我正在尝试构建应用程序,其中我使用Keycloak配置和spring安全与spring云网关一切工作正常,但当我试图注销它不工作。
Spring安全配置如下:
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://localhost:8280/auth/realms/Default
user-name-attribute: preferred_username
authorization-grant-type: authorization_code
registration:
keycloak:
client-id: Default123
client-secret: Wk79csSdfgdffomzVX2nTlb2boYT9NrW
redirect-uri: http://localhost:9000/login/oauth2/code/keycloak
scope: openid
ANd Security Config文件如下:
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Bean
@ConditionalOnMissingBean(HttpSessionManager.class)
protected HttpSessionManager httpSessionManager() {
return new HttpSessionManager();
}
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
@Bean
public ServerLogoutSuccessHandler keycloakLogoutSuccessHandler(ReactiveClientRegistrationRepository repository) {
OidcClientInitiatedServerLogoutSuccessHandler successHandler = new OidcClientInitiatedServerLogoutSuccessHandler(repository);
successHandler.setPostLogoutRedirectUri("http://localhost:9000/app/logout");
return successHandler;
}
private ServerLogoutHandler logoutHandler() {
return new DelegatingServerLogoutHandler(new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler());
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ServerLogoutSuccessHandler handler) {
// Authenticate through configured OpenID Provider
http.authorizeExchange()
.pathMatchers("/app/logout").permitAll()
.pathMatchers("/app/").authenticated().and().cors().and().oauth2Login();
// Also logout at the OpenID Connect provider
http.logout(logout -> logout.logoutHandler(logoutHandler()).logoutSuccessHandler(handler));
// Require authentication for all requests
http.authorizeExchange().anyExchange().authenticated();
// Allow showing /home within a frame
http.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
http.csrf().disable();
return http.build();
}
}
我不知道为什么不登录出我们缺少的配置。请帮助。
如果我理解正确的话,您想要配置标准的注销url。
我也遇到过这个问题,找到了这样的解决方法:
// you need to add it to your SecurityWebFilterChain ServerHttpSecurity http configuration
// this logoutSuccessHandler allows redirection after success logout to "/v1/logout/success"
// you also need to provide @Controller which will return some response on it
http.logout(logout -> logout
.logoutSuccessHandler((exchange, authentication) -> {
ServerHttpResponse response = exchange.getExchange().getResponse();
response.setStatusCode(HttpStatus.FOUND);
response.getHeaders().setLocation(URI.create("/v1/logout/success"));
response.getCookies().remove("JSESSIONID");
return exchange.getExchange().getSession()
.flatMap(WebSession::invalidate);
})
// this allows to proceed logout via GET request to "/v1/logout"
.requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/v1/logout")));
基于冠词的组合:Spring Security WebFlux注销如何在SpringBoot WebFlux中使用GET请求登出
实际上我花了几个小时和很多尝试来实现这个工作))
但是这只为您的Spring Gateway应用程序提供注销,而不为Keycloak服务器提供注销。
如果您需要从Keycloak服务器注销,您需要实现ServerLogoutHandler并覆盖它的注销方法,并将其传递给您的ServerHttpSecurity http.logoutHandler()