我用Security with Keycloak设置了一个简单的Sping Boot 应用程序,该应用程序作为一个服务与Eureka 、网关API等一起运行。所有这些都是dockerized的。我创建了一个端点,它返回一个String,并由SecurityFilterChain保护:
@Bean
public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.oauth2Client(Customizer.withDefaults())
.oauth2Login(Customizer.withDefaults());
httpSecurity
.sessionManagement(Customizer.withDefaults());
httpSecurity
.authorizeHttpRequests(Customizer.withDefaults())
.authorizeHttpRequests(authorize -> {
authorize
.requestMatchers("/keycloak-test", "/tournament/keycloak-test").fullyAuthenticated()
.anyRequest().permitAll();
});
return httpSecurity.build();
}
字符串
终点:
@GetMapping("/keycloak-test")
public ResponseEntity<String> test() {
return ResponseEntity.ok("Hello World");
}
型
当我试图访问这个端点时,我希望重定向到登录表单或keycloak本身,但问题是我被重定向到containerId:port:http://6e375582a097:8201/oauth2/authorization/keycloak-provider
,因此出现“Server Not Found”错误。
My application.yml:
eureka:
client:
service-url:
defaultZone: http://172.18.0.1:8762/eureka
server:
port: 8201
error:
include-message: always
spring:
datasource:
url: jdbc:postgresql://172.18.0.1:5501/tournament
username: username
password: ${DB_STG_PASSWORD}
driver-class-name: org.postgresql.Driver
hikari:
connection-timeout: 10000
maximum-pool-size: 10
idle-timeout: 5000
max-lifetime: 1000
auto-commit: true
flyway:
locations: classpath:db/migration
enabled: true
jpa:
show-sql: true
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
security:
oauth2:
client:
provider:
keycloak-provider:
issuer-uri: https://keycloak.example.com/realms/keycloak-realm
registration:
aimcup:
provider: keycloak-provider
client-name: keycloak-provider
client-id: keycloak-provider
client-secret:
scope: profile,openid,offline_access
redirect-uri: https://example.com/keycloak-test
型
我想提一下,我也在使用nginx代理管理器。
我试着查看所有的过滤器并检查重定向URI何时被确定,但没有一个能吸引我的眼球。将application.yml
中的server.address
属性设置为我的example.com
也不起作用。
是因为Eureka 有一个容器ID而不是它的IP地址吗?
提前感谢您的任何帮助!
1条答案
按热度按时间qyuhtwio1#
对于Sping Boot 3,将
forward-headers-strategy
设置为native
,它将按预期工作:server.forward-headers-strategy: native
个