问题:
如何使Spring Boot适配器中的Keycloak策略执行器与vaadin一起工作
劳麒
所以我有一个应用程序,它使用vaadin(14)和keycloak Spring Boot适配器(11)。我查看了名为“app-authz-springboot”的spring boot的keycloaks授权示例:https://github.com/keycloak/keycloak-quickstarts/tree/lates/app-authz-springboot。当我执行示例时,一切都很好,但是当我将vaadin应用程序连接到示例中的keycloak实例并从同一个示例的spring一半复制application.properties文件时,它无法设置策略强制配置。它会给我一条错误消息:
Could not lazy load resource with path[/VAADIN/build/webcomponentsjs/webcomponents-loader.js] from server
使用StackTrace:
java.lang.RuntimeException: Could not find resource
at org.keycloak.authorization.client.util.Throwables.retryAndWrapExceptionIfNecessary(Throwables.java:91) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:232) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource.findByMatchingUri(ProtectedResource.java:291) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.adapters.authorization.PolicyEnforcer$PathConfigMatcher.matches(PolicyEnforcer.java:268) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.getPathConfig(AbstractPolicyEnforcer.java:351) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.authorize(AbstractPolicyEnforcer.java:72) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.authorization.PolicyEnforcer.enforce(PolicyEnforcer.java:95) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.AuthenticatedActionsHandler.isAuthorized(AuthenticatedActionsHandler.java:158) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.AuthenticatedActionsHandler.handledRequest(AuthenticatedActionsHandler.java:60) ~[keycloak-adapter-core-11.0.2.jar:11.0.2]
at org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve.invoke(AbstractAuthenticatedActionsValve.java:62) ~[spring-boot-container-bundle-11.0.2.jar:11.0.2]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:667) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181) ~[spring-boot-container-bundle-11.0.2.jar:11.0.2]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.41.jar:9.0.41]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.lang.RuntimeException: org.keycloak.jose.jws.JWSInputException: java.lang.NullPointerException
at org.keycloak.authorization.client.util.TokenCallable.call(TokenCallable.java:75) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource.createFindRequest(ProtectedResource.java:296) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource.access$300(ProtectedResource.java:38) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:225) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:222) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:230) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
... 23 common frames omitted
Caused by: org.keycloak.jose.jws.JWSInputException: java.lang.NullPointerException
at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:58) ~[keycloak-core-11.0.2.jar:11.0.2]
at org.keycloak.authorization.client.util.TokenCallable.call(TokenCallable.java:64) ~[keycloak-authz-client-11.0.2.jar:11.0.2]
... 28 common frames omitted
Caused by: java.lang.NullPointerException: null
at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:44) ~[keycloak-core-11.0.2.jar:11.0.2]
... 29 common frames omitted
2021-05-21 18:44:18.843 DEBUG 7662 --- [nio-8080-exec-7] o.k.a.a.AbstractPolicyEnforcer : Checking permissions for path [http://localhost:8080/VAADIN/build/webcomponentsjs/webcomponents-loader.js] with config [null].
2021-05-21 18:44:18.880 DEBUG 7662 --- [nio-8080-exec-4] o.k.a.a.AbstractPolicyEnforcer : Checking permissions for path [http://localhost:8080/VAADIN/build/vaadin-bundle-57fa80d1d948b96b39df.cache.js] with config [PathConfig{name='Default Resource', type='null', path='/*', scopes=[], id='c050c28d-091b-404c-b683-45ee88743439', enforcerMode='ENFORCING'}].
2021-05-21 18:44:18.880 DEBUG 7662 --- [nio-8080-exec-4] o.k.a.a.AbstractPolicyEnforcer : Authorization GRANTED for path [PathConfig{name='Default Resource', type='null', path='/*', scopes=[], id='c050c28d-091b-404c-b683-45ee88743439', enforcerMode='ENFORCING'}]. Permissions [[Permission {id=fb71929b-fe28-4a4c-8879-a77793a6c49b, name=VAADIN, scopes=[]}, Permission {id=c45caaa3-cde6-4ac7-9224-33412368f006, name=Protected Resource, scopes=[]}, Permission {id=c050c28d-091b-404c-b683-45ee88743439, name=Default Resource, scopes=[]}]].
因此,错误一定存在于创建策略执行器配置的某个地方。你能帮我找出错误在哪里吗?下面是我的application.properties
server.port=${PORT:8080}
vaadin.productionMode=false
logging.level.org.springframework.security=DEBUG
logging.level.org.keycloak.adapters.authorization=DEBUG
keycloak.enabled = true
keycloak.realm=spring-boot-quickstart
keycloak.auth-server-url=http://localhost:8180/auth
keycloak.ssl-required=external
keycloak.resource=app-authz-springboot
keycloak.public-client=false
keycloak.credentials.secret=secret
keycloak.security-constraints[0].authRoles[0]=user
keycloak.securityConstraints[0].securityCollections[0].name = protected
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/*
keycloak.policy-enforcer-config.lazy-load-paths=true
keycloak.policy-enforcer-config.on-deny-redirect-to=/accessDenied
共有1个答案
夹谷星剑
所以我使用的是版本11中的keycloakd适配器,而不是最新的版本13,这导致了错误。
类似资料:
-
首先我在使用 keycloak-authz-client-3.3.0.final Spring boot 1.5.8.发布 spring-boot-starter-security 我一直在玩Keycloak spring adapter,探索示例,因为我们想在我们的项目中采用它。 我可以使用以下教程轻松地让它在角色中运行:https://dzone.com/articles/elyly-secu
-
Keycloak策略执行器不使用示例Sprint引导应用程序。 我正在使用Keycloak Version6.0.1,并试图集成一个示例Sprint boot应用程序(Sprint boot Version2.1.3)。我的目标是在Keycloak中设置策略和权限,并在我的示例Spring Boot应用程序中使用Keycloak策略强制器,以便使用在Keycloak中定义的适当权限自动执行所有授权
-
我正在开发一个使用Keycloak作为身份验证服务的Node.js web应用程序。我已经有两个客户机:用于web应用程序(app-web)的client和用于API(app-api)的。在app-api上,我使用资源、范围、策略和权限来控制访问。 为了检查权限,我使用模块(npm keycloak-connect)中的。当我尝试检查权限时,服务器总是返回响应。但是,如果我将app-api从更改为
-
我已经定制了我的执行器/信息endpoint,并且我想使用来自头的信息授权对另一个服务的调用。 我在这里实现了InfoContributor:https://www.baeldung.com/spring-boot-info-acture-custom 我想接受方法中的请求头。对于任何用户定义的RESTendpoint,我都可以定义参数并访问头。 但不幸的是,的方法只采用一个参数。 如何访问方法中
-
我们什么时候应该使用Spring boot执行器。如果包括在内,它对应用程序内存和CPU使用有多大影响? 我目前正在使用Spring Boot 2. x。
-
我尝试使用VirtualBox进行简单的端口转发,结果显示VirtualBox.exe正在主机上监听端口,但实际上并没有将连接转发给来宾。我已经在多个端口上尝试过,并且我已经多次重新启动VirtualBox。另一方面,来宾到主机的连接也很好。以下是信息: 有什么想法吗?出于多种原因,我想避免使用VirtualBox的桥接适配器。我的印象是NAT端口转发在VirtualBox中相对简单。 谢谢!