使用KeyClope的spring引导安全性不适用于graphql

7fhtutme  于 2021-10-10  发布在  Java
关注(0)|答案(0)|浏览(260)

为冗长的帖子道歉。我有一个包含rest和GraphQLAPI的spring启动应用程序。另外,我使用的是keydape身份验证服务器。我想为这两个API添加keydape身份验证。设置如下
依赖关系
我已经添加了文档中提到的以下依赖项。

<dependencies>
    <dependency>
        <groupId>org.keycloak</groupId>
        <artifactId>keycloak-spring-boot-starter</artifactId>
    </dependency>
    <dependency>
        <groupId>org.keycloak</groupId>
        <artifactId>keycloak-spring-security-adapter</artifactId>
        <version>13.0.1</version>
    </dependency>
    //-- other dependencies
</dependencies>

<dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.keycloak.bom</groupId>
                <artifactId>keycloak-adapter-bom</artifactId>
                <version>13.0.1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
</dependencyManagement>

此外,我还使用以下依赖项来支持Spring Security 和expediagroup graphql kotlin。

<dependency>
    <groupId>com.expediagroup</groupId>
    <artifactId>graphql-kotlin-spring-server</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

安全配置

import org.keycloak.adapters.KeycloakConfigResolver
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver
import org.keycloak.adapters.springsecurity.KeycloakConfiguration
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents
import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory
import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.beans.factory.config.ConfigurableBeanFactory
import org.springframework.context.annotation.*
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

@KeycloakConfiguration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@ComponentScan(basePackageClasses = [KeycloakSecurityComponents::class])
class KeycloakSecurityConfig: KeycloakWebSecurityConfigurerAdapter() {

    @Autowired
    var keycloakClientRequestFactory: KeycloakClientRequestFactory? = null

    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        super.configure(http)
        http.csrf().disable().cors().disable()
                .authorizeRequests()
                .anyRequest()
                .permitAll()
    }

    @Autowired
    @Throws(Exception::class)
    fun configureGlobal(auth: AuthenticationManagerBuilder) {
        val keycloakAuthenticationProvider = keycloakAuthenticationProvider()
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(SimpleAuthorityMapper())
        auth.authenticationProvider(keycloakAuthenticationProvider)
    }

    @Bean
    override fun sessionAuthenticationStrategy(): SessionAuthenticationStrategy? {
        return RegisterSessionAuthenticationStrategy(SessionRegistryImpl())
    }

    @Bean
    fun KeycloakConfigResolver(): KeycloakConfigResolver? {
        return KeycloakSpringBootConfigResolver()
    }

    @Bean
    @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
    fun keycloakRestTemplate(): KeycloakRestTemplate? {
        return KeycloakRestTemplate(keycloakClientRequestFactory)
    }
}

端点
这些是我的示例rest和graphql端点。
图形ql

import com.expediagroup.graphql.spring.operations.Query
import org.springframework.stereotype.Component
import reactor.core.publisher.Mono
import java.util.concurrent.CompletableFuture

@Component
class HelloQuery: Query {

    fun helloWorld():CompletableFuture<String>{
        return Mono.just("hello from graphql").toFuture()
    }

}

休息控制器

import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.ResponseBody

@Controller
class HelloController {

    @GetMapping("/hello")
    @ResponseBody
    fun hello(): String {
        return "hello from rest"
    }

}

结果
当我运行应用程序并测试API时,会得到以下结果。
RESTAPI-工作成功

graphql-404错误

但当我删除所有安全配置时,GraphQLAPI也能成功工作。

我的问题是我能否将graphql与KeyClope Spring Security 结合使用。如果是,我做错了什么?感谢您的帮助。

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题