Keycloak与Spring Boot在部署到Tomcat上时出现的问题:

huangapple
go评论65阅读模式
英文:

Keycloak with spring boot issue when deploying on tomcat

问题

以下是您提供的内容的翻译:

我已经使用Spring Security Adapter将我的Spring应用程序与KeyCloak进行了安全保护,在我的本地计算机上运行良好,但是当我在Tomcat上部署WAR文件并尝试调用API时,我收到以下内部服务器错误:

o.s.b.w.servlet.support.ErrorPageFilter  : 由于异常[null],正在从请求[/api/statutOperations]转发到错误页面
java.lang.NullPointerException: null
	at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:57) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
	at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:202) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
	at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:39) ~[keycloak-spring-boot-2.1.0.jar:2.1.0]

我是否遗漏了什么,或者我的配置有误?以下是必要的配置:

Keycloak配置:

@Configuration
public class KeycloakConfig {

    @Bean
    KeycloakSpringBootConfigResolver configResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    KeycloakRestTemplate keycloakRestTemplate(KeycloakClientRequestFactory keycloakClientRequestFactory) {
        return new KeycloakRestTemplate(keycloakClientRequestFactory);
    }
}

@KeycloakConfiguration
public class KeycloakSpringSecuriteConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests().antMatchers("/api/**").authenticated().anyRequest().permitAll();
    }
}

application.properties:

keycloak.realm=cirta
keycloak.auth-server-url=http://localhost:8085/auth
keycloak.resource=cirta-api
keycloak.public-client=true
keycloak.cors=true
keycloak.ssl-required=external

我还在META-INF和WEB-INF目录中添加了以下context.xml、keycloak.json和web.xml文件:

context.xml

<Context path="/cirtaapi">
    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

keycloak.json

{
  "realm" : "cirta",
  "resource" : "cirta-api",
  "auth-server-url" : "https://localhost:8085/auth",
  "ssl-required" : "external",
  "enable-cors" : true
}

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
      version="3.0">

    <module-name>cirtaapi</module-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Operations</web-resource-name>
            <url-pattern>/api/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>app-manager</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>cirta</realm-name>
    </login-config>

    <security-role>
        <role-name>app-manager</role-name>
    </security-role>
</web-app>
英文:

I have secured my a Spring application with KeyCloak using Spring Security Adapter, this works fine on my local machine, but when i deployed the WAR on tomcat and try to call the API, i get the following internal server error :

o.s.b.w.servlet.support.ErrorPageFilter  : Forwarding to error page from request [/api/statutOperations] 
due to exception [null]

java.lang.NullPointerException: null
	at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:57) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
	at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:202) ~[keycloak-adapter-core-10.0.2.jar:10.0.2]
	at org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:39) ~[keycloak-spr

Did i miss something, or is my configuration wrong, below is the necessary config :

Keycloak Config :

@Configuration
public class KeycloakConfig {

	@Bean
	KeycloakSpringBootConfigResolver configResolver() {
		return new KeycloakSpringBootConfigResolver();
	}

	@Bean
	KeycloakRestTemplate keycloakRestTemplate(KeycloakClientRequestFactory keycloakClientRequestFactory) {
		return new KeycloakRestTemplate(keycloakClientRequestFactory);
	}
}

@KeycloakConfiguration
public class KeycloakSpringSecuriteConfig extends KeycloakWebSecurityConfigurerAdapter {

	@Override
	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(keycloakAuthenticationProvider());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		super.configure(http);    	http.authorizeRequests().antMatchers(&quot;/api/**&quot;).authenticated().anyRequest().permitAll();
	}

}

application.properties :

keycloak.realm=cirta
keycloak.auth-server-url=http://localhost:8085/auth
keycloak.resource=cirta-api
keycloak.public-client=true
keycloak.cors=true    
keycloak.ssl-required=external

I also added the following context.xml keycloak.json and web.xml in META-INF and WEB-INF directories :

context.xml

&lt;Context path=&quot;/cirtaapi&quot;&gt;
    &lt;Valve className=&quot;org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve&quot;/&gt;
&lt;/Context&gt;

keycloak.json

{
  &quot;realm&quot; : &quot;cirta&quot;,
  &quot;resource&quot; : &quot;cirta-api&quot;,
  &quot;auth-server-url&quot; : &quot;https://localhost:8085/auth&quot;,
  &quot;ssl-required&quot; : &quot;external&quot;,
  &quot;enable-cors&quot; : true
}

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">

    &lt;module-name&gt;cirtaapi&lt;/module-name&gt;

&lt;security-constraint&gt;
    &lt;web-resource-collection&gt;
        &lt;web-resource-name&gt;Operations&lt;/web-resource-name&gt;
        &lt;url-pattern&gt;/api/*&lt;/url-pattern&gt;
    &lt;/web-resource-collection&gt;
    &lt;auth-constraint&gt;
        &lt;role-name&gt;app-manager&lt;/role-name&gt;
    &lt;/auth-constraint&gt;
&lt;/security-constraint&gt;

&lt;login-config&gt;
    &lt;auth-method&gt;KEYCLOAK&lt;/auth-method&gt;
    &lt;realm-name&gt;cirta&lt;/realm-name&gt;
&lt;/login-config&gt;

&lt;security-role&gt;
    &lt;role-name&gt;app-manager&lt;/role-name&gt;
&lt;/security-role&gt;

</web-app>

答案1

得分: 1

这个问题已经在Keycloak 11.0.0中得到了修复。类似的问题已经有人描述过,可以参考这个链接:https://stackoverflow.com/questions/61228097/npe-when-loading-custom-securityconfig-for-keycloak-in-webmvctest 并且为9.0.1到10版本提供了一个解决方法。

另请参见:https://github.com/gtiwari333/spring-boot-web-application-seed/blob/master/main-app/src/main/java/gt/app/config/security/SecurityConfig.java

英文:

This has been fixed in keycloak 11.0.0. Similar question is out there to describe this: https://stackoverflow.com/questions/61228097/npe-when-loading-custom-securityconfig-for-keycloak-in-webmvctest and provide a workaround for version 9.0.1 to 10.

See also: https://github.com/gtiwari333/spring-boot-web-application-seed/blob/master/main-app/src/main/java/gt/app/config/security/SecurityConfig.java

huangapple
  • 本文由 发表于 2020年9月21日 18:26:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/63990458.html
  • java
  • keycloak
  • spring
  • spring-boot
  • spring-security
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定