我需要做什么来获取用户的OIDC或有关当前会话的一些信息?
在我的程序中,我使用Keycloak作为授权提供程序。
我的安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http)
throws Exception {
http.csrf(AbstractHttpConfigurer::disable);
http.addFilterAfter(createPolicyEnforcerFilter(),
BearerTokenAuthenticationFilter.class);
http.sessionManagement(
t -> t.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
);
return http.build();
}
private ServletPolicyEnforcerFilter createPolicyEnforcerFilter() {
return new ServletPolicyEnforcerFilter(new ConfigurationResolver() {
@Override
public PolicyEnforcerConfig resolve(HttpRequest request) {
try {
return JsonSerialization.
readValue(getClass().getResourceAsStream("/policy-enforcer.json"),
PolicyEnforcerConfig.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
});
}
}
字符串
policy-enforcer.json:
{
"realm": "kasia",
"auth-server-url": "http://localhost:9090",
"resource": "kasia-security",
"credentials": {
"secret": "fHW7Vm6lnNUp3Cmm4IcYbnHlIq5CZ69Z"
},
"paths" : [
{
"path": "/test/api/public",
"enforcement-mode": "DISABLED"
},{
"path": "/swagger-ui/*",
"enforcement-mode": "DISABLED"
},{
"path": "/v3/api-docs/*",
"enforcement-mode": "DISABLED"
}
]
}
型
我的控制器是我应该获取用户的OIDC的地方:
@GetMapping("/api/v1/user")
public ResponseEntity<?> testUser(@AuthenticationPrincipal OidcUser user) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return ResponseEntity.ok("You have accessed the resource and you have the USER role");
}
型
目前我的用户为空,身份验证包含以下数据(无论我使用哪个帐户登录):
AnonymousAuthenticationToken [
Principal="anonymousUser",
Credentials=[PROTECTED],
Authenticated=true,
Details=WebAuthenticationDetails [
RemoteIpAddress=0:0:0:0:0:0:0:0:0:0:0:0:1,
SessionId=null
],
Granted Authorities=[ROLE_ANONYMOUS]
]
型
UPD.我还在请求中发送了JWT令牌:
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ6eTdPbVN1b3NTVGJCUlhEYnRzZFBtOUtDV3FBQWZhQy1iMzh6RHBVOTlVIn0.eyJleHAiOjE3MDM4MTMyNDgsImlhdCI6MTcwMzgxMjM0OCwiYXV0aF90aW1lIjoxNzAzODEwNDIzLCJqdGkiOiIyODA4NjA0Mi05NjU2LTRhNzktYjNjMy05MjYyMDc4OWE0YWMiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwOTAvcmVhbG1zL2thc2lhIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjMwMWVlZDdlLWFmOTYtNDRjMC05MDc1LWVjZjBiNDY2NDVkMSIsInR5cCI6IkJlYXJlciIsImF6cCI6Imthc2lhLXNlY3VyaXR5Iiwibm9uY2UiOiI5YmI0Y2ZmOS1jMmNkLTQ5MTQtOGY2MS02MDUyNDFkYzE2YmIiLCJzZXNzaW9uX3N0YXRlIjoiYTE1NWNmMGEtYmQwYi00MGUxLTkxMWUtYmZiZWQ1OTU1MTRlIiwiYWNyIjoiMCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vbG9jYWxob3N0OjgwODAiLCIqIiwiaHR0cDovL2xvY2FsaG9zdDozMDAwLyIsImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8iLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMta2FzaWEiLCJST0xFX1VTRVIiLCJvZmZsaW5lX2FjY2VzcyIsIlJPTEVfQURNSU4iLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJhMTU1Y2YwYS1iZDBiLTQwZTEtOTExZS1iZmJlZDU5NTUxNGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInJvbGVzIjpbImRlZmF1bHQtcm9sZXMta2FzaWEiLCJST0xFX1VTRVIiLCJvZmZsaW5lX2FjY2VzcyIsIlJPTEVfQURNSU4iLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJuYW1lIjoiQXJ0ZW0gRHViZW5rbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFydGVtLmR1YmVua28wMzA4QGdtYWlsLmNvbSIsImdpdmVuX25hbWUiOiJBcnRlbSIsImZhbWlseV9uYW1lIjoiRHViZW5rbyIsImVtYWlsIjoiYXJ0ZW0uZHViZW5rbzAzMDhAZ21haWwuY29tIn0.Uy26DtYh_d3vRXqSOosNxIp8qVKPKQtUiId6DqTPVAzO-YmDyDgx0QjdTtDEH9mZbA06qKSeRTgbaBkINAZG5I9GvAgFMrAyw1VJ-1cOu-sIr1JZHJDan4uDB2gn2CpOFC2OkXfu3RbrI6hrH7_POUN4v70oWeG1lb4oHMfXVwiAMMduaoNiMXDTNojB3O_3bd4L5DqgQYsvq5sB-FAqqe-XpqhUGLvQ8c26AYRyocDg5wG_9QsK1JaN4MljRqcGHXEYcKYJsc7R3kDDRjzjP-by_NR4ooTxdUkyInq4iAVZXTimrmP_RU4eTQWxfVowhs3BvFjllSHemJYTdyT63A
型
1条答案
按热度按时间bqucvtff1#
在你的问题中:“关于当前会话的一些信息” 和在你的conf中:
sessionCreationPolicy(SessionCreationPolicy.STATELESS)
。你得到不一致的地方了吗?OidcUser
是OIDC环境中带有oauth2Login()
的OAuth2客户端上的OAuth2AthenticationToken
的主体(通过会话授权),当您显然试图配置资源服务器(通过JWT授权的REST API)时。此外,您的
ServletPolicyEnforcerFilter
可能是两年前弃用的Keycloak适配器的一部分,而which aren't compatible with Spring Security 6 / Spring Boot 3