我在Ubuntu服务器上的Keycloak有问题。注册和登录工作正常。但是,当我尝试通过用户承载令牌向spring应用程序发出任何请求时,keycloak返回500-Swagger中的内部服务器错误。 (本地主机上的一切都正常!)
当我尝试通过不记名令牌提出任何请求时的应用程序日志:
dictionary_app_prod | java.lang.NullPointerException: null
dictionary_app_prod | at java.net.URI$Parser.parse(URI.java:3042) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.<init>(URI.java:588) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.create(URI.java:850) ~[na:1.8.0_212]
dictionary_app_prod | at org.apache.http.client.methods.HttpGet.<init>(HttpGet.java:66) ~[httpclient-4.5.8.jar!/:4.5.8]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:97) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
我的docker-compose文件:
volumes:
mysql-data:
driver: local
mysql-log:
driver: local
mysql-conf:
driver: local
postgres_data:
driver: local
mysql_data:
driver: local
services:
dictionary_app_prod:
container_name: dictionary_app_prod
build:
context: .
dockerfile: Dockerfile
restart: always
ports:
- 8888:8082
depends_on:
- "dictionary_app_prod_mysql_test" # This service depends on mysql. Start that first.
- "dictionary_app_prod_mongo"
- "dictionary_app_prod_keycloak"
environment:
SPRING_DATASOURCE_URL: jdbc:mysql://dictionary_app_prod_mysql_test:3306/general?useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false&allowPublicKeyRetrieval=true
SPRING_DATA_MONGODB_URI: mongodb://springboot-mongo:27017/mongodb
dictionary_app_prod_mysql_test:
image: mysql:5.7
volumes:
- "mysql-data:/var/lib/mysql"
- "mysql-log:/var/log/mysql"
- "mysql-conf:/etc/mysql/conf.d"
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: general
MYSQL_USER: root
MYSQL_PASSWORD: root
dictionary_app_prod_mongo:
image: mongo
container_name: springboot-mongo
ports:
- 27017:27017
volumes:
- $HOME/data/springboot-mongo-data:/data/db
- $HOME/data/springboot-mongo-bkp:/data/bkp
restart: always
dictionary_app_prod_keycloak:
image: jboss/keycloak
environment:
DB_VENDOR: MYSQL
DB_ADDR: dictionary_app_prod_mysql_test
DB_DATABASE: general
DB_USER: root
DB_PASSWORD: root
KEYCLOAK_USER: test
KEYCLOAK_PASSWORD: test
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
JDBC_PARAMS: "useSSL=false"
ports:
- 8080:8080
depends_on:
- dictionary_app_prod_mysql_test
Keycloak配置:
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
class KeycloakConfig extends KeycloakWebSecurityConfigurerAdapter {
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement()
.and()
.authorizeRequests()
//.antMatchers("/admin/**").hasRole("ADMIN")
//.antMatchers("/library/**").hasRole("USER")
.anyRequest().permitAll();
}
}
application.properties:
keycloak.auth-server-url=http://dictionary_app_prod_keycloak:8080/auth
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.use-resource-role-mappings=true
就我而言,我决定直接在服务器上安装Keycloak,而不使用Docker。现在一切都很好。