Spring Keycloak - 如何从 JWT 访问令牌设置主体

Question

I've been at this for about a week now.

I have a use case where I recieve an auth token through the body instead of the header, and because of that Keycloak and Spring don't automatically set the user. (The reason being, with websockets, I can only send the auth token through the body with the initial connection)

I've tried intercepting the call before keycloak and copying the token from the body to the header, but that did not work.

So now I would like to manually authenticate through keycloak (or just manually set the principal user). I have access to the JWT Access Token, but from here I'm not sure how to authenticate with keycloak.

Anyone have any input?

Answer 1

Since there are two Keycloak pieces that could be in play here, I'll start with a clarification:

• Keycloak - This is the authorization server that a client will use to obtain a JWT
• Keycloak Adapter - This is the thing that configures a Resource Server to integrate Keycloak with Spring Security

I have a use case where I recieve an auth token through the body instead of the header, and because of that Keycloak and Spring don't automatically set the user.

Spring Security 5.1 ships with built-in support for JWT-based access tokens, so you may not need to use the Keycloak Adapter for what you are wanting to do.

When using Spring Security's built-in support, you can configure the DefaultBearerTokenResolver to look in the body:

@Bean
public BearerTokenResolver bearerTokenResolver() {
    DefaultBearerTokenResolver resolver =
            new DefaultBearerTokenResolver();
    resolver.setAllowFormEncodedBodyParameter(true);
    return resolver;
}