Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/321.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 是否可以在不同于授权的头上验证KeyClope令牌?_Java_Authentication_Keycloak - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 是否可以在不同于授权的头上验证KeyClope令牌?

Java 是否可以在不同于授权的头上验证KeyClope令牌?

java authentication keycloak

Java 是否可以在不同于授权的头上验证KeyClope令牌?,java,authentication,keycloak,Java,Authentication,Keycloak,我正在实现keydepeat,到目前为止效果非常好。我根据文档做了一个基本配置,看起来有点像这样: @Primary public class AuthConfig extends KeycloakWebSecurityConfigurerAdapter { @Primary @Bean public KeycloakConfigResolver KeycloakConfigResolver() { return new KeycloakSpringBootConfigResolver

我正在实现keydepeat,到目前为止效果非常好。我根据文档做了一个基本配置,看起来有点像这样:

@Primary
public class AuthConfig extends KeycloakWebSecurityConfigurerAdapter {

@Primary
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
    return new KeycloakSpringBootConfigResolver();
}

public SimpleAuthorityMapper grantedAuthority() {
    SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
    return mapper;
}

@Primary
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthority());
    auth.authenticationProvider(keycloakAuthenticationProvider);
}

@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new NullAuthenticatedSessionStrategy();
}

@Primary
@Bean
public AuthenticationProvider authenticationProvider() {
    return keycloakAuthenticationProvider();
}


@Primary
@Bean
public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(
  KeycloakPreAuthActionsFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    return registrationBean;
}

@Primary
@Bean
public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(
  KeycloakAuthenticatedActionsFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    registrationBean.setEnabled(false);
    return registrationBean;
}

@Primary
@Bean
public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(
  KeycloakSecurityContextRequestFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    return registrationBean;
}

@Primary
@Bean
@Override
@ConditionalOnMissingBean(HttpSessionManager.class)
protected HttpSessionManager httpSessionManager() {
    return new HttpSessionManager();
}

public foo getUser(Principal userPrincipal) {
...
}
可能有重复的配置,但关键是在对api到api令牌进行身份验证时(这就是为什么我将其设置为不创建会话)和对用户令牌进行身份验证时,该配置工作正常

因此,当我发送用户令牌时,我可以执行如下操作:

@Primary
public class AuthConfig extends KeycloakWebSecurityConfigurerAdapter {

@Primary
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
    return new KeycloakSpringBootConfigResolver();
}

public SimpleAuthorityMapper grantedAuthority() {
    SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
    return mapper;
}

@Primary
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(grantedAuthority());
    auth.authenticationProvider(keycloakAuthenticationProvider);
}

@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
    return new NullAuthenticatedSessionStrategy();
}

@Primary
@Bean
public AuthenticationProvider authenticationProvider() {
    return keycloakAuthenticationProvider();
}


@Primary
@Bean
public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(
  KeycloakPreAuthActionsFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    return registrationBean;
}

@Primary
@Bean
public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(
  KeycloakAuthenticatedActionsFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    registrationBean.setEnabled(false);
    return registrationBean;
}

@Primary
@Bean
public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(
  KeycloakSecurityContextRequestFilter filter) {
    FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
    return registrationBean;
}

@Primary
@Bean
@Override
@ConditionalOnMissingBean(HttpSessionManager.class)
protected HttpSessionManager httpSessionManager() {
    return new HttpSessionManager();
}

public foo getUser(Principal userPrincipal) {
...
}
然后我将能够访问令牌的用户所有者,并从JWT令牌获取信息

我的问题是,所有这些都是在发送头
身份验证时发生的,此时我需要在验证用户时发送一个不同于身份验证的头,这样我就可以接收API令牌和用户令牌,并决定(根据JWT信息和其他逻辑)稍后调用另一个服务时将使用哪个令牌

是否可以为我的用户令牌创建我自己的keydepot“session”,然后从中创建UserPrincipal


有什么想法吗?
你把你要完成的任务和你想要构建它的方式搞混了。您说您希望接收2个令牌,而不是在身份验证标头中同时接收这两个令牌,但这就是“您希望的方式”。请详细说明你需要完成什么。我怀疑您可以在只接收一个令牌的情况下执行此操作。如果您的后端正在通过keydove执行身份验证,那么它肯定可以访问id令牌(包含用户名、电子邮件等),在大多数keydove适配器集成中,id令牌已经映射了用户
主体的一些内容。如果没有,则使用
keydeposecuritycontext
keydeposecuritycontext
的实例。