我有一个配置了Keycloak适配器的Spring项目,并注意到它为每个请求加载了openid配置。是否有任何机制可以缓存此配置,或者为什么会发生这种情况?
无法理解这种行为,Keycloak Docs 对此一无所知。正如我看到的源代码,它在创建KeycloakDeployment对象时解析了此配置,因此每次请求出现时都会创建一个新的KeycloakDeployment对象(请参阅: Keycloak适配器源(
这是日志:
2020-06-25 08:31:36.103 INFO 1 --- [io-8080-exec-10] o.keycloak.adapters.KeycloakDeployment : Loaded URLs from https://mykeyloak.com/auth/realms/myrealm/.well-known/openid-configuration
这是我的Keycloak适配器配置:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
private KeycloakProperties keycloakProperties;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public AdapterConfig adapterConfig() {
AdapterConfig adapterConfig = new AdapterConfig();
adapterConfig.setRealm(keycloakProperties.getRealm());
adapterConfig.setResource(keycloakProperties.getResource());
adapterConfig.setAuthServerUrl(keycloakProperties.getAuthServerUrl());
adapterConfig.setSslRequired(keycloakProperties.getSslRequired());
adapterConfig.setBearerOnly(keycloakProperties.getBearerOnly());
adapterConfig.setCredentials(keycloakProperties.getCredentials());
adapterConfig.setCors(keycloakProperties.getEnableCors());
adapterConfig.setUseResourceRoleMappings(keycloakProperties.getUseResourceRoleMappings());
return adapterConfig;
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver(AdapterConfig adapterConfig) {
return new KeycloakConfigResolver() {
@Override
public KeycloakDeployment resolve(HttpFacade.Request request) {
return KeycloakDeploymentBuilder.build(adapterConfig);
}
};
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.anyRequest().permitAll();
}
@Autowired
public void setKeycloakProperties(KeycloakProperties keycloakProperties) {
this.keycloakProperties = keycloakProperties;
}
}
钥匙斗篷属性:
keycloak.realm=myrealm
keycloak.resource=myclient
keycloak.auth-server-url=https://mykeycloak.com/auth
keycloak.ssl-required=external
keycloak.bearer-only=true
keycloak.credentials={}
keycloak.enable-cors=true
keycloak.use-resource-role-mappings=false
我必须注册KeycloakDeployment bean并从KeycloakConfigResolver solver解析方法返回它。
@Bean
public KeycloakDeployment keycloakDeployment(AdapterConfig adapterConfig) {
return KeycloakDeploymentBuilder.build(adapterConfig);
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver(KeycloakDeployment keycloakDeployment) {
return request -> keycloakDeployment;
}