在 Spring Boot 中,将 keycloak 适配器和“keycloak.policy-enforcer-config.claimInformationPointConfig.claims[claim-from-uri]={ request.uri }”添加到 application.properties 文件中,我能够收到“claim-from- uri”在 keycloak javascript 策略中。但是在 ktor 中使用类似的设置是行不通的。
我在 keyclaok.json 中添加了“policy-enforcer”,但在 keycloak 的 javascript 策略中,“claim-from-uri”属性始终为空。
// js policy in keycloak
var context = $evaluation.getContext();
var attributes = context.getAttributes();
var realm = $evaluation.getRealm();
var httpUri = attributes.getValue('http.uri');
var claimFromUri = attributes.getValue('claim-from-uri');
我的用例是从 URI 获取声明,然后使用它从 keycloak 服务器获取策略。
下面是我的 keycloak.json 文件。
{
"realm": "test-realm",
"auth-server-url": "https://localhost:8080/auth",
"ssl-required": "none",
"resource": "api-resource",
"public-client": true,
"policy-enforcer": {
"enforcement-mode": "ENFORCING",
"paths": [
{
"path": "/api/*",
"claim-information-point": {
"claims": {
"claim-from-uri": "{request.uri}"
}
},
"methods": [
{
"method": "GET",
"scopes": ["get", "GET"]
},
{
"method": "POST",
"scopes": ["post", "POST"]
}
]
}
]
}
}
val keycloakProvider = OAuthServerSettings.OAuth2ServerSettings(
name = "keycloak",
authorizeUrl = "https://localhost:8082/auth/realms/test-realm/protocol/openid-connect/auth",
accessTokenUrl = "https://localhost:8082/auth/realms/test-realm/protocol/openid-connect/token",
clientId = "test-realm-backend",
clientSecret = "client-secret",
accessTokenRequiresBasicAuth = false,
requestMethod = HttpMethod.Post,
)
//application setup
install(Authentication) {
oauth("keycloak") {
client = HttpClient(Apache)
providerLookup = { keycloakProvider }
urlProvider = { "http://localhost:8080/callback" }
}
}
// routing
authenticate("keycloak") {
get("/api/{name}") {
val principal: OAuthAccessTokenResponse.OAuth2? = call.authentication.principal()
call.sessions.set(UserSession("Bearer $principal?.accessToken.toString()"))
val name = call.parameters["name"] ?: "name missing in parameter"
val user = User(name)
call.respond(user)
}
}