Keycloak与Spring Boot集成 [英] Keycloak Integration with Spring Boot

问题描述

如何将keycloak与spring boot应用程序集成.我们是否必须在application.properties中授予所有资源及其角色权限?那么keycloak.json的用途是什么?然后，我需要在keycloak的管理控制台中对这些导出设置进行一些说明.我们必须在应用程序的配置中包含该文件吗?

How to integrate keycloak with a spring boot application. Do we have to give all the resources and its role permission in application.properties? Then what is the use of keycloak.json? Then I need some clarification on those export settings in the admin console of keycloak. Do we have to include that file in the config of application?

推荐答案

1)首先将这些依赖项添加到您的build.gradle中(我使用的是gradle，但是如果您是Maven，则pom.xml也是一样的) ):

1) First add these dependencies to your build.gradle (I'm using gradle, but it's the same for pom.xml if you're a Maven guy):

// keycloak
compile 'org.keycloak:keycloak-spring-boot-adapter:2.5.1.Final'
compile 'org.keycloak:keycloak-tomcat8-adapter:2.5.1.Final'

2)然后在application.properties文件中提供您的Keycloak配置(这时您应该已经配置了领域，并通过Keycloak web-ui添加了客户端):

2) Then provide your Keycloak config in the application.properties file (by this time you should have configured your realm and added a client via Keycloak web-ui):

keycloak.realm=[YOUR-REALM]
keycloak.bearer-only=true
keycloak.auth-server-url=https://[YOUR-KEYCLOAK-INSTANCE-ADDRESS]:[PORT]/auth
keycloak.ssl-required=external
keycloak.resource=[CLIEND-ID]
keycloak.credentials.secret=[YOUR-CLIENT-SECRET-ID]
keycloak.cors=true


keycloak.securityConstraints[0].securityCollections[0].name=insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/test-endpoint-1/*

keycloak.securityConstraints[1].securityCollections[0].name=admin stuff
keycloak.securityConstraints[1].securityCollections[0].authRoles[0]=[ROLE-2]
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/test-endpoint-2/*

在这里，我允许任何人访问/test-endpoint-1/*处的所有内容，而具有[ROLE-2]角色的管理员用户可以访问/test-endpoint-2/*下的任何内容.

Here I'm allowing any one to access everything at /test-endpoint-1/*, whereas admin users with the [ROLE-2] role can access anything under /test-endpoint-2/*.

啊，忘记了，客户端Access Type是bearer-only.是的，通过此设置，您不需要keycloak.json. 希望这会有所帮助:)

Ah, forgot to mention, the client Access Type is bearer-only. And yes, with this setup you don't need keycloak.json. Hope this helps :)

新的API进行了一些更改，因此提供了最新版本:

The new API has changed a little bit, so given the latest versions:

kotlinVersion = '1.3.10'
springBootVersion = '2.1.1.RELEASE'
keycloakVersion = '4.6.0.Final'

dependencyManagement {
    imports {
        mavenBom "org.keycloak.bom:keycloak-adapter-bom:${keycloakVersion}"
    }
}

dependencies {
    // keycloak
    compile 'org.keycloak:keycloak-spring-boot-starter'
}

application.properties在这种情况下将如下所示:

application.properties will in this case look like the following:

keycloak.realm=[YOUR-REALM]
keycloak.bearer-only=true
keycloak.auth-server-url=https://[YOUR-KEYCLOAK-INSTANCE-ADDRESS]:[PORT]/auth
keycloak.ssl-required=external
keycloak.resource=[CLIEND-ID]
keycloak.credentials.secret=[YOUR-CLIENT-SECRET-ID]
keycloak.cors=true
keycloak.enabled=true

keycloak.securityConstraints[0].securityCollections[0].name=insecure stuff
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/test-endpoint-1/*


keycloak.securityConstraints[1].securityCollections[0].name=admin stuff
keycloak.securityConstraints[1].authRoles[0]=[ROLE-2]
keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/test-endpoint-2/*

这篇关于Keycloak与Spring Boot集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！