基于此示例https://blog.jdriven.com/2019/11/spring-cloud-gateway-with-openid-connect-and-token-relay,我正在尝试使用Spring Gateway(Spring Security和Keycloak的最新版本)。网关后面有一个我想限制访问的静态应用程序。我设法进行了所有配置,以使身份验证有效。但是,我无法正确验证角色。 Spring Security不会从令牌中读取它,而是始终分配ROLE_USER。令牌包含适当的角色,并且其他参数(如用户名或范围)已正确读取。如何使用ReactiveSecurity映射角色。下面是我的配置。
@Configuration
public class SecurityConfig {
@Bean
public OidcClientInitiatedServerLogoutSuccessHandler logoutSuccessHandler(@Value("${postLogoutRedirectUrl}") URI postLogoutRedirectUrl, ReactiveClientRegistrationRepository clientRegistrationRepository) {
OidcClientInitiatedServerLogoutSuccessHandler logoutSuccessHandler = new OidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository);
logoutSuccessHandler.setPostLogoutRedirectUri(postLogoutRedirectUrl);
return logoutSuccessHandler;
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(@Value("${securedPaths}") String[] securedPaths, ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository,
OidcClientInitiatedServerLogoutSuccessHandler logoutSuccessHandler) {
http.oauth2Login();
http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(clientRegistrationRepository)));
http.authorizeExchange()
.pathMatchers(securedPaths).hasRole("admin")
.anyExchange().permitAll();
http.logout().logoutSuccessHandler(logoutSuccessHandler);
http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandler());
http.csrf().disable();
return http.build();
}
}