具有SSO和表单登录功能的Spring安全

问题描述 投票:0回答:1

我的应用程序具有表单登录名,现在我想使用Keycloak集成我的freeIPA帐户。

我下面有2 WebSecurityConfigurerAdapter

SecurityConfiguration.java

@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final AccountDetailsService accountDetailsService;

    private static final String[] IGNORED_RESOURCE_LIST = new String[]{
            "/resources/**",
            "/static/**",
            "/webjars/**",
            "/plugins/**",
            "/imgs/**",
            "/fonts/**",
            "/vendors/**",
            "/flags/**",
            "/js/**",
            "/sso/login",
            "/css/**"};

    private static final String[] PERMIT_ALL_RESOURCE_LIST = new String[]{
            "/actuator/health/**",
            "/login/**",
            "/json/**",
            "/auth/**",
            "/error/**"};

    @Autowired
    public SecurityConfiguration(AccountDetailsService accountDetailsService) {
        this.accountDetailsService = accountDetailsService;
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(IGNORED_RESOURCE_LIST);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.authenticationProvider(authenticationProvider());
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider
                = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(accountDetailsService);
        authProvider.setPasswordEncoder(encoder());
        return authProvider;
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.authorizeRequests()
                .antMatchers(PERMIT_ALL_RESOURCE_LIST).permitAll()
                .anyRequest().authenticated()
                .and().formLogin().loginPage("/auth/login").failureUrl("/auth/login?message=error").permitAll()
                .and().logout().permitAll();

        http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry()).expiredUrl("/auth/login");
    }
}

和KeycloakSecurityConfig.java

@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
@Order(2)
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(
            AuthenticationManagerBuilder auth) throws Exception {

        KeycloakAuthenticationProvider keycloakAuthenticationProvider
                = keycloakAuthenticationProvider();
        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(
                new SimpleAuthorityMapper());
        auth.authenticationProvider(keycloakAuthenticationProvider);
    }

    @Bean
    public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(
                new SessionRegistryImpl());
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests().anyRequest().authenticated();
    }
}

并且在登录页面上,我有一个使用Keycloak登录的按钮。它使用URL /sso/login重定向到Keycloak登录页面,但登录后我被重定向回应用程序登录页面。

有人能启发我这种情况吗?如何在我的应用程序中同时实现表单登录和SSO登录?

谢谢。任何帮助,将不胜感激。

spring-boot spring-security spring-security-oauth2 keycloak
1个回答
0
投票

您执行此要求了吗?

© www.soinside.com 2019 - 2024. All rights reserved.