我正在使用 keycloak 开发 Spring Boot 应用程序(v 2.1.0)以保护应用程序(v 4.5.0)。我已经在 gradle 和 application.properties 中配置了 keycloak 安全性。但是,即使对于未添加到安全约束的 url,keycloak 也会返回未经授权的(401 错误)。
Gradle 和 application.properties 文件在 Gradle 之后提供
buildscript {
ext.kotlin_version = '1.3.11' // Required for Kotlin integration
ext.spring_boot_version = '2.1.0.RELEASE'
ext.keycloak_version = '4.5.0.Final'
repositories {
jcenter()
}
dependencies {
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" // Required for Kotlin integration
classpath "org.jetbrains.kotlin:kotlin-allopen:$kotlin_version" // See https://kotlinlang.org/docs/reference/compiler-plugins.html#spring-support
classpath "org.springframework.boot:spring-boot-gradle-plugin:$spring_boot_version"
}
}
apply plugin: 'kotlin' // Required for Kotlin integration
apply plugin: "kotlin-spring" // https://kotlinlang.org/docs/reference/compiler-plugins.html#spring-support
apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'
jar {
baseName = 'gs-rest-service'
version = '0.1.0'
}
repositories {
jcenter()
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-data-jpa')
compile('org.springframework.boot:spring-boot-starter-data-rest')
compile group: 'org.hibernate', name: 'hibernate-envers', version: '5.1.0.Final'
compile "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version" // Required for Kotlin integration
compile("org.jetbrains.kotlin:kotlin-reflect")
compile "org.springframework.boot:spring-boot-starter-web"
// compile 'org.springframework.boot:spring-boot-starter-security'
//KeyCloak
compile group: 'org.keycloak', name: 'keycloak-spring-boot-starter', version: '4.7.0.Final'
compile group: 'org.keycloak', name: 'keycloak-spring-boot-adapter', version: '4.7.0.Final'
compile "org.keycloak:keycloak-admin-client:$keycloak_version"
//RestEasy
// https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client
compile group: 'org.jboss.resteasy', name: 'resteasy-client', version: '3.6.2.Final'
// https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-jaxrs
compile group: 'org.jboss.resteasy', name: 'resteasy-jaxrs', version: '3.6.2.Final'
// https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-jackson2-provider
compile group: 'org.jboss.resteasy', name: 'resteasy-jackson2-provider', version: '3.6.2.Final'
// //Oauth2
// // https://mvnrepository.com/artifact/org.springframework.security.oauth/spring-security-oauth2
// compile group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: '2.3.4.RELEASE'
// https://mvnrepository.com/artifact/org.springframework/spring-jdbc
compile group: 'org.springframework', name: 'spring-jdbc', version: '5.1.0.RELEASE'
// https://mvnrepository.com/artifact/org.postgresql/postgresql
compile group: 'org.postgresql', name: 'postgresql', version: '9.3-1100-jdbc41'
compile group: 'org.postgresql', name: 'postgresql', version: '42.2.5'
testCompile('org.springframework.boot:spring-boot-starter-test')
}
应用程序属性
#Server
server.port = 8090
# Database
spring.jpa.database=postgresql
#spring.datasource.platform
spring.jpa.show-sql=false
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.url=jdbc:postgresql://localhost:5432/dbname
spring.datasource.username=postgres
spring.datasource.password=123
spring.jpa.generate-ddl=true
spring.jpa.hibernate.ddl-auto=update
# new
keycloak.realm = realm
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.ssl-required = external
keycloak.resource = client_id
keycloak.credentials.secret = client_secret
keycloak.realm-key=public_key
keycloak.security-constraints[0].auth-roles[0]=USER
keycloak.security-constraints[0].security-collections[0].patterns[0]=/user/*
keycloak.security-constraints[0].security-collections[0].patterns[1]=/createStudent
keycloak.security-constraints[0].auth-roles[1]=admin
keycloak.security-constraints[0].security-collections[1].patterns[0]=/createStudent2
keycloak.security-constraints[0].security-collections[1].patterns[1]=/createRole
keycloak.security-constraints[0].security-collections[1].patterns[2]=/roles
keycloak.security-constraints[0].security-collections[1].patterns[3]=/assignRole
keycloak.security-constraints[0].security-collections[1].patterns[4]=/users
我希望应用程序的登录名和主页是公开的 /login 和 /home 提前谢谢!