Spring security 无法使用所提供的颁发者解析OpenID配置(JHipster with KeyClope)
我通过docker compose-f src/main/docker/keydeave.yml up-d启动了keydeave 然后是格拉德卢 在我的项目中,异常发生为Spring security 无法使用所提供的颁发者解析OpenID配置(JHipster with KeyClope),spring-security,jhipster,keycloak,Spring Security,Jhipster,Keycloak,我通过docker compose-f src/main/docker/keydeave.yml up-d启动了keydeave 然后是格拉德卢 在我的项目中,异常发生为 Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating b
Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityConfiguration' defined in file [G:\mymobile\app\build\classes\java\main\com\mycompany\myapp\config\SecurityConfiguration.class]:
Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.zalando.problem.spring.web.advice.security.SecurityProblemSupport': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0;
nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed;
nested exception is org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]:
Factory method 'clientRegistrationRepository' threw exception;
nested exception is java.lang.IllegalArgumentException:
Unable to resolve the OpenID Configuration with the provided Issuer
of "http://localhost:9080/auth/realms/jhipster
package com.mycompany.myapp.config;
导入com.mycompany.myapp.security.*;
导入io.github.jhipster.config.JHipsterProperties;
导入org.springframework.context.annotation.Bean;
导入org.springframework.context.annotation.import;
导入org.springframework.http.HttpMethod;
导入org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
导入org.springframework.security.config.annotation.web.builders.HttpSecurity;
导入org.springframework.security.config.annotation.web.builders.WebSecurity;
导入org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
导入org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter;
导入com.mycompany.myapp.security.oauth2.audencevalidator;
导入com.mycompany.myapp.security.SecurityUtils;
导入org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
导入org.springframework.security.oauth2.core.OAuth2TokenValidator;
导入org.springframework.security.oauth2.jwt.*;
导入org.springframework.beans.factory.annotation.Value;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
导入org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
导入java.util.*;
导入org.springframework.security.web.csrf.CookieCsrfTokenRepository;
导入org.springframework.security.web.csrf.CsrfFilter;
导入com.mycompany.myapp.security.oauth2.JwtAuthorityExtractor;
导入org.springframework.security.web.header.writers.refererPolicyHeaderWriter;
导入org.springframework.web.filter.CorsFilter;
导入org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
导入org.springframework.context.annotation.ComponentScan;
@启用Web安全性
@EnableGlobalMethodSecurity(Prespenabled=true,securedEnabled=true)
@组件扫描({“com.mycompany.myapp.config.*})
@导入(SecurityProblemSupport.class)
公共类安全配置扩展了WebSecurity配置适配器{
私人最终公司过滤器;
@值(${spring.security.oauth2.client.provider.oidc.issuer uri}”)
私有字符串issuerUri;
私人最终产权;
私人最终JwtAuthorityExtractor JwtAuthorityExtractor;
私人最终证券问题支持问题支持;
公共安全配置(CorsFilter CorsFilter、JWTAuthority Extractor、JWTAuthority Extractor、JHipsterProperties JHipsterProperties、SecurityProblemSupport problemSupport){
this.corsFilter=corsFilter;
this.problemSupport=problemSupport;
this.jwtAuthorityExtractor=jwtAuthorityExtractor;
this.jhipsterpreproperties=jhipsterpreproperties;
}
@凌驾
公共void配置(WebSecurity web){
忽略
.antMatchers(HttpMethod.OPTIONS,“/**”)
.antMatchers(“/app/***.{js,html}”)
.antMatchers(“/i18n/**”)
.antMatchers(“/content/**”)
.antMatchers(“/h2控制台/**”)
.antMatchers(“/swagger ui/index.html”)
.antMatchers(“/test/**”);
}
@凌驾
public void configure(HttpSecurity http)引发异常{
//@formatter:off
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.WithTpOnlyFalse())
.及()
.addFilterBefore(corsFilter,CsrfFilter.class)
.例外处理()
.accessDeniedHandler(问题支持)
.及()
.headers()
.contentSecurityPolicy(“默认src'self';框架src'self'数据:;脚本src'self'”不安全内联“不安全评估”https://storage.googleapis.com;样式src'self'unsafe inline';img src'self'数据:;字体src'self'数据:)
.及()
.referrerPolicy(ReferrerPolicyHeaderWriter.referrerPolicy.STRICT_ORIGIN_交叉_ORIGIN_时)
.及()
.featurePolicy(“地理定位‘无’;midi‘无’;同步xhr‘无’;麦克风‘无’;相机‘无’;磁强计‘无’;陀螺仪‘无’;扬声器‘无’;全屏‘自我’;付款‘无’)
.及()
.frameOptions()
.deny()
.及()
.授权请求()
.antMatchers(“/api/auth info”).permitAll()
.antMatchers(“/api/**”).authenticated()
.antMatchers(“/management/health”).permitAll()
.antMatchers(“/management/info”).permitAll()
.antMatchers(“/management/prometheus”).permitAll()
.antMatchers(“/management/**”).hasAuthority(AuthoritiesConstants.ADMIN)
.及()
.oauth2Login()
.及()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthorityExtractor)
.及()
.及()
.oauth2Client();
//@formatter:on
}
/**
*从ID令牌中的“组”或“角色”声明映射权限。
*
*@return一个映射组的{@link GrantedAuthoritiesMapper}
*国内流离失所者向斯普林安全当局求助。
*/
@豆子
公共授权机构映射器userAuthoritiesMapper(){
返回(权限)->{
Set mappedAuthorities=new HashSet();
权限。forEach(权限->{
OidcUserAuthority OidcUserAuthority=(OidcUserAuthority)权限;
MappeAuthorities.addAll(SecurityUtils.extractAuthorityFromClaims(oidcUserAuthority.getUserInfo().ge