我正在尝试使用spring Boot 和keycloak来运行一些简单的应用程序。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.example</groupId>
<artifactId>testOfKeyCloack</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>15</maven.compiler.source>
<maven.compiler.target>15</maven.compiler.target>
<springboot.plugin.version>2.1.4.RELEASE</springboot.plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.plugin.version}</version>
</plugin>
</plugins>
</build>
</project>这是我的应用程序.yml,其中keycloak监听本地主机上的端口8080。
server:
port: "80"
spring:
application.name: ${APPLICATION_NAME:spring-security-keycloak-oauth}
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://localhost:8080/realms/webReport
registration:
keycloak:
client-id: testK有效的重新导向URI:地址:
对于测试,我使用控制器:
@RestController
@RequestMapping("/api")
public class SampleController {
@GetMapping("/anonymous")
public String getAnonymousInfo() {
return "Anonymous";
}
@GetMapping("/user")
@PreAuthorize("hasRole('USER')")
public String getUserInfo() {
return "user info";
}
@GetMapping("/admin")
@PreAuthorize("hasRole('ADMIN')")
public String getAdminInfo() {
return "admin info";
}
@GetMapping("/service")
@PreAuthorize("hasRole('SERVICE')")
public String getServiceInfo() {
return "service info";
}
@GetMapping("/me")
public Object getMe() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return authentication.getName();
}
}这是我的Web安全配置
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests -> authorizeRequests
.antMatchers("/api/anonymous/**").permitAll()
.anyRequest().authenticated())
.oauth2Login(oauth2Login -> oauth2Login
.userInfoEndpoint(userInfoEndpoint -> userInfoEndpoint
.oidcUserService(this.oidcUserService())
)
);
}
@Bean
public OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
final OidcUserService delegate = new OidcUserService();
return (userRequest) -> {
OidcUser oidcUser = delegate.loadUser(userRequest);
final Map<String, Object> claims = oidcUser.getClaims();
final JSONArray groups = (JSONArray) claims.get("groups");
final Set<GrantedAuthority> mappedAuthorities = groups.stream()
.map(role -> new SimpleGrantedAuthority(("ROLE_" + role)))
.collect(Collectors.toSet());
return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
};
}
}但当我试着去举例时:“http://localhost:80/api/admin”我收到一个错误:“无效参数:redirect_uri”控制台输出:“获取http://本地主机:8080/领域/Web报告/协议/开放ID连接/身份验证?响应类型=代码&客户端ID=我的Web报告&状态=***重定向URI=http://本地主机/登录/oauth2/代码/密钥伪装400(错误的请求)”
从其他线程的建议没有帮助,所以我只是不知道,该怎么办。
1条答案
按热度按时间1hdlvixo1#
您是说您将客户端的重定向URI设置为
http://localhost:80/*。然后你提出了这个要求:
GET http://localhost:8080/realms/webReport/protocol/openid-connect/auth?response_type=code&client_id=my_webreport&state=***redirect_uri=http://localhost:8084/login/oauth2/code/keycloak.http://localhost:8084/login/oauth2/code/keycloak与http://localhost:80/*不匹配,端口需要与您请求的实际端口匹配。