问题描述
我只是Spring Security的初学者,但是我想知道是否可以通过使用@PreAuthorize
,@PostAuthorize
,@Secured
和其他注释的方式来配置密钥斗篷.例如,我已经在简单的Spring Rest Web应用程序中配置了keycloak-spring-security-adapter
和Spring Security,以便可以访问控制器中的Principal对象,如下所示:
I'm just a beginner in Spring Security, but I would like to know is it possible to configure keycloak in a way that I can use @PreAuthorize
, @PostAuthorize
, @Secured
and other annotations.For example, I've configured the keycloak-spring-security-adapter
and Spring Security in my simple Spring Rest webapp so that I have access to Principal object in my controller, like this:
@RestController
public class TMSRestController {
@RequestMapping("/greeting")
public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {
return new Greeting(String.format(template, name));
}
...
}
但是当我尝试这样做时(仅作为示例,实际上我想在授权之前执行自定义EL表达式):
But when I try this (just an example, actually I want to execute custom EL expression before authorization):
@RestController
public class TMSRestController {
@RequestMapping("/greeting")
@PreAuthorize("hasRole('ADMIN')")
public Greeting greeting(Principal principal, @RequestParam(value="name") String name) {
return new Greeting(String.format(template, name));
}
...
}
我得到异常:
在我的spring安全配置中,我启用了全局方法安全性:
In my spring security config I enabled global method security:
要使此春季安全批注起作用,我需要什么?可以在此上下文中完全使用此注释吗?
What do I need to make this spring security annotations work? Is it possible to use this annotation in this context at all?
推荐答案
您仍然必须使用Keycloak配置Spring Security.看看适配器文档用于基于注释的配置.设置完成后,您的Spring Security批注将在授权的呼叫上起作用.
You still have to configure Spring Security using Keycloak. Take a look at the adapter documentation for an annotation based configuration. Once that's set up your Spring Security annotations will work on authorized calls.
这篇关于将Spring Security批注与Keycloak结合使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!