我正在尝试配置由Keycloak保护的Spring Boot应用程序。 如何将从OtherClaims获得的ROLE注入配置类? 我从其他声明中获得了Roles用户信息URL端点,如下所示:
public class GetRolesFromOtherClaims
{
private final String keycloakServerUrl = "https://my-authentication-server.fr";
private final String keycloakRealm = "MY-REALM";
public RolesDto[] getRoles() throws IOException
{
URI userInfoUri = KeycloakUriBuilder.fromUri(this.keycloakServerUrl).path("/auth/realms/MY-REALM/protocol/openid-connect/userinfo").build(this.keycloakRealm);
KeycloakClientRequestFactory factory = new KeycloakClientRequestFactory();
KeycloakRestTemplate template = new KeycloakRestTemplate(factory);
ResponseEntity<UserInfo> response = template.getForEntity(userInfoUri, UserInfo.class);
UserInfo infos = response.getBody();
String autorisations = infos.getOtherClaims().get("autorisations").toString();
ObjectMapper mapper = new ObjectMapper();
RolesDto[] rolesDtos = mapper.readValue(autorisations, RolesDto[].class);
return rolesDtos;
}
}
在RolesDto中,我有一个用户角色,但我不知道如何将该角色与Spring Security配置关联起来!!!
@Data
@ToString
@JsonIgnoreProperties(ignoreUnknown = true)
public class RolesDto
{
@JsonProperty("userrole")
private String userrole;
}
您可以在下面的配置类中看到:
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(name = "keycloak.enabled", havingValue = "true", matchIfMissing = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class KeycloakConfigurationAdapter extends KeycloakWebSecurityConfigurerAdapter
{
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver()
{
return new KeycloakSpringBootConfigResolver();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
{
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
SimpleAuthorityMapper simpleAuthorityMapper = new SimpleAuthorityMapper();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(simpleAuthorityMapper);
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.logout()
.addLogoutHandler(keycloakLogoutHandler())
.logoutUrl("/logout").logoutSuccessHandler(
(HttpServletRequest request, HttpServletResponse response, Authentication authentication) -> response.setStatus(HttpServletResponse.SC_OK))
.and().apply(new CommonSpringKeycloakSecuritAdapter());
}
}
public class CommonSpringKeycloakSecuritAdapter extends AbstractHttpConfigurer<CommonSpringKeycloakSecuritAdapter, HttpSecurity>
{
@Bean
CorsFilter corsFilter()
{
return new CorsFilter();
}
@Override
public void init(HttpSecurity http) throws Exception
{
http
.csrf().disable()
.addFilterBefore(this.corsFilter(), SessionManagementFilter.class)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated();
}
}