我正在使用密钥斗篷保护我的SpringBoot应用程序,导致403错误
application.yml
keycloak:
auth-server-url: http://localhost:8180/auth
realm: SpringBootKeycloak
resource: test
public-client: true
principal-attribute: preferred_username
这是我的SpringSecurity和Keycloak配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
private AuthEntryPoint authEntryPoint;
@Autowired
public void configureGlobal(
AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(
new SessionRegistryImpl());
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// disable csrf
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(authEntryPoint)
.and()
.authorizeRequests()
// for CORS request
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// login url
.antMatchers("/auth").permitAll()
// static
.antMatchers("/webjars/**").permitAll()
// management
.antMatchers("/actuator").permitAll()
.antMatchers("/actuator/**").permitAll()
// websocket
.antMatchers("/endpoint").permitAll()
.antMatchers("/endpoint/**").permitAll()
//.antMatchers("/users").permitAll()
// api doc
.antMatchers("/prometheus").permitAll()
.antMatchers("/prometheus/**").permitAll()
.antMatchers("/keycloak/").permitAll()
.anyRequest().authenticated();
// disable page cache
http.headers().cacheControl();
}
/**
* Disable security for swagger.
*
* @param web
* @throws Exception
*/
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(
"/v2/api-docs",
"/swagger-resources/configuration/ui",
"/swagger-resources",
"/swagger-resources/configuration/security",
"/swagger-ui.html");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
Restful API
@RestController
@CrossOrigin(origins = "*")
@RequestMapping("/keycloak")
public class KeycloakTestController {
@GetMapping("")
public String index() {
return "this is index";
}
@GetMapping("/test1")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public String test1() {
return "this is test1";
}
@GetMapping("/test2")
@PreAuthorize("hasRole('ROLE_USER')")
public String test2() {
return "this is test2";
}
@GetMapping("/test3")
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')")
public String test3() {
return "this is test3";
}
}
通常应该显示密钥斗篷登录页面,但是会出现意外错误(类型=禁止,状态= 403)。 拒绝访问 enter image description here