百度站长工具怎么推广网站,网站链接可以自己做吗,网站图怎么做才能小而清晰,爱站工具包下载由于网上博客大部分都只有登陆没有退出#xff0c;自己花了一些时间研究了一下#xff0c;这里将相关内容进行记录#xff0c;基于Keyclaok 20的版本#xff0c;实现springboot服务单点登录与退出
一、依赖
!-- 在父工程中 --
dependencyManagementd…由于网上博客大部分都只有登陆没有退出自己花了一些时间研究了一下这里将相关内容进行记录基于Keyclaok 20的版本实现springboot服务单点登录与退出
一、依赖
!-- 在父工程中 --
dependencyManagementdependencies!-- 导入依赖 --dependencygroupIdorg.keycloak.bom/groupIdartifactIdkeycloak-adapter-bom/artifactIdversion22.0.1/versiontypepom/typescopeimport/scope/dependency/dependencies
/dependencyManagement!-- 在子工程中 --
dependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-security/artifactId/dependencydependencygroupIdorg.keycloak/groupIdartifactIdkeycloak-spring-boot-starter/artifactId/dependencydependencygroupIdorg.keycloak/groupIdartifactIdkeycloak-spring-security-adapter/artifactId/dependency
/dependencies
二、keycloak配置
这个是主要的用设置拦截器实现登陆与退出
package com.example.basic.conf;import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;KeycloakConfiguration
EnableGlobalMethodSecurity(prePostEnabled true)
public class KeycloakSecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {Autowiredpublic void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {KeycloakAuthenticationProvider keycloakAuthenticationProvider keycloakAuthenticationProvider();keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());auth.authenticationProvider(keycloakAuthenticationProvider);}BeanOverrideprotected SessionAuthenticationStrategy sessionAuthenticationStrategy() {return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());}Beanpublic org.keycloak.adapters.KeycloakConfigResolver KeycloakConfigResolver() {return new KeycloakSpringBootConfigResolver();}Overrideprotected void configure(HttpSecurity http) throws Exception {super.configure(http);http.logout()//拦截logout请求.logoutRequestMatcher(new AntPathRequestMatcher(/logout)).addLogoutHandler(keycloakLogoutHandler()).logoutSuccessHandler(logoutSuccessHandler()).deleteCookies(JSESSIONID).and()//设置哪些可以忽略掉授权.authorizeRequests().antMatchers(/user/login, /token/generate,/access/**, /js/**,/css/**,/fonts/**, /index.html, /error).permitAll()//除了上面忽略掉授权请求剩下所有必须经过授权才可以访问.antMatchers(/**).authenticated().and().cors().and().csrf().disable();}//处理logout自动跳转请求private LogoutSuccessHandler logoutSuccessHandler() {return new LogoutSuccessHandler() {Overridepublic void onLogoutSuccess(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse, Authentication authentication)throws IOException, ServletException {KeycloakAuthenticationToken keycloakAuthenticationToken (KeycloakAuthenticationToken)authentication;KeycloakSecurityContext keycloakSecurityContext keycloakAuthenticationToken.getAccount().getKeycloakSecurityContext();String idTokenHint keycloakSecurityContext.getIdTokenString();String issuer keycloakSecurityContext.getIdToken().getIssuer();String keycloakBaseUrl issuer /protocol/openid-connect/logout;String postLogoutRedirectUri httpServletRequest.getScheme() :// httpServletRequest.getHeader(host);String logoutUrl keycloakBaseUrl ?post_logout_redirect_uri postLogoutRedirectUri id_token_hint idTokenHint;// Do logout by redirecting to Keycloak logouthttpServletResponse.sendRedirect(logoutUrl);}};}
}
