Spring boot 在spring boot中禁用特定url的KeyClope身份验证
spring引导服务的前端在第三方仪表板中呈现。该仪表板还有一个我们想要使用的通用搜索栏。现在,一旦我们实现了KeyClope身份验证,我们就开始在这个搜索栏中遇到问题。所有其他API都可以正常工作,因为它们仅从我的前端调用,但搜索API由第三方仪表板调用 奇怪的是,第三方使用Http选项方法调用我的方法,但我的端点注册为GET 对于临时修复,我们尝试仅禁用搜索API上的auth,但似乎根本不起作用。我的配置程序是:Spring boot 在spring boot中禁用特定url的KeyClope身份验证,spring-boot,authentication,spring-security,keycloak,spring-rest,Spring Boot,Authentication,Spring Security,Keycloak,Spring Rest,spring引导服务的前端在第三方仪表板中呈现。该仪表板还有一个我们想要使用的通用搜索栏。现在,一旦我们实现了KeyClope身份验证,我们就开始在这个搜索栏中遇到问题。所有其他API都可以正常工作,因为它们仅从我的前端调用,但搜索API由第三方仪表板调用 奇怪的是,第三方使用Http选项方法调用我的方法,但我的端点注册为GET 对于临时修复,我们尝试仅禁用搜索API上的auth,但似乎根本不起作用。我的配置程序是: @KeycloakConfiguration @Profile("!local
@KeycloakConfiguration
@Profile("!local") // in local profile InsecureLocalConfigurer must be included instead
public class KeycloakSecurityConfigurer extends KeycloakWebSecurityConfigurerAdapter {
/**
* Enable Keycloak configuration over Spring Boot config instead of {@code keycloak.json} file.
*
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#spring-boot-integration">
* Spring Boot Integration</a>
*/
@Bean
@Nonnull
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Registers the KeycloakAuthenticationProvider with the authentication manager.
*/
@Autowired
public void configureGlobal(@Nonnull final AuthenticationManagerBuilder auth) {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Accept only bearer token authentication.
*
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#spring-security-configuration">
* Spring Security Configuration</a>
* @see NullAuthenticatedSessionStrategy
* @return {@link NullAuthenticatedSessionStrategy} instance.
*/
@Override
@Nonnull
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
/**
* All request are checked regarding valid token, except <code>/health</code> check.
* If configuration property <code>rca.security.enable</code> is set to <code>false</code>false
* (default is true) then all requests are permitted without authentication.
*
* <p>
* <b>CSRF security is disabled</b> since our app is not multipart web form app.
* See more at: <ul>
*
* <li><a href="https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html#boot-features-security-csrf">
* Cross Site Request Forgery Protection</a></li>
* <li><a href="https://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html">
* Cross Site Request Forgery (CSRF)</a></li>
* </ul>
*
* @param http the {@link HttpSecurity} to modify
* @throws Exception if an error occurs
*/
@Override
protected void configure(@Nonnull final HttpSecurity http) throws Exception {
super.configure(http);
http.csrf().disable();
http
.cors()
.and()
.authorizeRequests()
.antMatchers("/health", "/error").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated();
}
/**
* Avoid double {@link KeycloakAuthenticationProcessingFilter} bean registration.
*
* <p>
* This will set {@link AbstractAuthenticationProcessingFilter#continueChainBeforeSuccessfulAuthentication} to
* {@code false}, meaning that <b>after success authentication by this Keycloak filter -
* further filters will be skipped</b>. See
* {@link KeycloakAuthenticationProcessingFilter#KeycloakAuthenticationProcessingFilter(
* org.springframework.security.authentication.AuthenticationManager,
* org.springframework.security.web.util.matcher.RequestMatcher) KeycloakAuthenticationProcessingFilter constructor}
*
* @param filter {@link KeycloakAuthenticationProcessingFilter} auth processing filter
* @return disabled {@link FilterRegistrationBean}
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#avoid-double-filter-bean-registration">
* Avoid double Filter bean registration</a>
*/
@Bean
@Nonnull
public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(
@Nonnull final KeycloakAuthenticationProcessingFilter filter) {
final FilterRegistrationBean<KeycloakAuthenticationProcessingFilter> registrationBean =
new FilterRegistrationBean<>(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
/**
* Avoid double {@link KeycloakPreAuthActionsFilter} bean registration.
*
* @param filter {@link KeycloakPreAuthActionsFilter} filter
* @return disabled {@link FilterRegistrationBean}
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#avoid-double-filter-bean-registration">
* Avoid double Filter bean registration</a>
*/
@Bean
@Nonnull
public FilterRegistrationBean keycloakPreAuthActionsFilterRegistrationBean(
@Nonnull final KeycloakPreAuthActionsFilter filter) {
final FilterRegistrationBean<KeycloakPreAuthActionsFilter> registrationBean =
new FilterRegistrationBean<>(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
/**
* Avoid double {@link KeycloakAuthenticatedActionsFilter} bean registration.
*
* @param filter {@link KeycloakAuthenticatedActionsFilter} filter
* @return disabled {@link FilterRegistrationBean}
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#avoid-double-filter-bean-registration">
* Avoid double Filter bean registration</a>
*/
@Bean
public FilterRegistrationBean keycloakAuthenticatedActionsFilterBean(
@Nonnull final KeycloakAuthenticatedActionsFilter filter) {
final FilterRegistrationBean<KeycloakAuthenticatedActionsFilter> registrationBean =
new FilterRegistrationBean<>(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
/**
* Avoid double {@link KeycloakSecurityContextRequestFilter} bean registration.
*
* @param filter {@link KeycloakSecurityContextRequestFilter} filter
* @return disabled {@link FilterRegistrationBean}
* @see <a href="https://www.keycloak.org/docs/latest/securing_apps/index.html#avoid-double-filter-bean-registration">
* Avoid double Filter bean registration</a>
*/
@Bean
public FilterRegistrationBean keycloakSecurityContextRequestFilterBean(
@Nonnull final KeycloakSecurityContextRequestFilter filter) {
final FilterRegistrationBean<KeycloakSecurityContextRequestFilter> registrationBean =
new FilterRegistrationBean<>(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
}
@覆盖
公共无效配置(最终web安全性web){
忽略().antMatchers(HttpMethod.OPTIONS,“/**”);
}可能与您无关,但我的问题是
/error/error/error@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers("/public/**").permitAll()
.antMatchers("/secure/**").hasAuthority(...)
.antMatchers("/error").permitAll()
}
http
.cors()
.and()
.authorizeRequests()
.antMatchers("/health", "/error").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/item/search").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/item/search/").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/item/search/**").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**/search").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**/search/").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**/search/**").permitAll()
.anyRequest().authenticated();`
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers("/public/**").permitAll()
.antMatchers("/secure/**").hasAuthority(...)
.antMatchers("/error").permitAll()
}