Keycloak Spring启动错误:令牌类型不正确。期待'持票人'但是'身份'

时间:2017-10-12 12:24:28

标签: spring-boot single-sign-on keycloak



我尝试使用here中的示例实现Keycloak。 在Node.js上它没问题,但我有一个Java Spring启动问题。登录后(在前端)Keycloak返回令牌。在将该令牌发送到后端(Spring引导)之后,我收到错误“令牌类型不正确。预期'承载'但是'ID'”。 解码令牌后,我看到“typ”中有“ID”,但可能应该是“bearer”。

你知道如何解决这个问题吗? 所有信息如下:

Application.java

package bootwildfly;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

@RestController
class ProductController {

    @RequestMapping( "/hello")
    public String getProducts(){
        return ("Hello, SpringBoot on Wildfly");
    }

    @RequestMapping(path = "/logout")
    public String logout(HttpServletRequest request) throws ServletException {
        request.logout();
        return "/";
    }
}

application.properties

keycloak.realm = Openshift-radionica
keycloak.bearer-only = true
keycloak.auth-server-url = http://keycloak-sso.***.***/auth
keycloak.ssl-required = external
keycloak.resource = client-backend
server.port=8080

keycloak.securityConstraints[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /hello/*

的pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>product-app</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>product-app</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <keycloak.version>3.1.0.Final</keycloak.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.keycloak.bom</groupId>
                <artifactId>keycloak-adapter-bom</artifactId>
                <version>3.3.0.CR2</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

错误:

2017-10-12 11:08:18.119 ERROR 1 --- [nio-8080-exec-9] o.k.a.BearerTokenRequestAuthenticator    : Failed to verify token
org.keycloak.common.VerificationException: Token type is incorrect. Expected 'Bearer' but was 'ID'
    at org.keycloak.TokenVerifier$TokenTypeCheck.test(TokenVerifier.java:129) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.TokenVerifier.verify(TokenVerifier.java:371) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.RSATokenVerifier.verify(RSATokenVerifier.java:89) ~[keycloak-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:56) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) ~[keycloak-adapter-core-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:206) ~[spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:47) [spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:54) [spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:560) [tomcat-embed-core-8.5.14.jar!/:8.5.14]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:185) ~[spring-boot-container-bundle-3.3.0.CR2.jar!/:3.3.0.CR2]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.14.jar!/:8.5.14]

1 个答案:

答案 0 :(得分:1)

在客户端(前端)我使用VueJS VueJS Keycloak。我有同样的问题。通过更改src / components / security / header.js

解决了这个问题
import store from '../../store'
export default () => {
   var keycloakAuth = store.getters.SECURITY_AUTH
   return { 'Authorization': 'Bearer ' + keycloakAuth.idToken }
}

从keycloakAuth.idToken到keycloakAuth.token并修复了问题。