如何为node.js应用程序在keycloak中启用策略强制执行? [英] How to enable policy enforcing in keycloak for node.js application?
本文介绍了如何为node.js应用程序在keycloak中启用策略强制执行?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我必须将node.js应用程序与keycloak集成在一起.该应用程序是快速的,但是策略没有强制执行,它为所有用户授予访问所有api的权限. 对于/test api: 只有具有首席"角色的用户才能访问.我已经在keycloak管理控制台中提供了这些策略,但是这些策略没有体现出来.为什么?
I have to integrate node.js application with keycloak.The application is in express.But the policies are not enforcing.It grants permission for all the users to access all the api. For /test api: Only users with 'chief' role has the access.I have given those policies in keycloak admin console.But those are not reflecting.Why?
没有首席"角色的用户也正在访问/test
User without 'chief' role is also accessing /test
app.js:
'use strict';
const Keycloak = require('keycloak-connect');
const express = require('express');
const session = require('express-session');
const expressHbs = require('express-handlebars');
const app = express();
app.engine('hbs', expressHbs({extname:'hbs',
defaultLayout:'layout.hbs',
relativeTo: __dirname}));
app.set('view engine', 'hbs');
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({ store: memoryStore });
app.use(session({
secret:'thisShouldBeLongAndSecret',
resave: false,
saveUninitialized: true,
store: memoryStore
}));
app.use(keycloak.middleware());
app.get('/*', keycloak.protect('user'), function(req, res){
res.send("User has base permission");
});
app.get('/test', keycloak.protect(), function(req, res){
res.send("access granted");
});
app.get('/',function(req,res){
res.send("hello world");
});
app.use( keycloak.middleware( { logout: '/'} ));
app.listen(3000, function () {
console.log('Listening at http://localhost:3000');
});
keycloak.json:
keycloak.json:
{
"realm": "nodejs-example",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "external",
"resource": "nodejs-connect",
"credentials": {
"secret": "451317a2-09a1-48b8-b036-e578051687dd"
},
"use-resource-role-mappings": true,
"confidential-port": 0,
"policy-enforcer": {
"enforcement-mode":"PERMISSIVE",
}
}
推荐答案
在json中添加以下行
Add the following line in json
"verify-token-audience": true
var Keycloak = require('keycloak-connect');
var hogan = require('hogan-express');
var express = require('express');
var session = require('express-session');
const app = express();
var server = app.listen(3000, function () {
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);
});
app.set('view engine', 'html');
app.set('views', require('path').join(__dirname, '/view'));
app.engine('html', hogan);
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({
store: memoryStore });
// session
app.use(session({
secret:'thisShouldBeLongAndSecret',
resave: false,
saveUninitialized: true,
store: memoryStore
}));
app.use(keycloak.middleware({
admin: '/',
protected: '/protected/resourcea'
}));
app.get('/leads/assign',keycloak.enforcer(['leads:assign'],{
claims: function(request){
return {
"location":["chennai"]
}
}
} ), function (req, res) {
res.send("granted");
});
这篇关于如何为node.js应用程序在keycloak中启用策略强制执行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
