我使用 Keycloak 设置了一个简单的 Spring Boot 应用程序,该应用程序作为带有 eureka、网关 api 等的服务运行。所有这些都是 Docker 化的。 我创建了一个返回字符串并由 SecurityFilterChain 保护的端点:
@Bean
public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.oauth2Client(Customizer.withDefaults())
.oauth2Login(Customizer.withDefaults());
httpSecurity
.sessionManagement(Customizer.withDefaults());
httpSecurity
.authorizeHttpRequests(Customizer.withDefaults())
.authorizeHttpRequests(authorize -> {
authorize
.requestMatchers("/keycloak-test", "/tournament/keycloak-test").fullyAuthenticated()
.anyRequest().permitAll();
});
return httpSecurity.build();
}
终点:
@GetMapping("/keycloak-test")
public ResponseEntity<String> test() {
return ResponseEntity.ok("Hello World");
}
当我尝试访问此端点时,我期望重定向到登录表单或 keycloak 本身,但问题是我被重定向到 containerId:port:
http://6e375582a097:8201/oauth2/authorization/keycloak-provider我的应用程序.yml:
eureka:
client:
service-url:
defaultZone: http://172.18.0.1:8762/eureka
server:
port: 8201
error:
include-message: always
spring:
datasource:
url: jdbc:postgresql://172.18.0.1:5501/tournament
username: username
password: ${DB_STG_PASSWORD}
driver-class-name: org.postgresql.Driver
hikari:
connection-timeout: 10000
maximum-pool-size: 10
idle-timeout: 5000
max-lifetime: 1000
auto-commit: true
flyway:
locations: classpath:db/migration
enabled: true
jpa:
show-sql: true
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
security:
oauth2:
client:
provider:
keycloak-provider:
issuer-uri: https://keycloak.example.com/realms/keycloak-realm
registration:
aimcup:
provider: keycloak-provider
client-name: keycloak-provider
client-id: keycloak-provider
client-secret:
scope: profile,openid,offline_access
redirect-uri: https://example.com/keycloak-test
我想提一下,我也在使用 nginx 代理管理器。
我尝试查看所有过滤器并检查重定向 uri 何时确定,但没有一个过滤器能让我眼前一亮。 将
server.addressapplication.ymlexample.com是因为eureka有一个容器id而不是IP地址吗?
预先感谢您的帮助!
对于 Spring Boot 3,将
forward-headers-strategynativeserver.forward-headers-strategy: native