Spring Boot security集成Keycloak
作者:互联网
集成Spring Security
pom.xml引入security
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
application.yml中security-constraints可以删除
application.yml
spring:
application:
name: securityKeycloak
server:
port: 8082
keycloak:
# keycloak中的realm
realm: iam
# keycloak的地址
auth-server-url: http://10.107.42.181:8080/auth
# client ID
resource: iam-type-confidential
ssl-required: external
credentials:
secret: 767dade3-fb02-4ae2-b7f2-d45b79aee890
# 使用realm级别还是应用级别的角色控制
use-resource-role-mappings: false
# 应用的Keycloak访问类型是bearer-only设置为 true,否则设为false
bearer-only: false
创建SecurityConfig
package com.zzu.securityKeycloak.config;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
/**
* Registers the KeycloakAuthenticationProvider with the authentication manager.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Read Keycloak config from spring boot config file
*/
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/customer/**","/books").hasRole("CUSTOMER")
.antMatchers("/admin/**","/manager").hasAnyRole("ADMIN")
.anyRequest().permitAll();
}
}
标签:Spring,Boot,springframework,org,import,security,config,keycloak 来源: https://blog.csdn.net/qq_37590149/article/details/117332224