Spring Key斗篷在春季在Docker容器上返回500/NPE URI
我的Ubuntu服务器上的keydave有问题。注册和登录工作正常。但是,当我试图通过用户承载令牌向spring应用程序发出任何请求时,KeyClope会返回我500-内部服务器错误。(localhost上的一切都很好!) 当我试图通过承载令牌发出任何请求时的应用程序日志:Spring Key斗篷在春季在Docker容器上返回500/NPE URI,spring,docker,docker-compose,keycloak,http-status-code-500,Spring,Docker,Docker Compose,Keycloak,Http Status Code 500,我的Ubuntu服务器上的keydave有问题。注册和登录工作正常。但是,当我试图通过用户承载令牌向spring应用程序发出任何请求时,KeyClope会返回我500-内部服务器错误。(localhost上的一切都很好!) 当我试图通过承载令牌发出任何请求时的应用程序日志: dictionary_app_prod | java.lang.NullPointerException: null dictionary_app_prod |
dictionary_app_prod | java.lang.NullPointerException: null
dictionary_app_prod | at java.net.URI$Parser.parse(URI.java:3042) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.<init>(URI.java:588) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.create(URI.java:850) ~[na:1.8.0_212]
dictionary_app_prod | at org.apache.http.client.methods.HttpGet.<init>(HttpGet.java:66) ~[httpclient-4.5.8.jar!/:4.5.8]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:97) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
密钥斗篷配置:
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
class KeycloakConfig extends KeycloakWebSecurityConfigurerAdapter {
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement()
.and()
.authorizeRequests()
//.antMatchers("/admin/**").hasRole("ADMIN")
//.antMatchers("/library/**").hasRole("USER")
.anyRequest().permitAll();
}
}
application.properties:
keycloak.auth-server-url=http://dictionary_app_prod_keycloak:8080/auth
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.use-resource-role-mappings=true
在我的例子中,我只是决定直接在服务器上安装KeyClope,而不使用Docker。现在一切都很好
keycloak.auth-server-url=http://dictionary_app_prod_keycloak:8080/auth
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.use-resource-role-mappings=true