从外部源向 Keycloak 身份验证添加其他角色

我想通过Keycloak对用户进行身份验证，但我需要向身份验证对象添加其他角色，即Spring Security使用的角色。添加角色保存在 Postgres 数据库中。

1. 我尝试使用自定义身份验证提供程序覆盖配置全局，但它不起作用。

   @Autowired
   public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
   ApplicationAuthenticationProvider provider = new ApplicationAuthenticationProvider();
   provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
   auth.authenticationProvider(provider);
   }
   

   @Component public class ApplicationAuthenticationProvider extensions KeycloakAuthenticationProvider {

   @Autowired
   private UserService userService;
   private GrantedAuthoritiesMapper grantedAuthoritiesMapper;
   public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
   this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
   }
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
   KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) authentication;
   List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
   String username = ((KeycloakAuthenticationToken) authentication)
   .getAccount().getKeycloakSecurityContext().getToken().getPreferredUsername();
   List<Role> roles = userService.findRoles(username);
   for (Role role : roles) {
   grantedAuthorities.add(new KeycloakRole(role.toString()));
   }
   return new KeycloakAuthenticationToken(token.getAccount(), token.isInteractive(), mapAuthorities(grantedAuthorities));
   }
   @Override
   public boolean supports(Class<?> authentication) {
   return authentication.equals(UsernamePasswordAuthenticationToken.class);
   }
   private Collection<? extends GrantedAuthority> mapAuthorities(
   Collection<? extends GrantedAuthority> authorities) {
   return grantedAuthoritiesMapper != null
   ? grantedAuthoritiesMapper.mapAuthorities(authorities)
   : authorities;
   }
   

   }

2. 尝试添加其他过滤器，但我不确定配置是否正确。

   @Bean

   @Override
   protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
   RequestMatcher requestMatcher =
   new OrRequestMatcher(
   new AntPathRequestMatcher("/api/login"),
   new QueryParamPresenceRequestMatcher(OAuth2Constants.ACCESS_TOKEN),
   // We're providing our own authorization header matcher
   new IgnoreKeycloakProcessingFilterRequestMatcher()
   );
   return new KeycloakAuthenticationProcessingFilter(authenticationManagerBean(), requestMatcher);
   }
   // Matches request with Authorization header which value doesn't start with "Basic " prefix
   private class IgnoreKeycloakProcessingFilterRequestMatcher implements RequestMatcher {
   IgnoreKeycloakProcessingFilterRequestMatcher() {
   }
   public boolean matches(HttpServletRequest request) {
   String authorizationHeaderValue = request.getHeader("Authorization");
   return authorizationHeaderValue != null && !authorizationHeaderValue.startsWith("Basic ");
   }
   

   }