标题

ygya80vv

ygya80vv2#


证券配置

@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;

public SecurityWithoutCsrfConfig() {
    super();
}

// Submits the KeycloakAuthenticationProvider to the AuthenticationManager
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
    auth.authenticationProvider(keycloakAuthenticationProvider);
}

@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
    return new KeycloakSpringBootConfigResolver();
}

// Specifies the session authentication strategy
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}

@Override
public void configure(final WebSecurity web) throws Exception {

    web.ignoring().antMatchers("/resources/**",
            "/v2/api-docs",
            "/swagger-ui.html",
            "/swagger2-ui.html",
            "/springfox/**",
            "/v2/swagger.json",
            "/_twilio/**",
            "/webjars/**",
            "/configuration/**",
            "/swagger-resources/**");
}

@Override
protected void configure(final HttpSecurity http) throws Exception {

    super.configure(http);

    http.csrf().disable()
     .authorizeRequests()
     .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
     .antMatchers("/mypath/**").hasAnyRole("USER")
     .antMatchers("/mypath_admin/**").hasAnyRole("USER_ADMIN", "ADMIN")  
     .anyRequest().fullyAuthenticated()
     .and().httpBasic();

    http.headers().cacheControl();
}

网络配置

public class WebConfig extends WebMvcConfigurerAdapter {

/**
 * Adds Cross Origin Resource Sharing filter
 * @return CorsFilter
 */
@Bean
public CorsFilter corsFilter() {

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration();
    config.setAllowCredentials(true);
    config.addAllowedOrigin("*");
    config.addAllowedHeader("*");
    config.addAllowedMethod("GET");
    config.addAllowedMethod("PUT");
    config.addAllowedMethod("POST");
    config.addAllowedMethod("OPTIONS");
    config.addAllowedMethod("DELETE");
    config.addAllowedMethod("PATCH");
    source.registerCorsConfiguration("/**", config);
    return new CorsFilter(source);
}

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("swagger-ui.html")
            .addResourceLocations("classpath:/META-INF/resources/");

    registry.addResourceHandler("/webjars/**")
            .addResourceLocations("classpath:/META-INF/resources/webjars/");
}

对于第2种情况,我遇到了允许的源标题的问题。我的haproxy配置是标准设置,你可以在任何官方haproxy网站上找到。如有任何解决方案或建议,我们将不胜感激。。。最好是飞行前响应的http状态的解决方案。

nwo49xxi

nwo49xxi3#

为了调试这种情况,我在securityconfig类中的configure方法中添加了一个记录器,因为我怀疑这就是请求被破坏的地方

LOG.info("  --executing: configure(HttpSecurity)");

事实上,我在这个类中有一个记录器,这意味着更多的配置细节将被打印到应用程序的输出中,所以我构建了jar,将其复制到服务器并运行我的jar文件。当我重新加载最初给我cors错误的请求时(http ok status not present on pre-flight),日志打印出一个ssl握手异常,这告诉我在我的应用程序配置的某个地方,它被设置为只期望通过https或安全端口的连接。但事实并非如此,我使用的是haproxy暴露在一个安全端口上,将连接转发到jar监听的端口(8080)。所以我仔细检查了整个应用程序的所有安全配置,在我的应用程序属性中,我发现我的设置错误

keycloak.ssl-required=all

所以我删除了这个设置,部署了应用程序,瞧,问题避免了。希望这能对任何有类似问题的人有所帮助。

相关问题