jhipster/spring keycloak 集成 - 设置自定义 redirect_uri
jhipster/spring keycloak integration - setting custom redirect_uri
我有一个 spring / jhipster 应用程序,带有一个用于登录 keycloak 的按钮。当我单击登录按钮时,它会将我带到 keycloak,URL 看起来像
https://keycloak.mydomain.com/auth/realms/my-realm/protocol/openid-connect/auth?response_type=code&client_id=myclient&redirect_uri=http://localhost:8080/login/oauth2/code/oidc
所以在上面,我想将 redirect_uri=http://localhost:8080/login/oauth2/code/oidc 更改为其他内容。
所以我在 src/main/java/../config/AuthorizationServerConfig.java:
添加了下面的代码
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("myclient")
.secret(passwordEncoder().encode("mysecret"))
.scopes("resource:read")
.authorizedGrantTypes("authorization_code")
.redirectUris("https://new-url-I-want.com");
}
}
但即使进行了上述更改,redirect_uri 也没有任何变化。有人知道这是为什么吗?
以及有关我进行这些更改的原因的更多信息:
通过 OIDC 的授权代码流,服务提供商(在本例中为我的网站)向身份提供商 (Keycloak) 提供 URI,以便在成功验证后将用户重定向回。但是,根据 Spring 文档,"With the default configuration, while the Authorization Code Flow is technically allowed, it is not completely configured":
https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/html5/#oauth2-boot-authorization-server-authorization-code-grant
文档继续说明 "OAuth2 Boot does not support configuring a redirect URI as a property — say, alongside client-id and client-secret." 所以,
"To add a redirect URI, you need to specify the client by using either InMemoryClientDetailsService or JdbcClientDetailsService":
https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/html5/#registering-a-redirect-uri-with-the-client
您可以通过添加以下 属性 和 src/main/resources/config/application.yml
来添加另一个重定向 uri
security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/auth/realms/jhipster
registration:
oidc:
client-id: web_app
client-secret: web_app
redirect-uri: http://localhost:8080/my-custom-redirect
此外,您必须在 SecurityConfiguration 中为 oauth2 登录配置自定义重定向 uri,如下所示
...
.and()
.oauth2Login()
.redirectionEndpoint()
.baseUri("/my-custom-redirect")
.and()
.and()
.oauth2ResourceServer()
...
在方法中添加以下几行SecurityConfiguration.configure
.and()
.oauth2Login()
.defaultSuccessUrl("/url_to_redirect")
即:
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ...
@Override
public void configure(WebSecurity web) { ... }
@Override
public void configure(HttpSecurity http) throws Exception {
...
.and()
.authorizeRequests()
.antMatchers("/api/auth-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/info").permitAll()
.antMatchers("/management/prometheus").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.and()
.oauth2Login()
.defaultSuccessUrl("/url_to_redirect") // <--- HERE
}
我有一个 spring / jhipster 应用程序,带有一个用于登录 keycloak 的按钮。当我单击登录按钮时,它会将我带到 keycloak,URL 看起来像
https://keycloak.mydomain.com/auth/realms/my-realm/protocol/openid-connect/auth?response_type=code&client_id=myclient&redirect_uri=http://localhost:8080/login/oauth2/code/oidc
所以在上面,我想将 redirect_uri=http://localhost:8080/login/oauth2/code/oidc 更改为其他内容。
所以我在 src/main/java/../config/AuthorizationServerConfig.java:
添加了下面的代码@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("myclient")
.secret(passwordEncoder().encode("mysecret"))
.scopes("resource:read")
.authorizedGrantTypes("authorization_code")
.redirectUris("https://new-url-I-want.com");
}
}
但即使进行了上述更改,redirect_uri 也没有任何变化。有人知道这是为什么吗?
以及有关我进行这些更改的原因的更多信息:
通过 OIDC 的授权代码流,服务提供商(在本例中为我的网站)向身份提供商 (Keycloak) 提供 URI,以便在成功验证后将用户重定向回。但是,根据 Spring 文档,"With the default configuration, while the Authorization Code Flow is technically allowed, it is not completely configured": https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/html5/#oauth2-boot-authorization-server-authorization-code-grant
文档继续说明 "OAuth2 Boot does not support configuring a redirect URI as a property — say, alongside client-id and client-secret." 所以,
"To add a redirect URI, you need to specify the client by using either InMemoryClientDetailsService or JdbcClientDetailsService":
https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/html5/#registering-a-redirect-uri-with-the-client
您可以通过添加以下 属性 和 src/main/resources/config/application.yml
来添加另一个重定向 uri security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/auth/realms/jhipster
registration:
oidc:
client-id: web_app
client-secret: web_app
redirect-uri: http://localhost:8080/my-custom-redirect
此外,您必须在 SecurityConfiguration 中为 oauth2 登录配置自定义重定向 uri,如下所示
...
.and()
.oauth2Login()
.redirectionEndpoint()
.baseUri("/my-custom-redirect")
.and()
.and()
.oauth2ResourceServer()
...
在方法中添加以下几行SecurityConfiguration.configure
.and()
.oauth2Login()
.defaultSuccessUrl("/url_to_redirect")
即:
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ...
@Override
public void configure(WebSecurity web) { ... }
@Override
public void configure(HttpSecurity http) throws Exception {
...
.and()
.authorizeRequests()
.antMatchers("/api/auth-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/info").permitAll()
.antMatchers("/management/prometheus").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.and()
.oauth2Login()
.defaultSuccessUrl("/url_to_redirect") // <--- HERE
}