问题描述
我正在使用keycloak spring boot adapter版本10.0.2,并且我尝试使用身份验证令牌获取用户名,为此,我创建了一个Web过滤器并尝试获取Principal,但是尽管该用户已通过身份验证,但我仅获得了匿名用户像这样:
org.springframework.security.authentication.AnonymousAuthenticationToken@81a4f960:
Principal: anonymousUser;
Credentials: [PROTECTED]; Authenticated: true;
Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0:
RemoteIpAddress: 10.128.15.244;
SessionId: 6F41901438BFC9AD6FEEB34A3A6926EB;
Granted
Authorities: ROLE_ANONYMOUS
我有以下application.yaml
cheques.paging.size: 10
spring.jpa.hibernate.ddl-auto: none
spring.jpa.hibernate.use-new-id-generator-mappings: FALSE
spring.datasource.url: "jdbc:oracle:thin:@${db_host}:${db_port}/${db_instance}"
spring.datasource.username: "${db_user}"
spring.datasource.password: "${db_password}"
spring.datasource.driver.class: "${db_driver}"
spring.jpa.properties.hibernate.dialect: "org.hibernate.dialect.Oracle10gDialect"
spring.jpa.hibernate.naming.physical-strategy: "org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl"
management.health.ldap.enabled: false
management.endpoints.enabled-by-default: false
management.endpoint.health.enabled: true
keycloak:
realm: mrdc
auth-server-url: ${keycloak_url}
ssl-required: external
principal-attribute: preferred_username
disableTrustManager: true
allow-any-hostname: true
resource: mrdc-client
cors: true
credentials:
secret: secret
securityConstraints:
- securityCollections:
- name: default
patterns:
- /*
authRoles:
- user
policy-enforcer-config:
lazy-load-paths: false
enforcement-mode: ENFORCING
paths:
- name: actuator
path: /actuator/*
enforcement-mode: DISABLED
methods:
- method: GET
我真的很想知道自己做错了什么,我的意思是我以前使用过keycloak并使用过类似的Web过滤器,并且总是得到这样的用户名:
public class CustomerFilter extends GenericFilterBean {
private static final Logger LOGGER = LoggerFactory.getLogger(CustomerFilter.class);
@Override
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
Principal userPrincipal = httpServletRequest.getUserPrincipal();
if (userPrincipal != null) {
userPrincipal.getName();
LOGGER.info("username: " + userPrincipal);
}
filterChain.doFilter(servletRequest,servletResponse);
}
}
这是我的keycloak realm.json文件,以防万一:
{
"realm": "mrdc","displayName": "PS-mRDC","enabled": true,"requiredCredentials": [
"password"
],"users": [
{
"username": "service-account-mrdc","serviceAccountClientId": "mrdc-client","clientRoles": {
"mrdc-client": [
"uma_protection"
]
}
},{
"username": "mrdc.user","credentials": [
{
"type": "password","value": "mrdc"
}
],"realmRoles": [],"groups": [
"user-group"
]
},{
"username": "admin.user","value": "admin"
}
],"groups": [
"user-group","admin-group"
]
}
],"roles": {
"realm": [
{
"name": "user"
}
]
},"groups": [
{
"name": "user-group","path": "user-group","attributes": {},"realmRoles": [
"user"
],"clientRoles": {
"account": [
"view-profile","manage-account"
]
},"subGroups": []
},{
"name": "admin-group","path": "admin-group","manage-account"
],"realm-management": [
"view-users","view-realm","view-clients","manage-users"
]
},"subGroups": []
}
],"scopeMappings": [
{
"client": "mrdc-client","roles": [
"user"
]
},{
"clientScope": "offline_access","roles": [
"offline_access"
]
}
],"clients": [
{
"clientId": "mrdc-client","rootUrl": "","baseUrl": "","redirectUris": [
"https://*"
],"secret": "secret","fullScopeAllowed": false,"directAccessGrantsEnabled": true,"authorizationServicesEnabled": true,"authorizationSettings": {
"allowRemoteResourceManagement": false,"policyEnforcementMode": "ENFORCING","resources": [
{
"name": "Default Resource","uri": "/*"
}
],"policies": [
{
"name": "Default Policy","description": "A policy that grants access only for users within this realm","type": "js","logic": "POSITIVE","decisionStrategy": "AFFIRMATIVE","config": {
"code": "// by default,grants any permission associated with this policy\n$evaluation.grant();\n"
}
},{
"name": "Only User Role Policy","type": "role","decisionStrategy": "UNANIMOUS","config": {
"roles": "[{\"id\":\"user\",\"required\":false}]"
}
},{
"name": "User Permission","type": "resource","config": {
"resources": "[\"Default Resource\"]","applyPolicies": "[\"Only User Role Policy\"]"
}
}
],"scopes": [
"view"
]
}
}
]
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)