Spring Boot中集成Keycloak作為OAuth2提供者

在Spring Boot中集成Keycloak作為OAuth2提供者是一個相對簡單的過程。以下是一個基本的步驟指南，幫助你完成這個集成：

1. 添加依賴

首先，在你的pom.xml文件中添加Spring Security和Keycloak的依賴。

<dependencies>
    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <!-- Keycloak Spring Boot Starter -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-keycloak-security</artifactId>
    </dependency>

    <!-- Other dependencies -->
    <!-- ... -->
</dependencies>

2. 配置Keycloak

在你的application.yml或application.properties文件中配置Keycloak。

application.yml

spring:
  keycloak:
    auth-server-url: http://localhost:8080/auth
    realm: your-realm
    resource: your-client-id
    credentials:
      secret: your-client-secret
    security-realm: your-security-realm

application.properties

spring.keycloak.auth-server-url=http://localhost:8080/auth
spring.keycloak.realm=your-realm
spring.keycloak.resource=your-client-id
spring.keycloak.credentials.secret=your-client-secret
spring.keycloak.security-realm=your-security-realm

3. 配置Spring Security

創(chuàng)建一個配置類來設置Spring Security和Keycloak的集成。

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
import org.springframework.security.web.firewall.RequestRejectedHandler;
import org.springframework.security.web.servletapi.SecurityMockMvcRequestPostProcessors;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestPostProcessors;
import org.springframework.security.web.util.matcher.AntPathRequest;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Autowired
    public void configureGlobal(HttpSecurity http) throws Exception {
        http
            .cors().and()
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/admin/**").hasRole("admin")
                .antMatchers("/user/**").hasAnyRole("admin", "user")
                .anyRequest().authenticated()
            .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .sessionFixation().migrateSession()
                .maximumSessions(1)
                .expiredUrl("/sessionExpired")
                .maxSessionsPreventsLogin(true)
                .sessionRegistry(sessionRegistry());

        http.exceptionHandling()
            .defaultAuthenticationEntryPointFor(new HttpStatusRequestRejectedHandler(HttpStatus.UNAUTHORIZED), new AntPathRequest("/.*"));
    }

    @Bean
    public SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Bean
    public RequestRejectedHandler requestRejectedHandler() {
        return new HttpStatusRequestRejectedHandler(HttpStatus.UNAUTHORIZED);
    }
}

4. 創(chuàng)建Keycloak客戶端

在Keycloak管理控制臺中創(chuàng)建一個新的客戶端。確保設置正確的客戶端ID、客戶端密鑰和所需的權限。

5. 測試集成

啟動你的Spring Boot應用程序，并嘗試訪問受保護的資源。你應該會被重定向到Keycloak的登錄頁面。登錄成功后，你應該能夠訪問受保護的資源。

總結

通過以上步驟，你已經(jīng)成功在Spring Boot中集成了Keycloak作為OAuth2提供者。你可以根據(jù)需要進一步配置和擴展這個集成。