我必须使用通过Keycloak保护的应用程序的REST API,它充当OAUTH2-Provider的Broker。
为此目的,我使用OAuth2RestTemplate和ResourceOwnerPasswordDetails。 我可以毫无问题地从第三方提供商处获取访问令牌,但是我如何进一步使用它,这是个问题。在标题中使用它作为承载者并没有帮助。
有什么建议吗?
OAuthConfig.java
@Bean
public ResourceOwnerPasswordResourceDetails resource(){
ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setClientAuthenticationScheme(AuthenticationScheme.form);
resource.setAccessTokenUri(env.getProperty("access.token.uri"));
resource.setClientId(env.getProperty("access.client.id"));
resource.setGrantType("password");
resource.setClientSecret(env.getProperty("access.client.secret"));
resource.setUsername(env.getProperty("access.client.username"));
resource.setPassword(env.getProperty("access.client.password"));
resource.setScope(Arrays.asList(env.getProperty("access.client.scope")));
return resource;
}
获取访问令牌的服务
@Autowired
private OAuthConfig authConfig;
@Override
public OAuth2AccessToken getAccessToken(){
ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();
OAuth2AccessToken accessToken = provider.obtainAccessToken(authConfig.resource(), new DefaultAccessTokenRequest());
return accessToken;
}
OAuth2RestTemplate
@Autowired private ProdAuthService authService;
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(authConfig.resource(), new DefaultOAuth2ClientContext(authService.getAccessToken()));
restTemplate.setRequestFactory(requestFactory);
restTemplate.getMessageConverters().add(new MappingJackson2HttpMessageConverter());
restTemplate.getMessageConverters().add(new StringHttpMessageConverter());
HttpHeaders header = new HttpHeaders();
header.setContentType(MediaType.APPLICATION_JSON);
header.set("Authorization", "Bearer " + authService.getAccessToken());
HttpEntity<String> request = new HttpEntity<String>(header);
ResponseEntity <ProcessInstanceLogWrapper> response = restTemplate.exchange(uri, HttpMethod.GET, request, new ParameterizedTypeReference<ProcessInstanceLogWrapper>(){});
ProcessInstanceLogWrapper json = response.getBody();
我得到的错误
Caused by: org.springframework.security.oauth2.client.http.AccessTokenRequiredException: OAuth2 access denied.
在Keycloak中我们也使用了Authorizaion URL,但似乎无法将它与ResourceOwnerPasswordResourceDetails一起使用。根据我的观点,它也可能是这样,它不起作用。
答案 0 :(得分:1)
RestTemplate创建:
protected RestKeyCloakClient()
{
MultiValueMap<String, String> header = new LinkedMultiValueMap<String, String>();
OAuth2RestTemplate client;
DefaultAccessTokenRequest accessTokenRequest = new DefaultAccessTokenRequest();
DefaultOAuth2ClientContext context = new DefaultOAuth2ClientContext(accessTokenRequest);
OAuth2AccessTokenSupport support = new OAuth2AccessTokenSupport()
{
};
List<HttpMessageConverter<?>> messageConverters = new ArrayList<HttpMessageConverter<?>>();
messageConverters.add(new FormOAuth2AccessTokenMessageConverter());
messageConverters.add(new FormOAuth2ExceptionHttpMessageConverter());
MappingJackson2HttpMessageConverter jackson = new MappingJackson2HttpMessageConverter();
List<MediaType> mediaTypes = new ArrayList<MediaType>();
mediaTypes.add(new MediaType("application", "x-www-form-urlencoded"));
jackson.setSupportedMediaTypes(mediaTypes);
messageConverters.add(jackson);
support.setMessageConverters(messageConverters);
client = new OAuth2RestTemplate(getAuthDetails(null, null), context);
client.setErrorHandler(errorHandler);
client.setRequestFactory(factory);
token = client.getAccessToken();
}
ResourceOwnerPasswordResourceDetails:
private ResourceOwnerPasswordResourceDetails getAuthDetails(String userName, String userPwd)
{
TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager()
{
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
}};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
ResourceOwnerPasswordResourceDetails authDetails = new ResourceOwnerPasswordResourceDetails();
authDetails.setAccessTokenUri(LoggerAndReader.getInstance().getoAuth2tokenRequestUrl());
authDetails.setClientId(LoggerAndReader.getInstance().getoAuth2ClientId());
authDetails.setClientSecret(LoggerAndReader.getInstance().getoAuth2SecretToken());
authDetails.setGrantType(LoggerAndReader.getInstance().getOauth2granttype());
if (StringUtils.isNotBlank(userName) && StringUtils.isNotBlank(userPwd)) {
authDetails.setUsername(userName);
authDetails.setPassword(userPwd);
} else {
authDetails.setUsername(LoggerAndReader.getInstance().getOauth2UserName());
authDetails.setPassword(LoggerAndReader.getInstance().getOauth2password());
}
// authDetails.setScope(Arrays.asList(new String[] {"cn mail sn givenname uid employeeNumber"}));
return authDetails;
}
执行和进一步使用:
public ResponseEntity<String> execute(String url, HttpMethod httpMethod, Object o)
{
HttpEntity request = new HttpEntity(o, this.header);
ResponseEntity<String> resp = null;
this.header.set("Authorization", token.getTokenType() + " " + token.getValue());
try {
resp = this.client.exchange(url, httpMethod, request, String.class);
} catch (Exception e) {
String str = getStackTrace(e);
if (StringUtils.containsIgnoreCase(str, "SocketTimeoutException")) {
throw new KeycloakHTTPClientSocketException(
"Got a SocketTimeoutException for URL:" + url + ", HTTPMethod:" + httpMethod);
} else
throw new Exception(...);
}
return resp;
}
要添加更多标题,您需要添加它们:
public void setThisHeaderValue(String key, String value)
{
this.header.add(key, value);
}