具有显式角色的页面将获得403,并且不会调用我的自定义jwtauthenticationconverter。怎么会?
我使用keydrope作为oauth2提供者,我使用oauth2login来提示登录页面。我使用的代码与spring文档中的代码相同。
package com.eLoomina.gateway.security
import org.slf4j.LoggerFactory
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.core.convert.converter.Converter
import org.springframework.security.authentication.AbstractAuthenticationToken
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
import org.springframework.security.web.server.SecurityWebFilterChain
import reactor.core.publisher.Mono
import java.util.stream.Collectors
@Configuration
@EnableWebFluxSecurity
class SecurityConfig {
companion object {
@Suppress("JAVA_CLASS_ON_COMPANION")
@JvmStatic
private val logger = LoggerFactory.getLogger(javaClass.enclosingClass)
}
@Bean
@Throws(Exception::class)
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http.authorizeExchange()
.pathMatchers("/login", "/").permitAll()
.pathMatchers("/login/with-role").hasRole("populate")
.anyExchange().authenticated()
.and()
.oauth2Login().and()
.oauth2ResourceServer().jwt().jwtAuthenticationConverter(grantedAuthoritiesExtractor())
return http.build()
}
fun grantedAuthoritiesExtractor(): Converter<Jwt, Mono<AbstractAuthenticationToken>> {
val extractor = KeycloakRealmRoleConverter()
return ReactiveJwtAuthenticationConverterAdapter(extractor)
}
class KeycloakRealmRoleConverter : JwtAuthenticationConverter() {
override fun extractAuthorities(jwt: Jwt): Collection<GrantedAuthority> {
val realmAccess = jwt.claims["realm_access"] as Map<String, Any>
logger.info("code not reached")
return (realmAccess["roles"] as List<String>).stream()
.map { roleName: String -> "ROLE_${roleName.toUpperCase()}" } // prefix to map to a Spring Security "role"
.map { role: String? -> SimpleGrantedAuthority(role) }
.collect(Collectors.toList())
}
}
}
暂无答案!
目前还没有任何答案,快来回答吧!