[英]Keycloak authentication problems when using docker and java spring
So I have a spring boot application.所以我有一个弹簧启动应用程序。 I also use swagger for testing purposes.
我也使用 swagger 进行测试。 I have a keycloak defined inside docker-compose like this:
我在 docker-compose 中定义了一个 keycloak,如下所示:
keycloak:
image: jboss/keycloak
ports:
- "18080:8080"
volumes:
- ../keycloak:/opt/jboss/keycloak/imports
command:
- "-b 0.0.0.0 -Dkeycloak.import=/opt/jboss/keycloak/imports/realm-export.json"
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
when I try to run my spring boot application I use http://localhost:18080/auth
as keycloak_auth_url
.当我尝试运行 Spring Boot 应用程序时,我使用
http://localhost:18080/auth
keycloak_auth_url
http://localhost:18080/auth
作为keycloak_auth_url
。 When running from my machine everything works.从我的机器上运行时,一切正常。
When running through docker-compose I change keycloak url to: http://keycloak:18080/auth
but the url that swaggers uses for redirecting user to keycloak stays the same http://localhost:18080/auth
通过 docker-compose 运行时,我将 keycloak url 更改为:
http://keycloak:18080/auth
但 swaggers 用于将用户重定向到 keycloak 的 url 保持不变http://localhost:18080/auth
Authenticating through swaggers "works".通过招摇“有效”进行身份验证。 But when I try to call an API endpoint as authenticated user my server returns the following error:
但是当我尝试以经过身份验证的用户身份调用 API 端点时,我的服务器返回以下错误:
Error when sending request to retrieve realm keys
myApp |
myApp | org.keycloak.adapters.HttpClientAdapterException: IO error
Didn't find publicKey for kid: U7a58q_oR3zXWSAwVUIa_7FvhdA7IncCQ2IfKQKDGfI
myApp | 2020-01-07 11:58:40.615 ERROR 1 --- [nio-8082-exec-1] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token
Now I am not sure is the problem that my app cannot connect to keycloak to check token.现在我不确定是我的应用程序无法连接到 keycloak 来检查令牌的问题。 or did checking of token fail?
还是令牌检查失败了?
thanks for all the help感谢所有的帮助
You will have to change the keycloak_auth_url
to http://keycloak:8080/auth
(if you are using spring-boot you could do it using environment variable instead of hardcoding it) if you want to connect to it from other container that is set up by compose.如果您想从设置的其他容器连接到它,您必须将
keycloak_auth_url
更改为http://keycloak:8080/auth
(如果您使用的是 spring-boot,您可以使用环境变量而不是对其进行硬编码)通过撰写。
The 8080
port is the port that the keycloack is running on in the keycloak container and 18080
port is the port that is published to the host
.在
8080
端口是,keycloack上的keycloak容器中运行和端口18080
端口是发布到该端口host
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.