Springboot使用安全性和密钥斗篷403错误

时间:2019-05-31 07:08:43

标签: java keycloak

我正在使用密钥斗篷保护我的SpringBoot应用程序,导致403错误

application.yml

keycloak:
    auth-server-url: http://localhost:8180/auth
    realm: SpringBootKeycloak
    resource: test
    public-client: true
    principal-attribute: preferred_username

这是我的SpringSecurity和Keycloak配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    private AuthEntryPoint authEntryPoint;

    @Autowired
    public void configureGlobal(
            AuthenticationManagerBuilder auth) throws Exception {

        KeycloakAuthenticationProvider keycloakAuthenticationProvider
                = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
                new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }


    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(
                new SessionRegistryImpl());
    }

    @Bean
    public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                // disable csrf
                .csrf().disable()
                .exceptionHandling().authenticationEntryPoint(authEntryPoint)
                .and()
                .authorizeRequests()
                // for CORS request
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                // login url
                .antMatchers("/auth").permitAll()
                // static
                .antMatchers("/webjars/**").permitAll()
                // management
                .antMatchers("/actuator").permitAll()
                .antMatchers("/actuator/**").permitAll()
                // websocket
                .antMatchers("/endpoint").permitAll()
                .antMatchers("/endpoint/**").permitAll()
                //.antMatchers("/users").permitAll()
                // api doc
                .antMatchers("/prometheus").permitAll()
                .antMatchers("/prometheus/**").permitAll()
                .antMatchers("/keycloak/").permitAll()
                .anyRequest().authenticated();
        // disable page cache
        http.headers().cacheControl();
    }

    /**
     * Disable security for swagger.
     *
     * @param web
     * @throws Exception
     */
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers(
                        "/v2/api-docs",
                        "/swagger-resources/configuration/ui",
                        "/swagger-resources",
                        "/swagger-resources/configuration/security",
                        "/swagger-ui.html");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

Restful API

@RestController
@CrossOrigin(origins = "*")
@RequestMapping("/keycloak")
public class KeycloakTestController {
    @GetMapping("")
    public String index() {
        return "this is index";
    }
    @GetMapping("/test1")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String test1() {
        return "this is test1";
    }
    @GetMapping("/test2")
    @PreAuthorize("hasRole('ROLE_USER')")
    public String test2() {
        return "this is test2";
    }
    @GetMapping("/test3")
    @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
    public String test3() {
        return "this is test3";
    }

}

通常应该显示密钥斗篷登录页面,但是会出现意外错误(类型=禁止,状态= 403)。 拒绝访问 enter image description here

0 个答案:

没有答案