[英]Spring Boot - Disable default login page
我目前正在做一個小項目。 我想使用 keycloak 作為授權服務器,我的 applicationn 作為 spring 網關和 oauth2 客戶端。
這是問題:
輸入端點時,我被重定向到 keycloak 登錄頁面,這很好。 但是每當我輸入端點“localhost:9090/login”時,我都會進入默認的 oauth2 登錄頁面:登錄頁面
由於我使用 oauth2 客戶端依賴項並使用ServerHttpSecurity
而不是HttpSecurity
,因此我無法使用:
httpSecurity
.oauth2Login()
.loginPage("/redirect");
這是我當前的配置:
如果您有問題,我將演示推送到此github 存儲庫中
網關 pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>at.matkollin</groupId>
<artifactId>spring-demo</artifactId>
<version>1.0.0-SNAPSHOT</version>
<properties>
<java.version>17</java.version>
<spring-cloud.version>2021.0.1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
網關應用。yaml:
spring:
security:
oauth2:
client:
registration:
keycloak-spring-gateway-client:
provider: my-keycloak-provider
scope: openid
client-id: spring-gateway-client
client-secret: xxxxxxxxxx
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/keycloak"
provider:
my-keycloak-provider:
issuer-uri: http://172.31.0.2:8080/realms/Demo
token-uri: http://172.31.0.2:8080/auth/realms/Demo/protocol/openid-connect/token
authorization-uri: http://172.31.0.2:8080/auth/realms/Demo/protocol/openid-connect/auth
userinfo-uri: http://172.31.0.2:8080/auth/realms/Demo/protocol/openid-connect/userinfo
user-name-attribute: preferred_username
server:
port: 9090
management:
endpoints:
web:
exposure:
include: "*"
安全配置:
@Configuration
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.pathMatchers("/actuator/**", "/")
.permitAll()
.and()
.authorizeExchange()
.anyExchange()
.authenticated()
.and()
.oauth2Login();
return http.build();
}
您可以使用以下配置禁用它
spring.autoconfigure.exclude[0]=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
spring.autoconfigure.exclude[1]=org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
第二行是禁用執行器安全性
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.