我正在尝试让Keycloak工作。我可以让登录流程工作,但不能让注销工作。更直接的是,我正在尝试添加一个/login路由,它可以到达任何登录。如果permitAll()无效,我会认为它会触发语法错误,但不知何故,它创建了一个8英里长的安全链,并在该链中的几个随机英寸处阻止permitAll()。
为了添加这个额外的/login url,我遵循了另一个人的Stackoverflow建议,允许一个额外的/login url
How change the default Spring Boot oauth urls (/login/oauth2/code and /oauth2/authorization)?
基本上,我修改了keycloakAuthenticationProcessingFilter中的RequestMatcher。我认为这是有效的,但是注解掉它可以消除错误。这似乎是违规的类:
package com.mycompany.myapplication.configurations;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.filter.AdapterStateCookieRequestMatcher;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.keycloak.adapters.springsecurity.filter.QueryParamPresenceRequestMatcher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
@Configuration
@Order(200)
public class GeneticistKeycloakAuthenticationProcessingFilter
extends KeycloakWebSecurityConfigurerAdapter {
@Bean
@Override
protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
final RequestMatcher customRequestMatcher =
new OrRequestMatcher(
new AntPathRequestMatcher(KeycloakAuthenticationEntryPoint.DEFAULT_LOGIN_URI),
new AntPathRequestMatcher("/login/**"),
new RequestHeaderRequestMatcher(KeycloakAuthenticationProcessingFilter.AUTHORIZATION_HEADER),
new QueryParamPresenceRequestMatcher(OAuth2Constants.ACCESS_TOKEN),
new AdapterStateCookieRequestMatcher()
);
return new KeycloakAuthenticationProcessingFilter(authenticationManagerBean(),customRequestMatcher);
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return null;
}
}有没有更简单的方法让Spring将URL作为另一种登录方式,然后按照正常的登录路径登录?
下面是堆栈跟踪的代码片段:
Caused by: java.lang.IllegalStateException: permitAll only works with HttpSecurity.authorizeRequests()
at org.springframework.util.Assert.state(Assert.java:76)
at org.springframework.security.config.annotation.web.configurers.PermitAllSupport.permitAll(PermitAllSupport.java:51)
at org.springframework.security.config.annotation.web.configurers.PermitAllSupport.permitAll(PermitAllSupport.java:41)
at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.init(LogoutConfigurer.java:277)
at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.init(LogoutConfigurer.java:69)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:338)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:300)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38)
at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:302)
at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:90)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:305)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:127)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 22 common frames omitted
1条答案
按热度按时间oprakyz71#
在
5.7.0之前,Spring Security在authorizeHttpRequests中不支持permitAll。如果您升级到Spring Security〉=
5.7.0或Sping Boot 〉=2.7.0,您应该能够在使用authorizeHttpRequests时添加permitAll()。This PR解决了该问题。