春季无法获取keycloak授权令牌

Posted

技术标签:

【中文标题】春季无法获取keycloak授权令牌【英文标题】:Can not get keycloak authorization token in spring 【发布时间】:2019-06-19 07:07:04 【问题描述】:

我有网络应用程序,我正在尝试制作 keycloak authorizationsjavascript 方面,我将进入 keycloak 登录页面并成功验证。这是我的代码

var keycloak = Keycloak(
            realm: 'demo',
            url: 'localhost:8080/auth',
            clientId: 'justice'
        );
        keycloak.init( onLoad: 'login-required' ).success(function(authenticated) 
            alert(authenticated ? 'authenticated' : 'not authenticated');
        ).error(function() 
            alert('failed to initialize');
        );

然后我在java 一边打电话给Rest web service

$.ajax(
                    type: "POST",
                    url: "login",
                    headers: 
                        "Authorization":"Bearer "+ keycloak.token
                    ,
                    success: function (response) 
                        location.reload();

                    ,
                    error: function (jqXHR, textStatus, errorThrown) 
                        console.log(textStatus, errorThrown);
                    
                );

这里一切正常,我正在获取令牌并放入标头,但我在 java 端有问题,不能从 token 中获取 authorization tokenuser role 和其他一些 properties

这是我的configuration 类,它使用spring security config

import javax.servlet.http.HttpServletRequest;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.ConfigurableBeanFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter 

    @Autowired
    KeycloakClientRequestFactory keycloakClientRequestFactory;

    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() 
        return new NullAuthenticatedSessionStrategy();
    

    @Bean
    @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
    public KeycloakRestTemplate keycloakRestTemplate() 
        return new KeycloakRestTemplate(keycloakClientRequestFactory);
    

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    

    @Override
    protected void configure(HttpSecurity http) throws Exception 
        super.configure(http);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and().authorizeRequests()
                .antMatchers("/login*").hasRole("ADMIN").anyRequest().permitAll();
    

    @Bean
    @Scope(scopeName = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
    public AccessToken getAccessToken() 
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                .getRequest();
        return ((KeycloakAuthenticationToken) request.getUserPrincipal()).getAccount().getKeycloakSecurityContext()
                .getToken();
    


那我想拿token但是每次尝试都没用。

我试过这种方式,结果为空

@Controller
@RequestMapping
public class AuthController 

    @Autowired
        private AccessToken accessToken;

     @RequestMapping(value = "/login", method = RequestMethod.POST)
public String verify(Principal principal,Model model) throws Exception 
     //principal field is null
    String token = accessToken.getAccessTokenHash(); // null

这样

@Controller
@RequestMapping
public class AuthController 

    @Autowired
        private AccessToken accessToken;

     @RequestMapping(value = "/login", method = RequestMethod.POST)
public String verify(Principal principal,Model model) throws Exception 
     Authentication auth =SecurityContextHolder.getContext().getAuthentication();
    KeycloakPrincipal principal = (KeycloakPrincipal) auth.getPrincipal(); // again null 

这样也是

@Controller
    @RequestMapping
    public class AuthController 

        @Autowired
            private AccessToken accessToken;

         @RequestMapping(value = "/login", method = RequestMethod.POST)
    public String verify(Principal principal,Model model) throws Exception 
         HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
                .getRequest();

 KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
                AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); // and still null

这是我的keycloak.json 的内容,放在WEB-INF


  "realm": "demo",
  "bearer-only": true,
  "auth-server-url": "localhost:8080/auth",
  "ssl-required": "external",
  "resource": "justice-service",
  "use-resource-role-mappings": true

也许我误解了这个authentication 或其他东西的流程。也许我在代码或configuration 中有一些错误。我只需要从此令牌中获取tokenproperties,即java 端的用户角色或用户名。我第一次使用keycloak authentication,无论如何我需要像我一样在JavaScriptJava 一侧设置这个Adapters 吗?还是只有JavaScript 就够了?

我没有使用spring boot 或任何libraries

这是我的pom.xmllibraries

<properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <log4j.version>1.2.17</log4j.version>
        <spring.version>4.2.5.RELEASE</spring.version>
        <spring.security.version>4.2.5.RELEASE</spring.security.version>
        <java.version>1.8</java.version>
        <org.jooq.version>3.7.3</org.jooq.version>
        <org.h2.version>1.4.181</org.h2.version>
        <org.postgresql.version>9.4-1201-jdbc41</org.postgresql.version>
    </properties>



    <dependencies>
        <dependency>
            <groupId>org.jooq</groupId>
            <artifactId>jooq</artifactId>
            <version>$org.jooq.version</version>
        </dependency>
        <dependency>
            <groupId>commons-dbcp</groupId>
            <artifactId>commons-dbcp</artifactId>
            <version>1.4</version>
        </dependency>

        <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-security-adapter</artifactId>
            <version>4.0.0.Final</version>
            <exclusions>
                <exclusion>
                    <groupId>org.slf4j</groupId>
                    <artifactId>slf4j-api</artifactId>
                </exclusion>
            </exclusions>
        </dependency>


        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <version>$org.h2.version</version>
        </dependency>
        <dependency>
            <groupId>org.postgresql</groupId>
            <artifactId>postgresql</artifactId>
            <version>$org.postgresql.version</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-orm</artifactId>
            <version>$spring.version</version>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-web</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>$spring.security.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>$spring.security.version</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
            <version>7.0</version>
        </dependency>
        <dependency>
            <groupId>commons-fileupload</groupId>
            <artifactId>commons-fileupload</artifactId>
            <version>1.3.1</version>
        </dependency>
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>2.4</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context-support</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-tx</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-expression</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-aop</artifactId>
            <version>$spring.version</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.5.1</version>
        </dependency>
        <dependency>
            <groupId>org.codehaus.jackson</groupId>
            <artifactId>jackson-mapper-asl</artifactId>
            <version>1.9.13</version>
        </dependency>
        <dependency>
            <groupId>commons-httpclient</groupId>
            <artifactId>commons-httpclient</artifactId>
            <version>3.1</version>
        </dependency>
        <dependency>
            <groupId>javax.mail</groupId>
            <artifactId>mail</artifactId>
            <version>1.4.7</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
            <version>2.6.2</version>
        </dependency>
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>20090211</version>
        </dependency>
        <dependency>
            <groupId>org.freemarker</groupId>
            <artifactId>freemarker</artifactId>
            <version>2.3.23</version>
        </dependency>
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-core</artifactId>
            <version>4.3.10.Final</version>
        </dependency>
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-entitymanager</artifactId>
            <version>4.3.10.Final</version>
        </dependency>
        <dependency>
            <groupId>org.hibernate.common</groupId>
            <artifactId>hibernate-commons-annotations</artifactId>
            <version>4.0.4.Final</version>
        </dependency>
        <dependency>
            <groupId>javax.transaction</groupId>
            <artifactId>jta</artifactId>
            <version>1.1</version>
        </dependency>
        <dependency>
            <groupId>org.hibernate.javax.persistence</groupId>
            <artifactId>hibernate-jpa-2.1-api</artifactId>
            <version>1.0.0.Final</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet.jsp.jstl</groupId>
            <artifactId>javax.servlet.jsp.jstl-api</artifactId>
            <version>1.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.glassfish.web</groupId>
            <artifactId>javax.servlet.jsp.jstl</artifactId>
            <version>1.2.2</version>
        </dependency>
    </dependencies>

这是我的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
    version="3.1">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:spring-root.xml</param-value>
    </context-param>

    <filter>
        <filter-name>characterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>characterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath*:spring-root.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

</web-app>

spring-root.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context.xsd">

    <mvc:annotation-driven/>

    <context:component-scan base-package="ge.economy.law"/>

    <context:annotation-config/>

    <mvc:resources mapping="/resources/**" location="/resources/"/>

    <bean id="dtSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        <property name="driverClassName" value="org.postgresql.Driver"/>

        <!--LAWYERS.MIA.GE-->
        <property name="url" value="jdbc:postgresql://localhost:5432/lawyers?currentSchema=public"/>
        <!--<property name="url" value="jdbc:postgresql://10.31.16.11:5432/lawyers?currentSchema=public"/>-->
        <property name="username" value="user"/>
        <property name="password" value="pass"/>
    </bean>


    <bean id="propertyPlaceholderConfigurer"
          class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreUnresolvablePlaceholders" value="true"/>
        <property name="ignoreResourceNotFound" value="true"/>
    </bean>

    <bean id="transactionAwareDataSource"
          class="org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy">
        <constructor-arg ref="dtSource"/>
    </bean>

    <bean class="org.jooq.impl.DataSourceConnectionProvider" name="connectionProvider">
        <constructor-arg ref="transactionAwareDataSource"/>
    </bean>

    <bean id="dsl" class="org.jooq.impl.DefaultDSLContext">
        <constructor-arg ref="config"/>
    </bean>

    <bean class="org.jooq.impl.DefaultConfiguration" name="config">
        <property name="SQLDialect">
            <value type="org.jooq.SQLDialect">POSTGRES</value>
        </property>
        <property name="connectionProvider" ref="connectionProvider"/>
    </bean>

    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/views/"/>
        <property name="suffix" value=".jsp"/>
    </bean>

    <bean name="fileService" class="ge.economy.law.service.FileService">
        <!--<property name="rootDir"-->
        <!--value="C:\Program Files\Apache Software Foundation\Apache Tomcat 8.0.27\webapps\ROOT\uploads"/>-->
        <!--<property name="rootDir" value="/usr/share/tomcat/webapps/domains/lawyers-test.economy.ge/uploads"/>-->
        <property name="rootDir" value="/data"/>
    </bean>

    <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="500000000"/>
    </bean>

</beans>

也许我的配置有任何错误?

【问题讨论】:

根据您提供的sn-ps,您的代码很好。我使用 spring boot、spring security 和 keycloak-spring-boot-starter 获得了运行配置。因此,我认为问题出在其他地方。我认为您的 Java 程序配置错误,根本不受 Spring Security 的保护。您能否添加更多信息:-您是否收到任何 403 或 401 响应? - 你可以在没有授权头的情况下提出请求吗? - 你用的是什么版本的keycloak、spring、spring security? 由于某种原因我无法更新我的问题,我没有使用 spring boot 或任何它的库,只是 spring mvc。这是我的 github 链接 (github.com/uchachaduneli/mia_law),您可以查看我的配置,在 web.xmlspring-root.xml 我更新了问题 【参考方案1】:

我会把它留在这里以备将来使用。 KeyCloackRestTemplate,获取accessToken他们就是用这样的方法。你可以在 org.keycloak.adapters.springsecurity.client->KeycloakClientRequestFactory.class 中找到它

@Controller
@RequestMapping
public class AuthController 

@RequestMapping(value = "/login", method = RequestMethod.POST)
public String verify(Principal principal,Model model) throws Exception 

    KeycloakAuthenticationToken keycloakAuthenticationToken = (KeycloakAuthenticationToken) principal;
    String token =keycloakAuthenticationToken.getAccount().getKeycloakSecurityContext().getTokenString();


 

【讨论】:

以上是关于春季无法获取keycloak授权令牌的主要内容,如果未能解决你的问题,请参考以下文章

访问令牌后的Keycloak授权过程

在春季实施授权代码授权时出现的问题

Keycloak 令牌生成不起作用 - 未经授权的凭据

无法从 Keycloak 获取 oauth 令牌

如何使用 Angular -> Spring Boot Oauth2 -> Keycloak 获取 keycloak 令牌

撤销 Keycloak 访问令牌