БЛОГ НА HUSL


Клиент на Spring Boot не переходит на Keyloak для авторизации

Автор вопроса: alexmntmnk

Пробую воспроизвести пример работы с Keyloak. Подключаюсь к Keycloak при помощи адаптера.

Код приложения:

@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authManagerBuilder) {
        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
        authManagerBuilder.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Bean
    public KeycloakConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .authorizeRequests()
                .antMatchers("/api/anonymous/**").permitAll()
                .anyRequest().fullyAuthenticated();
    }
}

Контроллер:

@RestController
@RequestMapping("/api")
public class SampleController {

    @GetMapping("/user")
    @PreAuthorize("hasRole('USER')")
    public String getUserInfo() {
        return "user info";
    }

    @GetMapping("/admin")
    @PreAuthorize("hasRole('ADMIN')")
    public String getAdminInfo() {
        return "admin info";
    }
}

Настройки Spring:

server:
  port: ${SERVER_PORT:11002}
spring:
  application.name: ${APPLICATION_NAME:spring-security-keycloak}
keycloak:
  auth-server-url: http://10.15.68.8:8484/auth
  realm: first-test
  resource: first-login
  public-client: true

Сам Keycloak запускается в Docker по адресу http://10.15.68.8:8484

В браузере открываю страницу

http://localhost:11002/api/admin

и вместо

http://10.15.68.8:8484/auth

я попадаю на

http://localhost:11002/sso/login

причем получается зацикливание, т.е. происходит постоянный переход по этому адресу.

А в приложении Spring с каждым таким переходом появляется ошибка:

2022-09-28 16:09:53.661 ERROR 74584 --- [io-11002-exec-7] o.a.c.c.C.[Tomcat].[localhost]           : Exception Processing /sso/login

java.lang.NoClassDefFoundError: java/security/acl/Group
    at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.createPrincipalFactory(KeycloakAuthenticatorValve.java:96) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.createSessionTokenStore(AbstractKeycloakAuthenticatorValve.java:262) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.getTokenStore(AbstractKeycloakAuthenticatorValve.java:251) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.getTokenStore(KeycloakAuthenticatorValve.java:106) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.checkKeycloakSession(AbstractKeycloakAuthenticatorValve.java:228) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:180) ~[spring-boot-container-bundle-12.0.3.jar:12.0.3]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:887) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.43.jar:9.0.43]
    at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
Caused by: java.lang.ClassNotFoundException: java.security.acl.Group
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) ~[na:na]
    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) ~[na:na]
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
    ... 19 common frames omitted

Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.