我有一个超级简单的Spring Boot应用程序,其中包含Spring Security 5,它通过OAuth2进行身份验证,并在Docker中运行一个Keycloak 17示例。
当我从Intellij本地启动应用程序时,一切正常。
但是,当我从Docker容器中运行应用程序时,我会得到:
[invalid_token_response]尝试检索OAuth 2.0访问令牌响应时出错:"http://localhost:80/realms/Demo/protocol/openid-connect/token"的POST请求时出现I/O错误:拒绝连接(拒绝连接);嵌套异常是java. net。连接被拒绝(连接被拒绝)
当我在keycloak登录页面上输入凭据时。但是在keycloak中为该用户创建了一个会话。
系统:
- 配备 Monterey 12.0.1的MacBook
- Docker台式机4.5,带Kubernetes 1.22.5
docker-compose.yml
version: '3.9'
networks:
network_keycloak_postgres_app:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
volumes:
keycloak_postgres_data:
driver: local
services:
postgres:
container_name: postgres
image: postgres
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak_db_admin
POSTGRES_PASSWORD: keycloak_db_password
ports:
- "5432:5432"
networks:
- network_keycloak_postgres_app
keycloak:
container_name: keycloak
hostname: keycloak
image: quay.io/keycloak/keycloak:17.0.0
command: ["start-dev", "--log-level=debug"]
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: change_me
KC_DB: postgres
KC_DB_USERNAME: keycloak_db_admin
KC_CACHE: local
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_PASSWORD: keycloak_db_password
ports:
- "80:8080"
- "443:8443"
depends_on:
- postgres
networks:
- network_keycloak_postgres_app
demo_app:
container_name: demo_app
hostname: demoapp
build:
context: ../
dockerfile: Dockerfile
environment:
SPRING_PROFILES_ACTIVE: default
ports:
- "4242:4242"
depends_on:
- keycloak
networks:
- network_keycloak_postgres_appDockerfile(确保在构建前运行"mvn clean package")
FROM openjdk:11.0.11-jre-slim
COPY ./target/demo-0.0.1-SNAPSHOT.jar /usr/local/lib/demo.jar
EXPOSE 4242
ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"]application.yml
server:
port: 4242
logging:
level:
root: DEBUG
org.springframework.web: DEBUG
org.springframework.security: DEBUG
# org.springframework.boot.autoconfigure: DEBUG
spring:
thymeleaf:
cache: false
security:
oauth2:
client:
registration:
keycloak:
client-id: demo-app
client-secret: 5cuxTUgiLJATP4pMpw7j8HZieekdOBsM
client-name: Keycloak
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
scope:
- openid
- profile
- email
provider:
keycloak:
authorization-uri: http://localhost:80/realms/Demo/protocol/openid-connect/auth
token-uri: http://localhost:80/realms/Demo/protocol/openid-connect/token
user-info-uri: http://localhost:80/realms/Demo/protocol/openid-connect/userinfo
jwk-set-uri: http://localhost:80/realms/Demo/protocol/openid-connect/certs
user-name-attribute: preferred_usernamepom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.kressing</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>demo</name>
<description>Spring Security 5 OAuth2 Client and Keycloak sample</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>我已经尝试过:
- 提供应用程序和keycloak容器主机名
- 在另一个停靠器中运行应用程序容器-合成
- 使用"http://${DOCKER_GATEWAY_HOST:-主机. docker.内部}:8080"而不是本地主机
- 使用其他openjdk映像来构建
提前感谢您的任何提示和帮助!
1条答案
按热度按时间h43kikqp1#
我添加了一个反向代理,并将提供者url的端口更改为内部docker端口。