其他分享
首页 > 其他分享> > Spring Boot security集成Keycloak

Spring Boot security集成Keycloak

作者:互联网

集成Spring Security
Client配置信息

pom.xml引入security

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency>

application.yml中security-constraints可以删除
application.yml

spring:
  application:
    name: securityKeycloak
server:
  port: 8082

keycloak:
  # keycloak中的realm
  realm: iam
  # keycloak的地址
  auth-server-url: http://10.107.42.181:8080/auth
  # client ID
  resource: iam-type-confidential
  ssl-required: external
  credentials:
    secret: 767dade3-fb02-4ae2-b7f2-d45b79aee890
  # 使用realm级别还是应用级别的角色控制
  use-resource-role-mappings: false
  # 应用的Keycloak访问类型是bearer-only设置为 true,否则设为false
  bearer-only: false

创建SecurityConfig

package com.zzu.securityKeycloak.config;

import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    /**
     * Registers the KeycloakAuthenticationProvider with the authentication manager.
     */
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    /**
     * Read Keycloak config from spring boot config file
     */
    @Bean
    public KeycloakConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    /**
     * Defines the session authentication strategy.
     */
    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/customer/**","/books").hasRole("CUSTOMER")
                .antMatchers("/admin/**","/manager").hasAnyRole("ADMIN")
                .anyRequest().permitAll();
    }
}

demo源码

标签:Spring,Boot,springframework,org,import,security,config,keycloak
来源: https://blog.csdn.net/qq_37590149/article/details/117332224