Spring Security 5 OAuth2 App with Keycloak 17 在 Docker 容器中 运行 时获得 "Connection Refused" docker-compose
Spring Security 5 OAuth2 App with Keycloack 17 gets "Connection Refused" when run in Docker container with docker-compose
我有一个超级简单的 Spring 启动应用程序 Spring Security 5,它在 Docker.[=20 中使用 Keycloak 17 实例 运行ning 通过 OAuth2 进行身份验证=]
当我从 Intellij 本地启动应用程序时一切正常。
但是当我 运行 来自 Docker 容器的应用程序时 docker-compose 我得到:
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "http://localhost:80/realms/Demo/protocol/openid-connect/token": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
当我在 keycloak 登录页面上输入凭据时。但是在 keycloak 中为该用户创建了一个会话。
系统:
- 装有 Monteray 12.0.1 的 MacBook
- Docker 桌面 4.5 与 Kubernetes 1.22.5
docker-compose.yml
version: '3.9'
networks:
network_keycloak_postgres_app:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
volumes:
keycloak_postgres_data:
driver: local
services:
postgres:
container_name: postgres
image: postgres
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak_db_admin
POSTGRES_PASSWORD: keycloak_db_password
ports:
- "5432:5432"
networks:
- network_keycloak_postgres_app
keycloak:
container_name: keycloak
hostname: keycloak
image: quay.io/keycloak/keycloak:17.0.0
command: ["start-dev", "--log-level=debug"]
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: change_me
KC_DB: postgres
KC_DB_USERNAME: keycloak_db_admin
KC_CACHE: local
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_PASSWORD: keycloak_db_password
ports:
- "80:8080"
- "443:8443"
depends_on:
- postgres
networks:
- network_keycloak_postgres_app
demo_app:
container_name: demo_app
hostname: demoapp
build:
context: ../
dockerfile: Dockerfile
environment:
SPRING_PROFILES_ACTIVE: default
ports:
- "4242:4242"
depends_on:
- keycloak
networks:
- network_keycloak_postgres_app
Docker文件(确保 运行 'mvn clean package' 在构建之前)
FROM openjdk:11.0.11-jre-slim
COPY ./target/demo-0.0.1-SNAPSHOT.jar /usr/local/lib/demo.jar
EXPOSE 4242
ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"]
application.yml
server:
port: 4242
logging:
level:
root: DEBUG
org.springframework.web: DEBUG
org.springframework.security: DEBUG
# org.springframework.boot.autoconfigure: DEBUG
spring:
thymeleaf:
cache: false
security:
oauth2:
client:
registration:
keycloak:
client-id: demo-app
client-secret: 5cuxTUgiLJATP4pMpw7j8HZieekdOBsM
client-name: Keycloak
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
scope:
- openid
- profile
- email
provider:
keycloak:
authorization-uri: http://localhost:80/realms/Demo/protocol/openid-connect/auth
token-uri: http://localhost:80/realms/Demo/protocol/openid-connect/token
user-info-uri: http://localhost:80/realms/Demo/protocol/openid-connect/userinfo
jwk-set-uri: http://localhost:80/realms/Demo/protocol/openid-connect/certs
user-name-attribute: preferred_username
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.kressing</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>demo</name>
<description>Spring Security 5 OAuth2 Client and Keycloak sample</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我已经尝试过的:
- 为应用程序和 keycloak 容器提供主机名
- 运行在另一个 docker-compose
中安装应用程序容器
- 使用“http://${DOCKER_GATEWAY_HOST:-host.docker.internal}:8080”代替本地主机
- 使用其他 openjdk 映像构建
提前感谢您的任何提示和帮助!
现在可以了。我添加了一个 reverse-proxy 并将提供程序 url 的端口更改为内部 docker 端口。
我有一个超级简单的 Spring 启动应用程序 Spring Security 5,它在 Docker.[=20 中使用 Keycloak 17 实例 运行ning 通过 OAuth2 进行身份验证=]
当我从 Intellij 本地启动应用程序时一切正常。
但是当我 运行 来自 Docker 容器的应用程序时 docker-compose 我得到:
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "http://localhost:80/realms/Demo/protocol/openid-connect/token": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
当我在 keycloak 登录页面上输入凭据时。但是在 keycloak 中为该用户创建了一个会话。
系统:
- 装有 Monteray 12.0.1 的 MacBook
- Docker 桌面 4.5 与 Kubernetes 1.22.5
docker-compose.yml
version: '3.9'
networks:
network_keycloak_postgres_app:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
volumes:
keycloak_postgres_data:
driver: local
services:
postgres:
container_name: postgres
image: postgres
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak_db_admin
POSTGRES_PASSWORD: keycloak_db_password
ports:
- "5432:5432"
networks:
- network_keycloak_postgres_app
keycloak:
container_name: keycloak
hostname: keycloak
image: quay.io/keycloak/keycloak:17.0.0
command: ["start-dev", "--log-level=debug"]
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: change_me
KC_DB: postgres
KC_DB_USERNAME: keycloak_db_admin
KC_CACHE: local
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_PASSWORD: keycloak_db_password
ports:
- "80:8080"
- "443:8443"
depends_on:
- postgres
networks:
- network_keycloak_postgres_app
demo_app:
container_name: demo_app
hostname: demoapp
build:
context: ../
dockerfile: Dockerfile
environment:
SPRING_PROFILES_ACTIVE: default
ports:
- "4242:4242"
depends_on:
- keycloak
networks:
- network_keycloak_postgres_app
Docker文件(确保 运行 'mvn clean package' 在构建之前)
FROM openjdk:11.0.11-jre-slim
COPY ./target/demo-0.0.1-SNAPSHOT.jar /usr/local/lib/demo.jar
EXPOSE 4242
ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"]
application.yml
server:
port: 4242
logging:
level:
root: DEBUG
org.springframework.web: DEBUG
org.springframework.security: DEBUG
# org.springframework.boot.autoconfigure: DEBUG
spring:
thymeleaf:
cache: false
security:
oauth2:
client:
registration:
keycloak:
client-id: demo-app
client-secret: 5cuxTUgiLJATP4pMpw7j8HZieekdOBsM
client-name: Keycloak
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
scope:
- openid
- profile
- email
provider:
keycloak:
authorization-uri: http://localhost:80/realms/Demo/protocol/openid-connect/auth
token-uri: http://localhost:80/realms/Demo/protocol/openid-connect/token
user-info-uri: http://localhost:80/realms/Demo/protocol/openid-connect/userinfo
jwk-set-uri: http://localhost:80/realms/Demo/protocol/openid-connect/certs
user-name-attribute: preferred_username
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.kressing</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>demo</name>
<description>Spring Security 5 OAuth2 Client and Keycloak sample</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我已经尝试过的:
- 为应用程序和 keycloak 容器提供主机名
- 运行在另一个 docker-compose 中安装应用程序容器
- 使用“http://${DOCKER_GATEWAY_HOST:-host.docker.internal}:8080”代替本地主机
- 使用其他 openjdk 映像构建
提前感谢您的任何提示和帮助!
现在可以了。我添加了一个 reverse-proxy 并将提供程序 url 的端口更改为内部 docker 端口。