Java SpringKeyClope适配器为每个请求加载开放ID配置
我有一个Spring项目,配置了keydove适配器,并注意到它为每个请求加载openid配置。是否有任何机制来缓存此配置,或者,为什么会发生这种情况 无法理解此行为,KeyClope文档对此只字不提。正如我看到的源代码一样,它在创建keydeposteployment对象时解析此配置,因此每次请求时都会创建一个新的keydeposteployment对象(请参阅:) 这是日志:Java SpringKeyClope适配器为每个请求加载开放ID配置,java,spring,spring-security,keycloak,openid-connect,Java,Spring,Spring Security,Keycloak,Openid Connect,我有一个Spring项目,配置了keydove适配器,并注意到它为每个请求加载openid配置。是否有任何机制来缓存此配置,或者,为什么会发生这种情况 无法理解此行为,KeyClope文档对此只字不提。正如我看到的源代码一样,它在创建keydeposteployment对象时解析此配置,因此每次请求时都会创建一个新的keydeposteployment对象(请参阅:) 这是日志: 2020-06-25 08:31:36.103 INFO 1 --- [io-8080-exec-10] o.ke
2020-06-25 08:31:36.103 INFO 1 --- [io-8080-exec-10] o.keycloak.adapters.KeycloakDeployment : Loaded URLs from https://mykeyloak.com/auth/realms/myrealm/.well-known/openid-configuration
以下是我的KeyClope适配器配置:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
private KeycloakProperties keycloakProperties;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public AdapterConfig adapterConfig() {
AdapterConfig adapterConfig = new AdapterConfig();
adapterConfig.setRealm(keycloakProperties.getRealm());
adapterConfig.setResource(keycloakProperties.getResource());
adapterConfig.setAuthServerUrl(keycloakProperties.getAuthServerUrl());
adapterConfig.setSslRequired(keycloakProperties.getSslRequired());
adapterConfig.setBearerOnly(keycloakProperties.getBearerOnly());
adapterConfig.setCredentials(keycloakProperties.getCredentials());
adapterConfig.setCors(keycloakProperties.getEnableCors());
adapterConfig.setUseResourceRoleMappings(keycloakProperties.getUseResourceRoleMappings());
return adapterConfig;
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver(AdapterConfig adapterConfig) {
return new KeycloakConfigResolver() {
@Override
public KeycloakDeployment resolve(HttpFacade.Request request) {
return KeycloakDeploymentBuilder.build(adapterConfig);
}
};
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.anyRequest().permitAll();
}
@Autowired
public void setKeycloakProperties(KeycloakProperties keycloakProperties) {
this.keycloakProperties = keycloakProperties;
}
}
密钥斗篷属性:
keycloak.realm=myrealm
keycloak.resource=myclient
keycloak.auth-server-url=https://mykeycloak.com/auth
keycloak.ssl-required=external
keycloak.bearer-only=true
keycloak.credentials={}
keycloak.enable-cors=true
keycloak.use-resource-role-mappings=false
我必须注册keydeposteploymentbean并从keydeposteconfigresolver解析方法返回它
@Bean
public KeycloakDeployment keycloakDeployment(AdapterConfig adapterConfig) {
return KeycloakDeploymentBuilder.build(adapterConfig);
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver(KeycloakDeployment keycloakDeployment) {
return request -> keycloakDeployment;
}
我必须注册keydeposteploymentbean并从keydeposteconfigresolver解析方法返回它
@Bean
public KeycloakDeployment keycloakDeployment(AdapterConfig adapterConfig) {
return KeycloakDeploymentBuilder.build(adapterConfig);
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver(KeycloakDeployment keycloakDeployment) {
return request -> keycloakDeployment;
}