问题描述
如何将keycloak与spring boot应用程序集成.我们是否必须在application.properties中授予所有资源及其角色权限?那么keycloak.json的用途是什么?然后,我需要在keycloak的管理控制台中对这些导出设置进行一些说明.我们必须在应用程序的配置中包含该文件吗?
How to integrate keycloak with a spring boot application. Do we have to give all the resources and its role permission in application.properties? Then what is the use of keycloak.json? Then I need some clarification on those export settings in the admin console of keycloak. Do we have to include that file in the config of application?
推荐答案
1)首先将这些依赖项添加到您的build.gradle
中(我使用的是gradle,但是如果您是Maven,则pom.xml
也是一样的) ):
1) First add these dependencies to your build.gradle
(I'm using gradle, but it's the same for pom.xml
if you're a Maven guy):
// keycloak
compile 'org.keycloak:keycloak-spring-boot-adapter:2.5.1.Final'
compile 'org.keycloak:keycloak-tomcat8-adapter:2.5.1.Final'
2)然后在application.properties
文件中提供您的Keycloak配置(这时您应该已经配置了领域,并通过Keycloak web-ui添加了客户端):
2) Then provide your Keycloak config in the application.properties
file (by this time you should have configured your realm and added a client via Keycloak web-ui):
keycloak.realm=[YOUR-REALM]
keycloak.bearer-only=true
keycloak.auth-server-url=https://[YOUR-KEYCLOAK-INSTANCE-ADDRESS]:[PORT]/auth
keycloak.ssl-required=external
keycloak.resource=[CLIEND-ID]
keycloak.credentials.secret=[YOUR-CLIENT-SECRET-ID]
keycloak.cors=true
keycloak.securityConstraints[0].securityCollections[0].name=insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/test-endpoint-1/*
keycloak.securityConstraints[1].securityCollections[0].name=admin stuff
keycloak.securityConstraints[1].securityCollections[0].authRoles[0]=[ROLE-2]
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/test-endpoint-2/*
在这里,我允许任何人访问/test-endpoint-1/*
处的所有内容,而具有[ROLE-2]角色的管理员用户可以访问/test-endpoint-2/*
下的任何内容.
Here I'm allowing any one to access everything at /test-endpoint-1/*
, whereas admin users with the [ROLE-2] role can access anything under /test-endpoint-2/*
.
啊,忘记了,客户端Access Type
是bearer-only
.是的,通过此设置,您不需要keycloak.json
.希望这会有所帮助:)
Ah, forgot to mention, the client Access Type
is bearer-only
. And yes, with this setup you don't need keycloak.json
.Hope this helps :)
新的API进行了一些更改,因此提供了最新版本:
The new API has changed a little bit, so given the latest versions:
kotlinVersion = '1.3.10'
springBootVersion = '2.1.1.RELEASE'
keycloakVersion = '4.6.0.Final'
dependencyManagement {
imports {
mavenBom "org.keycloak.bom:keycloak-adapter-bom:${keycloakVersion}"
}
}
dependencies {
// keycloak
compile 'org.keycloak:keycloak-spring-boot-starter'
}
application.properties
在这种情况下将如下所示:
application.properties
will in this case look like the following:
keycloak.realm=[YOUR-REALM]
keycloak.bearer-only=true
keycloak.auth-server-url=https://[YOUR-KEYCLOAK-INSTANCE-ADDRESS]:[PORT]/auth
keycloak.ssl-required=external
keycloak.resource=[CLIEND-ID]
keycloak.credentials.secret=[YOUR-CLIENT-SECRET-ID]
keycloak.cors=true
keycloak.enabled=true
keycloak.securityConstraints[0].securityCollections[0].name=insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/test-endpoint-1/*
keycloak.securityConstraints[1].securityCollections[0].name=admin stuff
keycloak.securityConstraints[1].authRoles[0]=[ROLE-2]
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/test-endpoint-2/*
这篇关于Keycloak与Spring Boot集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!