我对 docker 还很陌生。所以我有一个 docker compose.yml 文件,它可以帮助我 dockerize keycloak 和 Spring boot 应用程序。这是我的 application-docker.yml 文件
spring:
security:
oauth2:
client:
registration:
MyRealm:
client-id: myclient
client-secret: mysecrete
authorization-grant-type: authorization_code
redirect-url: "{baseUrl}/login/oauth2/code/myclient"
scope:
- openid
- profile
- email
- roles
provider:
MyRealm:
issuer-uri: "http://localhost:8090/realms/myRealm"
这是我的 docker.yml 文件
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak:23.0.4
command: ["start-dev","--import-realm"]
environment:
KEYCLOAK_LOGLEVEL: DEBUG
KC_DB: postgres
KC_DB_URL_HOST: keycloak-postgres
KC_DB_URL_DATABASE: keycloak
KC_DB_PASSWORD: mypassword
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: mypassword
ports:
- "8090:8080"
expose:
- "8090"
healthcheck:
test: "exit 0"
depends_on:
keycloak-postgres:
condition: service_healthy
networks:
- astro_network
astro-orb:
image: astromyllc/astro-orb:0.001
container_name: astro-orb
pull_policy: always
ports:
- "7013:7013"
expose:
- "7013"
environment:
- SPRING_PROFILES_ACTIVE=docker
healthcheck:
test: "exit 0"
depends_on:
keycloak:
condition: service_healthy
discovery-server:
condition: service_healthy
astro-api-gateway:
condition: service_healthy
zipkin:
condition: service_healthy
networks:
- astro_network
networks:
astro_network:
driver: bridge
当我从 docker 运行 keycloak 并从 IDE 运行 spring boot 应用程序时,这才有效。 但是将两者部署到 docker 后我收到此错误
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'userController': Unsatisfied dependency expressed through field 'authorizedClientService': Error creating bean with name 'authorizedClientService' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.class]: Unsatisfied dependency expressed through method 'authorizedClientService' parameter 0: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception with message: Unable to resolve Configuration with the provided Issuer of "http://localhost:8090/realms/ShootingStar"
.
.
.
.
... 47 common frames omitted
2024-01-22 01:13:14 Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://localhost:8090/realms/ShootingStar"
.
.
.
... 48 common frames omitted
2024-01-22 01:13:14 Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://localhost:8090/realms/ShootingStar/.well-known/openid-configuration": Connection refused
请问我该如何解决这个问题。已经好几天了,我没有取得任何进展
我尝试使用keycloak的docker IP。 当我使用keycloak的docker端口(8080)时,spring应用程序运行,但我无法从本地浏览器访问它。 我尝试在发行者 uri 中使用容器名称(即 keycloak)。
localhost
时,它会尝试连接到自身(因为在其容器内,localhost
指的是容器本身,而不是您的主机)。相反,请使用 Docker Compose 文件中定义的服务名称(在您的情况下,它似乎是 keycloak
)作为主机名。将 Spring Boot 应用程序配置中的颁发者 URI 更新为:
issuer-uri: "http://keycloak:8080/realms/myRealm"
此更改告诉您的应用程序连接到 Docker 内部网络上的
keycloak
服务。
您已将 Keycloak 端口映射到主机上的
8090
。这对于从主机浏览器访问 Keycloak 是正确的。但是,在 Docker 网络内(容器之间),您应该使用 Keycloak 侦听的内部端口,通常是 8080
。
您已定义自定义网络
astro_network
。确保所有相关服务都附加到该网络,以便它们进行内部通信。