Spring Security Sping Boot 将其主机名替换为docker容器id

lc8prwob  于 11个月前  发布在  Spring
关注(0)|答案(1)|浏览(140)

我用Security with Keycloak设置了一个简单的Sping Boot 应用程序,该应用程序作为一个服务与Eureka 、网关API等一起运行。所有这些都是dockerized的。我创建了一个端点,它返回一个String,并由SecurityFilterChain保护:

@Bean
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .oauth2Client(Customizer.withDefaults())
                .oauth2Login(Customizer.withDefaults());
        httpSecurity
                .sessionManagement(Customizer.withDefaults());
        httpSecurity
                .authorizeHttpRequests(Customizer.withDefaults())
                .authorizeHttpRequests(authorize -> {
                    authorize
                            .requestMatchers("/keycloak-test", "/tournament/keycloak-test").fullyAuthenticated()
                            .anyRequest().permitAll();
                });
        return httpSecurity.build();
    }

字符串
终点:

@GetMapping("/keycloak-test")
    public ResponseEntity<String> test() {
        return ResponseEntity.ok("Hello World");
    }


当我试图访问这个端点时,我希望重定向到登录表单或keycloak本身,但问题是我被重定向到containerId:port:http://6e375582a097:8201/oauth2/authorization/keycloak-provider,因此出现“Server Not Found”错误。
My application.yml:

eureka:
  client:
    service-url:
      defaultZone: http://172.18.0.1:8762/eureka
server:
  port: 8201
  error:
    include-message: always
spring:
  datasource:
    url: jdbc:postgresql://172.18.0.1:5501/tournament
    username: username
    password: ${DB_STG_PASSWORD}
    driver-class-name: org.postgresql.Driver
    hikari:
      connection-timeout: 10000
      maximum-pool-size: 10
      idle-timeout: 5000
      max-lifetime: 1000
      auto-commit: true
  flyway:
    locations: classpath:db/migration
    enabled: true
  jpa:
    show-sql: true
    properties:
      hibernate:
        dialect: org.hibernate.dialect.PostgreSQLDialect
  security:
    oauth2:
      client:
        provider:
          keycloak-provider:
            issuer-uri: https://keycloak.example.com/realms/keycloak-realm
        registration:
          aimcup:
            provider: keycloak-provider
            client-name: keycloak-provider
            client-id: keycloak-provider
            client-secret: 
            scope: profile,openid,offline_access
            redirect-uri: https://example.com/keycloak-test


我想提一下,我也在使用nginx代理管理器。
我试着查看所有的过滤器并检查重定向URI何时被确定,但没有一个能吸引我的眼球。将application.yml中的server.address属性设置为我的example.com也不起作用。
是因为Eureka 有一个容器ID而不是它的IP地址吗?
提前感谢您的任何帮助!

qyuhtwio

qyuhtwio1#

对于Sping Boot 3,将forward-headers-strategy设置为native,它将按预期工作:
server.forward-headers-strategy: native

相关问题