我的 Ubuntu 服务器上的 Keycloak 有问题。注册和登录工作正常。但是当我尝试通过用户持有者令牌向 spring 应用程序发出任何请求时,keycloak 在 Swagger 中返回我 500 - 内部服务器错误。(本地主机上的所有内容都很好!
当我尝试通过持有者令牌发出任何请求时的应用程序日志:
dictionary_app_prod | java.lang.NullPointerException: null
dictionary_app_prod | at java.net.URI$Parser.parse(URI.java:3042) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.<init>(URI.java:588) ~[na:1.8.0_212]
dictionary_app_prod | at java.net.URI.create(URI.java:850) ~[na:1.8.0_212]
dictionary_app_prod | at org.apache.http.client.methods.HttpGet.<init>(HttpGet.java:66) ~[httpclient-4.5.8.jar!/:4.5.8]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:97) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
dictionary_app_prod | at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) ~[keycloak-adapter-core-4.8.3.Final.jar!/:4.8.3.Final]
我的码头工人撰写文件:
volumes:
mysql-data:
driver: local
mysql-log:
driver: local
mysql-conf:
driver: local
postgres_data:
driver: local
mysql_data:
driver: local
services:
dictionary_app_prod:
container_name: dictionary_app_prod
build:
context: .
dockerfile: Dockerfile
restart: always
ports:
- 8888:8082
depends_on:
- "dictionary_app_prod_mysql_test" # This service depends on mysql. Start that first.
- "dictionary_app_prod_mongo"
- "dictionary_app_prod_keycloak"
environment:
SPRING_DATASOURCE_URL: jdbc:mysql://dictionary_app_prod_mysql_test:3306/general?useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false&allowPublicKeyRetrieval=true
SPRING_DATA_MONGODB_URI: mongodb://springboot-mongo:27017/mongodb
dictionary_app_prod_mysql_test:
image: mysql:5.7
volumes:
- "mysql-data:/var/lib/mysql"
- "mysql-log:/var/log/mysql"
- "mysql-conf:/etc/mysql/conf.d"
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: general
MYSQL_USER: root
MYSQL_PASSWORD: root
dictionary_app_prod_mongo:
image: mongo
container_name: springboot-mongo
ports:
- 27017:27017
volumes:
- $HOME/data/springboot-mongo-data:/data/db
- $HOME/data/springboot-mongo-bkp:/data/bkp
restart: always
dictionary_app_prod_keycloak:
image: jboss/keycloak
environment:
DB_VENDOR: MYSQL
DB_ADDR: dictionary_app_prod_mysql_test
DB_DATABASE: general
DB_USER: root
DB_PASSWORD: root
KEYCLOAK_USER: test
KEYCLOAK_PASSWORD: test
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
JDBC_PARAMS: "useSSL=false"
ports:
- 8080:8080
depends_on:
- dictionary_app_prod_mysql_test
钥匙斗篷配置:
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakSecurityComponents;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
class KeycloakConfig extends KeycloakWebSecurityConfigurerAdapter {
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable()
.sessionManagement()
.and()
.authorizeRequests()
//.antMatchers("/admin/**").hasRole("ADMIN")
//.antMatchers("/library/**").hasRole("USER")
.anyRequest().permitAll();
}
}
应用程序属性:
keycloak.auth-server-url=http://dictionary_app_prod_keycloak:8080/auth
keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
keycloak.use-resource-role-mappings=true
就我而言,我只是决定直接在服务器上安装 Keycloak,而无需使用 Docker。现在一切正常。