用于Spring Boot和swagger2的Https设置

时间:2019-01-17 12:39:28

标签: spring-boot ssl ssl-certificate keycloak keytool

我正在尝试从安全的摇摇欲坠的页面开始,将我的Sprint Boot应用程序与Keycloak集成在一起。

keytool帮助我生成了一个自签名密钥库

keytool -genkey -alias abcdef -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

我使用上面的方法为应用设置ssl 

server:
  port: "15700"
  ssl:
    enabled: true
    key-store: classpath:keystore.p12
    key-store-password: password
    key-alias: abcdef
    keyStoreType: PKCS12

没有密钥斗篷,摇摇欲坠的https可以正常工作。

我从他们的docker镜像开始如下所示的keycloak,导出http和https 

services:
  keycloak:
    image: jboss/keycloak
    environment:
      DB_VENDOR: POSTGRES
      DB_ADDR: my.ip.address
      DB_PORT: 5432
      DB_DATABASE: keycloak
      DB_USER: username
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: password
    ports:
      - 8443:8443
      - 8080:8080

我要求用户在要访问swagger文档时先登录,因此我按如下方式配置密钥斗篷:

keycloak:
   auth-server-url: "https://192.168.1.15:8443/auth"
   realm: "DemoRealm"
   public-client: true
   resource: demo-app
   security-constraints[0]:
     authRoles[0]: "user"
     securityCollections[0]:
       name: "Demo App"
       patterns[0]: "/swagger-ui.html"

现在,未登录的用户将直接进入keycloak登录页面,它的工作原理非常完美。但是成功登录后,当重定向回应用程序的大摇大摆页面时,出现以下错误:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

如果我将keycloak auth uri配置为http 

keycloak:
   auth-server-url: "http://192.168.1.15:8080/auth"
   realm: "DemoRealm"
   public-client: true
   resource: demo-app
   security-constraints[0]:
     authRoles[0]: "user"
     securityCollections[0]:
       name: "Demo App"
       patterns[0]: "/swagger-ui.html"

一切正常。

这是keycloak还是spring boot应用程序的配置问题?我错过了任何必要的步骤吗?

1 个答案:

答案 0 :(得分:0)

您可以尝试设置您的 Rest Template bean:

  1. 添加依赖:

     implementation 'org.apache.httpcomponents:httpclient:4.5'

  2. 提供 RestTemplate bean:

@Bean
private RestTemplate restTemplate() {
        SSLContext sslContext = buildSslContext();
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);

        HttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(socketFactory)
                .build();

        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);

        return new RestTemplate(factory);
    }

private SSLContext buildSslContext() {
        try {
            char[] keyStorePassword = sslProperties.getKeyStorePassword();
            return new SSLContextBuilder()
                    .loadKeyMaterial(
                            KeyStore.getInstance(new File(sslProperties.getKeyStore()), keyStorePassword),
                            keyStorePassword
                    ).build();
        } catch (Exception ex) {
            throw new IllegalStateException("Unable to instantiate SSL context", ex);
        } finally {
            sslProperties.setKeyStorePassword(null);
            sslProperties.setTrustStorePassword(null);
        }
    }
  1. 在 application.properties 或 application.yaml 文件中提供所需的 SSL 属性:
server:
    ssl:
        enabled: true
        key-store: /path/to/key.keystore
        key-store-password: password
        key-alias: alias
        trust-store: /path/to/truststore
        trust-store-password: password

或者,您可以使用 my spring boot starter

相关问题
最新问题