堆栈内存溢出
  简体   繁体   English

自定义用户联合提供程序中的 Keycloak 角色解析

[英]Keycloak role resolution in custom user federation provider

 原文  2019-12-10 10:36:48       security/ keycloak/ roles/ spi

问题描述

I use Keylcoak 8.0.1 to authenticate users for an existing web application.我使用 Keylcoak 8.0.1 来验证现有 Web 应用程序的用户。

I wrote a class implementing UserQueryProvider and UserLookupProvider for user resolution and password checks.我编写了一个实现UserQueryProviderUserLookupProvider的类,用于用户解析和密码检查。

What do I have to do to assign roles defined in my custom datasource ?我需要做什么来分配在我的自定义数据源定义的角色? Is there any interface to implement?有什么interface可以实现吗?

Thanks for helping.谢谢你的帮助。

Dirk短剑

2 个解决方案

解决方案1
 0  2019-12-12 03:18:45

You should implement custom org.keycloak.models.UserModel .您应该实现自定义org.keycloak.models.UserModel This is your entry point for transferring changes to external DB.这是将更改传输到外部数据库的入口点。 It could be adapter over user entity from your existing DB.它可以是现有数据库中用户实体的适配器。 Check out docs and default implementation from Keycloak sources.从 Keycloak 源中查看文档和默认实现。

解决方案2
 0  2019-12-12 09:19:23

Thanks for your reply.感谢您的回复。 Nothing changed.没有改变。 Ater user data are obtained from my custom datasource, Keycloak still tries to retrieve user data from the default datasource:从我的自定义数据源获取用户数据后,Keycloak 仍会尝试从默认数据源检索用户数据:

09:53:00,312 WARN  [org.keycloak.services] (default task-7) KC-SERVICES0013: Failed authentication: javax.persistence.EntityNotFoundException: Unable to find org.keycloak.models.jpa.entities.UserEntity with id 2101150
    at org.hibernate@5.3.13.Final//org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl$JpaEntityNotFoundDelegate.handleEntityNotFound(EntityManagerFactoryBuilderImpl.java:162)
    at org.hibernate@5.3.13.Final//org.hibernate.proxy.AbstractLazyInitializer.checkTargetState(AbstractLazyInitializer.java:285)
    at org.hibernate@5.3.13.Final//org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:180)
    at org.hibernate@5.3.13.Final//org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:309)
    at org.hibernate@5.3.13.Final//org.hibernate.proxy.pojo.bytebuddy.ByteBuddyInterceptor.intercept(ByteBuddyInterceptor.java:45)
    at org.hibernate@5.3.13.Final//org.hibernate.proxy.ProxyConfiguration$InterceptorDispatcher.intercept(ProxyConfiguration.java:95)
    at org.keycloak.keycloak-model-jpa@8.0.1//org.keycloak.models.jpa.entities.UserEntity$HibernateProxy$HFa6SyD0.getNotBefore(Unknown Source)
    at org.keycloak.keycloak-model-jpa@8.0.1//org.keycloak.models.jpa.JpaUserProvider.getNotBeforeOfUser(JpaUserProvider.java:361)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.storage.UserStorageManager.getNotBeforeOfUser(UserStorageManager.java:288)
    at org.keycloak.keycloak-model-infinispan@8.0.1//org.keycloak.models.cache.infinispan.UserCacheSession.cacheUser(UserCacheSession.java:321)
    at org.keycloak.keycloak-model-infinispan@8.0.1//org.keycloak.models.cache.infinispan.UserCacheSession.getUserAdapter(UserCacheSession.java:292)
    at org.keycloak.keycloak-model-infinispan@8.0.1//org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:270)
    at org.keycloak.keycloak-server-spi-private@8.0.1//org.keycloak.models.utils.KeycloakModelUtils.findUserByNameOrEmail(KeycloakModelUtils.java:213)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUser(AbstractUsernameFormAuthenticator.java:154)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:127)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:58)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:51)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:180)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:958)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:294)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:265)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:261)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:322)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:567)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
    at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
    at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
    at org.keycloak.keycloak-services@8.0.1//org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:91)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    at io.undertow.core@2.0.27.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.core@2.0.27.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.core@2.0.27.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.core@2.0.27.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.core@2.0.27.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at io.undertow.core@2.0.27.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.core@2.0.27.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.core@2.0.27.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
    at io.undertow.core@2.0.27.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
    at org.wildfly.extension.undertow@18.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
    at io.undertow.servlet@2.0.27.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
    at io.undertow.core@2.0.27.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
    at io.undertow.core@2.0.27.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
    at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
    at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
    at java.base/java.lang.Thread.run(Thread.java:835)

Do I have to extend additional classes or implement further interfaces?我是否必须扩展额外的类或实现更多的接口? I currently implemented我目前实施

  • UserStorageProvider用户存储提供者
  • UserQueryProvider用户查询提供者
  • CredentialInputValidator凭证输入验证器
  • UserLookupProvider用户查找提供程序

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 KeyCloak 用户联盟和动态角色 - KeyCloak User Federation AND DYNAMIC ROLES Keycloak-链用户联合提供者在一起 - Keycloak - Chain User Federation Providers together Keycloak 提供程序和用户存储 - Keycloak provider and user storage Symfony 2:自定义用户提供者 - Symfony 2 : Custom user provider ASP.NET自定义角色提供程序 - 其他字段 - ASP.NET Custom Role Provider - Additional Fields asp.net 使自定义角色提供者(授权)在到期时表现得像自定义成员提供者(身份验证)一样 - asp.net make custom role provider (authorize) behave like the custom membership provider (authenticate) in expiration 自定义用户提供程序的Symfony2问题 - Symfony2 problems with custom User provider 如何使Custom PrincipalPermissionAttribute处理用户或角色更改 - How to make Custom PrincipalPermissionAttribute handle user or role changes Spring Boot:考虑到用户角色,谁来编写自定义的Prefilter? - Spring Boot: Who to write a custom Prefilter, considering the user role? Symfony2定制用户提供程序在刷新后进行身份验证 - Symfony2 custom user provider authenticate after refresh
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM