Java.net.ConnectException:Keycloak 的客户端在 Auth 路由时在 Docker 上被拒绝连接
Java.net.ConnectException: Keycloak's Client gets Connection refused on Docker while Auth routing
如果我有一个 Keycloak 服务器 运行ning 在本地 docker 桌面和一个客户端应用程序 运行ning 在本地(非 dockerized 场景), 效果很好。
如果我在本地 docker 桌面上有 Keycloak 服务器和客户端应用程序 运行ning,它会抛出
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at com.mysql.jdbc@8.0.22//com.mysql.cj.protocol.StandardSocketFactory.connect(StandardSocketFactory.java:155)
at com.mysql.jdbc@8.0.22//com.mysql.cj.protocol.a.NativeSocketConnection.connect(NativeSocketConnection.java:63)
... 64 more
如果我 运行 我的客户端应用程序在本地(非 docker 化)环境中并指向云实例的 docker 化 keycloak 服务器,我得到以下信息错误。
2022-02-18 12:59:55.039 WARN 1192 --- [nio-8080-exec-7] o.keycloak.adapters.KeycloakDeployment : Failed to load URLs from http://XXXX.CLOUD.XXXX:8180/auth/realms/SampleKeycloakApp/.well-known/openid-configuration
java.lang.Exception: Forbidden
at org.keycloak.adapters.KeycloakDeployment.getOidcConfiguration(KeycloakDeployment.java:233) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.KeycloakDeployment.resolveUrls(KeycloakDeployment.java:182) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.KeycloakDeployment.getAuthUrl(KeycloakDeployment.java:251) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.getRedirectUri(OAuthRequestAuthenticator.java:175) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.loginRedirect(OAuthRequestAuthenticator.java:213) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:275) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:138) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:154) ~[keycloak-spring-security-adapter-16.1.1.jar!/:16.1.1]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:96) ~[keycloak-spring-security-adapter-16.1.1.jar!/:16.1.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar!/:5.1.10.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar!/:5.1.10.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
分享 docker-compose 文件以供参考,当我 运行 docker 中的两个服务时。
version: "3"
services: springboot:
build: .
container_name: springboot
ports:
- 8081:8081
restart: always
depends_on:
- db
- keycloak
environment:
SPRING_DATASOURCE_URL: jdbc:mysql://db:3306/todolist
SPRING_DATASOURCE_USERNAME: admin
SPRING_DATASOURCE_PASSWORD: admin
KEYCLOAK_URI: https://keycloak:8443/auth
REALM: SpringBootKeycloakApp
networks:
- common-network keycloak:
image: jboss/keycloak:14.0.0
container_name: keycloak
ports:
- "8180:8180"
- "8443:8443"
command: ["-Djboss.socket.binding.port-offset=100"]
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
DB_SCHEMA: public
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
depends_on:
- postgres
networks:
- common-network db:
image: mysql:5.7
ports:
- "3307:3306"
restart: always
environment:
MYSQL_DATABASE: todolist
MYSQL_USER: admin
MYSQL_PASSWORD: admin
MYSQL_ROOT_PASSWORD: root
volumes:
- db-data:/var/lib/mysql
networks:
- common-network postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- common-network networks: common-network:
driver: bridge
volumes:
db-data:
driver: local
postgres_data:
driver: local
并且当我 运行 客户端应用程序在非 docker 环境中分开时,我 运行 它与 java -jar ClientApp.jar
当我在 docker 环境中单独 运行 客户端应用程序时,我使用以下 Dockerfile
FROM adoptopenjdk/openjdk11:latest
ARG JAR_FILE=./build/libs/*.jar
COPY ${JAR_FILE} ClientApp.jar
EXPOSE 8081
ENTRYPOINT ["java", "-jar", "ClientApp.jar"]
我很乐意了解这背后的真正根本原因,运行 docker 化云实例中的 keycloak 服务器和客户端应用程序没有任何问题。谢谢
如果你在云端同时使用keycloak服务器和客户端,使用ssl-required=none
keycloak.ssl-required=none
如果您在本地主机中同时使用 keycloak 服务器和客户端,请使用 ssl-required=external
keycloak.ssl-required=external
如果我有一个 Keycloak 服务器 运行ning 在本地 docker 桌面和一个客户端应用程序 运行ning 在本地(非 dockerized 场景), 效果很好。
如果我在本地 docker 桌面上有 Keycloak 服务器和客户端应用程序 运行ning,它会抛出
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at com.mysql.jdbc@8.0.22//com.mysql.cj.protocol.StandardSocketFactory.connect(StandardSocketFactory.java:155)
at com.mysql.jdbc@8.0.22//com.mysql.cj.protocol.a.NativeSocketConnection.connect(NativeSocketConnection.java:63)
... 64 more
如果我 运行 我的客户端应用程序在本地(非 docker 化)环境中并指向云实例的 docker 化 keycloak 服务器,我得到以下信息错误。
2022-02-18 12:59:55.039 WARN 1192 --- [nio-8080-exec-7] o.keycloak.adapters.KeycloakDeployment : Failed to load URLs from http://XXXX.CLOUD.XXXX:8180/auth/realms/SampleKeycloakApp/.well-known/openid-configuration
java.lang.Exception: Forbidden
at org.keycloak.adapters.KeycloakDeployment.getOidcConfiguration(KeycloakDeployment.java:233) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.KeycloakDeployment.resolveUrls(KeycloakDeployment.java:182) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.KeycloakDeployment.getAuthUrl(KeycloakDeployment.java:251) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.getRedirectUri(OAuthRequestAuthenticator.java:175) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.loginRedirect(OAuthRequestAuthenticator.java:213) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:275) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:138) ~[keycloak-adapter-core-16.1.1.jar!/:16.1.1]
at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:154) ~[keycloak-spring-security-adapter-16.1.1.jar!/:16.1.1]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:96) ~[keycloak-spring-security-adapter-16.1.1.jar!/:16.1.1]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar!/:5.1.10.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.1.10.RELEASE.jar!/:5.1.10.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
分享 docker-compose 文件以供参考,当我 运行 docker 中的两个服务时。
version: "3"
services: springboot:
build: .
container_name: springboot
ports:
- 8081:8081
restart: always
depends_on:
- db
- keycloak
environment:
SPRING_DATASOURCE_URL: jdbc:mysql://db:3306/todolist
SPRING_DATASOURCE_USERNAME: admin
SPRING_DATASOURCE_PASSWORD: admin
KEYCLOAK_URI: https://keycloak:8443/auth
REALM: SpringBootKeycloakApp
networks:
- common-network keycloak:
image: jboss/keycloak:14.0.0
container_name: keycloak
ports:
- "8180:8180"
- "8443:8443"
command: ["-Djboss.socket.binding.port-offset=100"]
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
DB_SCHEMA: public
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
depends_on:
- postgres
networks:
- common-network db:
image: mysql:5.7
ports:
- "3307:3306"
restart: always
environment:
MYSQL_DATABASE: todolist
MYSQL_USER: admin
MYSQL_PASSWORD: admin
MYSQL_ROOT_PASSWORD: root
volumes:
- db-data:/var/lib/mysql
networks:
- common-network postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- common-network networks: common-network:
driver: bridge
volumes:
db-data:
driver: local
postgres_data:
driver: local
并且当我 运行 客户端应用程序在非 docker 环境中分开时,我 运行 它与 java -jar ClientApp.jar
当我在 docker 环境中单独 运行 客户端应用程序时,我使用以下 Dockerfile
FROM adoptopenjdk/openjdk11:latest
ARG JAR_FILE=./build/libs/*.jar
COPY ${JAR_FILE} ClientApp.jar
EXPOSE 8081
ENTRYPOINT ["java", "-jar", "ClientApp.jar"]
我很乐意了解这背后的真正根本原因,运行 docker 化云实例中的 keycloak 服务器和客户端应用程序没有任何问题。谢谢
如果你在云端同时使用keycloak服务器和客户端,使用ssl-required=none
keycloak.ssl-required=none
如果您在本地主机中同时使用 keycloak 服务器和客户端,请使用 ssl-required=external
keycloak.ssl-required=external