在 tomcat 上部署时出现 spring 引导问题的 Keycloak
[英]Keycloak with spring boot issue when deploying on tomcat
问题描述
I have secured my a Spring application with KeyCloak using Spring Security Adapter, this works fine on my local machine, but when i deployed the WAR on tomcat and try to call the API, i get the following internal server error:
我已经使用 Spring 安全适配器通过 KeyCloak 保护了我的 Spring 应用程序,这在我的本地机器上运行良好,但是当我在 tomcat 上部署 WAR 并尝试调用 API 时,我收到以下内部服务器错误:
o.s.b.w.servlet.support.ErrorPageFilter : Forwarding to error page from request [/api/statutOperations]
due to exception [null]
java.lang.NullPointerException: null
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:57) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:202) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:39) ~[keycloak-spr
Did i miss something, or is my configuration wrong, below is the necessary config:我错过了什么,或者我的配置有误,下面是必要的配置:
Keycloak Config:钥匙斗篷配置:
@Configuration
public class KeycloakConfig {
@Bean
KeycloakSpringBootConfigResolver configResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Bean
KeycloakRestTemplate keycloakRestTemplate(KeycloakClientRequestFactory keycloakClientRequestFactory) {
return new KeycloakRestTemplate(keycloakClientRequestFactory);
}
}
@KeycloakConfiguration
public class KeycloakSpringSecuriteConfig extends KeycloakWebSecurityConfigurerAdapter {
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http); http.authorizeRequests().antMatchers("/api/**").authenticated().anyRequest().permitAll();
}
}
application.properties:应用程序.properties:
keycloak.realm=cirta
keycloak.auth-server-url=http://localhost:8085/auth
keycloak.resource=cirta-api
keycloak.public-client=true
keycloak.cors=true
keycloak.ssl-required=external
I also added the following context.xml keycloak.json and web.xml in META-INF and WEB-INF directories:我还在 META-INF 和 WEB-INF 目录中添加了以下 context.xml keycloak.json 和 web.xml:
context.xml上下文.xml
<Context path="/cirtaapi">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
keycloak.json钥匙斗篷.json
{
"realm" : "cirta",
"resource" : "cirta-api",
"auth-server-url" : "https://localhost:8085/auth",
"ssl-required" : "external",
"enable-cors" : true
}
web.xml web.xml
<module-name>cirtaapi</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Operations</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>app-manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>cirta</realm-name>
</login-config>
<security-role>
<role-name>app-manager</role-name>
</security-role>
1 个解决方案
解决方案1
1 已采纳 2020-09-22 22:35:11
This has been fixed in keycloak 11.0.0.这已在 keycloak 11.0.0 中修复。 Similar question is out there to describe this: NPE when loading custom SecurityConfig for Keycloak in WebMvcTest and provide a workaround for version 9.0.1 to 10.那里有类似的问题来描述: NPE when loading custom SecurityConfig for Keycloak in WebMvcTest and provide a workaround for version 9.0.1 to 10。
See also: https://github.com/gtiwari333/spring-boot-web-application-seed/blob/master/main-app/src/main/java/gt/app/config/security/SecurityConfig.java另见: https://github.com/gtiwari333/spring-boot-web-application-seed/blob/master/main-app/src/main/java/gt/app/config/security/SecurityConfig.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.