使用Keycloak和SpringBoot的多租户 [英] Multitenancy using Keycloak and SpringBoot

问题描述

我正在使用spring boot适配器和keycloak spring boot适配器执行多租户，在这里我可以使用ip和域名访问页面.但是，当我运行gradlew脚本时，似乎未检测到此bean，因此未发生任何更改.即使在我包括一个记录器之后，日志也不会被打印出来，所以我认为根本不会读取该文件.我想念什么吗?或有什么我可以用于多租户的实现.谢谢.

I am using spring boot adapter and keycloak spring boot adapter to perform multitenancy where i can access the page using an ip and domain name. But when I run gradlew script it seems this bean is not detected no changes has happened. even after i included a logger, the log is not printed so i assume that this file is not read at all. Am I missing something? or are there any implementations that I can use for multitenancy. thanks.

KeycloakTomcatContextCustomizer

@Component
public class KeycloakTomcatContextCustomizer implements TomcatContextCustomizer
{
    private static final Logger logger = LoggerFactory.getLogger(KeycloakTomcatContextCustomizerBean.class);

    @Override
    public void customize(Context context)
    {
        LoginConfig loginConfig = new LoginConfig();
        loginConfig.setAuthMethod("--KEYCLOAK--");
        context.setLoginConfig(loginConfig);
        context.addSecurityRole("myproject");

        SecurityConstraint constraint = new SecurityConstraint();
        constraint.addAuthRole("myproject");

        SecurityCollection collection = new SecurityCollection();
        collection.addPattern("/contexts");
        constraint.addCollection(collection);

        context.addConstraint(constraint);

        context.addParameter("keycloak.config.resolver", HostBasedKeycloakResolver.class.getName());
    }

    public class HostBasedKeycloakResolver extends KeycloakSpringBootConfigResolver
    {
        private KeycloakDeployment keycloakDeployment;

        @Autowired
        private AdapterConfig adapterConfig;

        @Override
        public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
        if (keycloakDeployment != null) {
            return keycloakDeployment;
        }

            //get the host part here

        //build keycloakdeployment
            keycloakDeployment = KeycloakDeploymentBuilder.build(adapterConfig);
            adapterConfig.setAuthServerUrl("https://"+host+"/auth");
            System.out.println(adapterConfig.getAuthServerUrl());
            return keycloakDeployment;
        }
    }


}

我的application.yml \

keycloak:
  cors: true
  realm: Boot-Project
  realmKey: AARjANBgkqhkiYUitdhjnCAQ8AMIIBCgKCAQEArOS/TTjkgjdoiQ7F6m5x206lJ+K9VBpEjkjrignxIdH7pJDWv9UMg2CL1q3Tfkjg/YdjkljgkbsnqrSzjBcIU5HQ2AQLkRm2eCPuLIB23d2VS3hZGqvbyqN42hbk/oRhloS0tS2/frq4fIeU53KQiRPPiBt1IEO7DINoDUXdyOWS7g/rSrMkjjUm9SohXdv8u3aB+mnI8gNwEag17Cj+wqoc1smPj5jb/8Ab3MynQHv4ekgXYFPI5BEQSXXflBLbL2kjqR2xP8y8XTsOz58XLyWBydjN2R37uds9D2TqipU3tdc286b276RhNCwIDAQAB
  auth-server-url: https://${__AUTH_VM__:localhost}/auth
  ssl-required: none
  resource: myproject
  bearer-only: true
  public-client: false
  credentials:
    secret: ls5f7c3g-d045-444f-8234-6cth6970726y
  securityConstraints[0]:
    securityCollections[0]:
      name: secured context api and app
      authRoles: 
        - commongui
      patterns:
        - /contexts/*
        - /config.json

推荐答案

对于您要实现的目标，我遇到了类似的情况，您的代码似乎还可以.以下内容可能会对您有所帮助:

I've encountered a similar case with what you are trying to achieve, your code seems okay. The following might help you:

1)来自keycloak的有关如何实现多租户的官方文档: http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/java/multi-tenancy.html

1) Official documentation from keycloak on how to implement multi-tenancy: http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/java/multi-tenancy.html

从那里指出，您需要配置要使用的KeycloackConfigResolver，但不幸的是，在撰写本文时，如我在此故障单上发现的那样，在Spring Boot中没有方便的方法可以做到这一点:

from there, it is pointed out that you need to configure which KeycloackConfigResolver to use but unfortunately, as the time of this writing, there is no convenient way to do it in Spring Boot as I found on this ticket:

2)用于Spring Boot适配器的自定义KeycloakConfigResolver: https://issues.jboss.org/browse/KEYCLOAK-4139?_sscc=t

2) Custom KeycloakConfigResolver for Spring Boot adapter: https://issues.jboss.org/browse/KEYCLOAK-4139?_sscc=t

3)在#1和#2之后，可能发生的事情是，Spring可能会覆盖您的实现类，具体取决于如何解析您的Spring配置.尝试从正在扩展的类中覆盖更多方法，添加一些日志记录，然后在运行时检查Spring日志(如果发生了这种情况)(您会看到类似这样的......为bean覆盖bean定义...定义不同:用...)替换...

3) After #1 and #2, what could be happening is that Spring might be overriding your implementation class depending on how your Spring configuration is being resolved. Try to override a few more methods from the class you are extending, add some logging, then check Spring logs during run time if that is what's happening (you'll see something like this "...Overriding bean definition for bean...with a different definition: replacing...with... ")

4)尝试排除有关的类，以使您的实现类不会被覆盖，例如:@SpringBootApplication(exclude = {KeycloakSpringBootConfiguration.class})

4) Try excluding the concerned class so that your implementation class will not be overridden For example: @SpringBootApplication(exclude = {KeycloakSpringBootConfiguration.class})

希望这有助于或提供一些想法.

Hope this helps or provides a few ideas.

关于，先生.JZ

这篇关于使用Keycloak和SpringBoot的多租户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！