无法查看与Keycloak集成的Spring Boot应用程序中的访问令牌和刷新令牌。

huangapple go评论78阅读模式
英文:

Unable to view Access Token and Refresh token in Spring Boot application integrated with Keycloak

问题

我们已经为基于Spring Reactive的Spring Boot应用程序集成了Keycloak登录,如下所示。

在属性文件中添加了以下属性:

spring.security.oauth2.client.registration.keycloak.client-id
spring.security.oauth2.client.registration.keycloak.client-secret
spring.security.oauth2.client.registration.keycloak.authorization-grant-type
spring.security.oauth2.client.registration.keycloak.scope
spring.security.oauth2.client.provider.keycloak.issuer-uri
spring.security.oauth2.client.provider.keycloak.user-name-attribute

SecurityConfig类如下所示:

@Configuration
@EnableWebFluxSecurity()
@EnableReactiveMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http.authorizeExchange().pathMatchers("/login").permitAll()
                .and().authorizeExchange().pathMatchers("/secured/**")
                .authenticated()
                .and().oauth2Login();
        return http.build();
    }
}

这是有效的。我们使用的是Spring Security 5.7.7版本。

但是,在浏览器中,我只能看到以下内容的“SESSION” Cookie。我无法查看访问令牌/刷新令牌。请告诉我如何查看访问令牌和刷新令牌。

英文:

We have integrated keycloak login for a Spring Reactive based Spring boot application has follows.
<br/>
Added Oauth client as maven dependency

        &lt;dependency&gt;
            &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
            &lt;artifactId&gt;spring-boot-starter-oauth2-client&lt;/artifactId&gt;
        &lt;/dependency&gt;
        &lt;dependency&gt;
            &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
            &lt;artifactId&gt;spring-boot-starter-security&lt;/artifactId&gt;
        &lt;/dependency&gt;

Added below properties in properties file

spring.security.oauth2.client.registration.keycloak.client-id
spring.security.oauth2.client.registration.keycloak.client-secret
spring.security.oauth2.client.registration.keycloak.authorization-grant-type
spring.security.oauth2.client.registration.keycloak.scope
spring.security.oauth2.client.provider.keycloak.issuer-uri
spring.security.oauth2.client.provider.keycloak.user-name-attribute

SecurityConfig class is as below.

@Configuration
@EnableWebFluxSecurity()
@EnableReactiveMethodSecurity
public class SecurityConfig {

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {


        http.authorizeExchange().pathMatchers(&quot;/login&quot;).permitAll()
                .and().authorizeExchange().pathMatchers(&quot;/secured/**&quot;)
                .authenticated()
                .and().oauth2Login();

        return http.build();
    }

}

This is working. <Br/>
We are using Spring security 5.7.7 version

But in browser I am able to see only "SESSION" Cookie as below. I am unable to view Access token/ Refresh token. <br/>
Please let me know how to view Access token and Refresh token.

无法查看与Keycloak集成的Spring Boot应用程序中的访问令牌和刷新令牌。

答案1

得分: 1

请求从浏览器到OAuth2客户端并不受OAuth2访问令牌的保护,而是通过会话进行保护。只有从OAuth2客户端到OAuth2资源服务器的请求才受访问令牌的保护。

如果你想查看访问令牌,查看配置为OAuth2客户端的内容。在你的情况下,这是Spring应用程序(在服务器上),而不是浏览器中的渲染模板。

在Spring安全的Reactive堆栈中,你可以查看ServerOAuth2AuthorizedClientRepositoryReactiveOAuth2AuthorizedClientService以访问“已授权客户端”(其中包含对令牌的引用)。

如果你对OAuth2概念和Spring配置选项有疑问,建议查看我的教程

英文:

Requests from a browser to an OAuth2 client aren't secured with OAuth2 access tokens, it is secured with sessions. Only requests from OAuth2 clients to OAuth2 resource servers are secured with access tokens.

If you want to see access the tokens, look into what is configured as an OAuth2 client. In your case, it is the Spring application (on the server), not the rendered template in the browser.

In Spring security Reactive stack, you might have a look at ServerOAuth2AuthorizedClientRepository or ReactiveOAuth2AuthorizedClientService to access the "authorized client" (which contain references to tokens).

If you have doubts about OAuth2 concepts and Spring configuration options, I suggest you have a look at my tutorials.

huangapple
  • 本文由 发表于 2023年5月22日 23:00:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/76307475.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定