密钥斗篷配置

时间:2019-03-04 11:02:53

标签: spring-security keycloak

我正在尝试配置由Keycloak保护的Spring Boot应用程序。 如何将从OtherClaims获得的ROLE注入配置类? 我从其他声明中获得了Roles用户信息URL端点,如下所示:

public class GetRolesFromOtherClaims
{
    private final String keycloakServerUrl = "https://my-authentication-server.fr";
    private final String keycloakRealm = "MY-REALM";

    public RolesDto[] getRoles() throws IOException
    {
        URI userInfoUri = KeycloakUriBuilder.fromUri(this.keycloakServerUrl).path("/auth/realms/MY-REALM/protocol/openid-connect/userinfo").build(this.keycloakRealm);

        KeycloakClientRequestFactory factory = new KeycloakClientRequestFactory();
        KeycloakRestTemplate template = new KeycloakRestTemplate(factory);
        ResponseEntity<UserInfo> response = template.getForEntity(userInfoUri, UserInfo.class);

        UserInfo infos = response.getBody();
        String autorisations = infos.getOtherClaims().get("autorisations").toString();
        ObjectMapper mapper = new ObjectMapper();

        RolesDto[] rolesDtos = mapper.readValue(autorisations, RolesDto[].class);

        return rolesDtos;
    }

}

在RolesDto中,我有一个用户角色,但我不知道如何将该角色与Spring Security配置关联起来!!!

@Data
@ToString
@JsonIgnoreProperties(ignoreUnknown = true)
public class RolesDto
{
    @JsonProperty("userrole")
    private String userrole;

}

您可以在下面的配置类中看到:

@Configuration
@EnableWebSecurity
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakConfigurationAdapter extends KeycloakWebSecurityConfigurerAdapter
{
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
    {
        return new NullAuthenticatedSessionStrategy();
    }

    @Bean
    public KeycloakConfigResolver KeycloakConfigResolver()
    {
        return new KeycloakSpringBootConfigResolver();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
    {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(simpleAuthorityMapper);
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .sessionManagement()
                .sessionAuthenticationStrategy(sessionAuthenticationStrategy())

                .and()
                .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
                .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class)
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())

                .and()
                .logout()
                .addLogoutHandler(keycloakLogoutHandler())
                .logoutUrl("/logout").logoutSuccessHandler(
                (HttpServletRequest request, HttpServletResponse response, Authentication authentication) -> response.setStatus(HttpServletResponse.SC_OK))
                .and().apply(new CommonSpringKeycloakSecuritAdapter());
    }
}


public class CommonSpringKeycloakSecuritAdapter extends AbstractHttpConfigurer<CommonSpringKeycloakSecuritAdapter, HttpSecurity>
{
    @Bean
    CorsFilter corsFilter()
    {
        return new CorsFilter();
    }

    @Override
    public void init(HttpSecurity http) throws Exception
    {
        http
                .csrf().disable()
                .addFilterBefore(this.corsFilter(), SessionManagementFilter.class)
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()
                .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
                .anyRequest().authenticated();
    }
}

0 个答案:

没有答案