[英]Full authentication is required to access this resource with Spring Security and Keycloak
I am trying to configure my Spring Security with Keycloak . 我正在尝试使用Keycloak配置Spring Security 。 I am using Spring Boot .
我正在使用Spring Boot 。 I have the following dependencies in my pom.
我的pom中具有以下依赖项。
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-security-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-tomcat8-adapter</artifactId>
</dependency>
I use the spring boot version 1.5.7.RELEASE . 我使用的是Spring Boot版本1.5.7.RELEASE 。 And the keycloak version 3.2.1.Final And the following properties in my application.properties :
和keycloak版本3.2.1Final以及我的application.properties中的以下属性:
keycloak.enabled=true
keycloak.realm=test
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=rest
keycloak.bearer-only=true
keycloak.credentials.secret=<secret>
keycloak.principal-attribute=preferred_username
keycloak.security-constraints[0].authRoles[0]=application
keycloak.security-constraints[0].securityCollections[0].name=spring secured api
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/api/**
management.security.enabled=false
I don't have any other configuration. 我没有其他配置。 For my endpoints I use JAX-RS.
对于我的端点,我使用JAX-RS。 To request my token I use the Chrome Application Postman.
要请求我的令牌,我使用Chrome应用程序邮递员。 Here is the request:
这是请求:
POST /auth/realms/test/protocol/openid-connect/token HTTP/1.1
Host: localhost:8080
Cache-Control: no-cache
Postman-Token: <postman token>
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=postman&username=root&password=12345678
And my application request: 而我的申请要求:
GET /api/product HTTP/1.1
Host: localhost:18888
Authorization: Bearer <keycloak token from the request above>
Cache-Control: no-cache
Postman-Token: <postman token>
But my response is: 但是我的回答是:
{
"timestamp": <timestamp>,
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/api/product"
}
You are not configuring Spring Security with Keycloak here, security-constraints
are used to secure the servlet container and are unrelated to Spring Security. 您这里没有使用Keycloak配置Spring Security,
security-constraints
用于保护servlet容器,与Spring Security无关。 You don't need it when using SpringSecurity, add a Secuirty Config class extending KeycloakWebSecurityConfigurerAdapter
, check here : http://www.keycloak.org/docs/3.3/securing_apps/topics/oidc/java/spring-security-adapter.html 使用SpringSecurity时不需要它,添加一个扩展
KeycloakWebSecurityConfigurerAdapter
Config类,请在此处检查: http : KeycloakWebSecurityConfigurerAdapter
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.