Spring boot SpringBoot&x2B;KeyClope适配器安装失败
我试图用KeyClope适配器保护SpringBoot后端Spring boot SpringBoot&x2B;KeyClope适配器安装失败,spring-boot,cors,keycloak,Spring Boot,Cors,Keycloak,我试图用KeyClope适配器保护SpringBoot后端 SprinBoot 2.1.9 密钥斗篷6.0.1 我只是对很多bug和缺少的文档挠头。目前,我试图使KeyClope适配器正确响应401 WWW-authenticate错误的Cors头 我已经调查并发现,securityContext在类org.keydaple.adapters.AuthenticatedActionsHandler中为null,导致响应中未设置头 protected boolean corsRequest()
- SprinBoot 2.1.9
- 密钥斗篷6.0.1
401 WWW-authenticateorg.keydaple.adapters.AuthenticatedActionsHandlerprotected boolean corsRequest() {
if (!deployment.isCors()) return false;
KeycloakSecurityContext securityContext = facade.getSecurityContext(); // This return null
String origin = facade.getRequest().getHeader(CorsHeaders.ORIGIN);
String exposeHeaders = deployment.getCorsExposedHeaders();
if (deployment.getPolicyEnforcer() != null) {
if (exposeHeaders != null) {
exposeHeaders += ",";
} else {
exposeHeaders = "";
}
exposeHeaders += "WWW-Authenticate";
}
String requestOrigin = UriUtils.getOrigin(facade.getRequest().getURI());
log.debugv("Origin: {0} uri: {1}", origin, facade.getRequest().getURI());
if (securityContext != null && origin != null && !origin.equals(requestOrigin)) {
public class OIDCCatalinaHttpFacade extends CatalinaHttpFacade implements OIDCHttpFacade{
public OIDCCatalinaHttpFacade(org.apache.catalina.connector.Request request, HttpServletResponse response) {
super(response, request);
}
@Override
public KeycloakSecurityContext getSecurityContext() {
return (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
}
}
server.port = 8081
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.username=sa
spring.datasource.password=
spring.datasource.driver-class-name=org.h2.Driver
spring.jpa.hibernate.ddl-auto=create-drop
spring.h2.console.enabled=true
spring.main.allow-bean-definition-overriding=true
logging.level.org.springframework.security=DEBUG
logging.level.org.keycloak=TRACE
keycloak.realm = spring
keycloak.bearer-only = true
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required = none
keycloak.resource = spring-boot-elide
keycloak.credentials.secret = *********************
keycloak.confidential-port = 0
keycloak.enabled = true
keycloak.cors = true
您可以将Keyclope适配器与Keyclope弹簧启动器和弹簧安全一起使用。并使用WebSecurityConfigureAdapter配置在覆盖配置方法中处理COR 请参阅本文件: