springboot的shiro和keycloak整合
时间: 2023-06-21 13:23:29 浏览: 533
Spring Boot 的 Shiro 和 Keycloak 可以实现身份认证和授权。下面是一个简单的步骤:
1. 在 pom.xml 文件中添加 Shiro 和 Keycloak 依赖:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.5.3</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${keycloak.version}</version>
</dependency>
```
2. 在 application.properties 文件中添加 Shiro 和 Keycloak 配置:
```properties
# Shiro 配置
shiro.loginUrl=/login
shiro.successUrl=/
shiro.unauthorizedUrl=/403
# Keycloak 配置
keycloak.realm=your-realm
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=your-client-id
keycloak.credentials.secret=your-client-secret
```
3. 创建一个 Shiro 配置类:
```java
@Configuration
public class ShiroConfig {
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(shiroRealm());
return securityManager;
}
@Bean
public ShiroRealm shiroRealm() {
return new ShiroRealm();
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
}
```
4. 创建一个 Shiro Realm:
```java
public class ShiroRealm extends AuthorizingRealm {
@Autowired
private KeycloakSecurityContext securityContext;
@Autowired
private KeycloakPrincipalExtractor principalExtractor;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRoles(principalExtractor.extractRoles(securityContext));
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
KeycloakAuthenticationToken keycloakToken = (KeycloakAuthenticationToken) token;
KeycloakPrincipal principal = (KeycloakPrincipal) keycloakToken.getPrincipal();
User user = principalExtractor.extractUser(principal);
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, token.getCredentials(), getName());
return authenticationInfo;
}
}
```
5. 创建一个 Keycloak Principal Extractor:
```java
@Component
public class KeycloakPrincipalExtractor {
public User extractUser(KeycloakPrincipal<KeycloakSecurityContext> principal) {
User user = new User();
user.setUsername(principal.getName());
return user;
}
public Set<String> extractRoles(KeycloakSecurityContext securityContext) {
AccessToken accessToken = securityContext.getToken();
return accessToken.getRealmAccess().getRoles();
}
}
```
6. 创建一个 Controller:
```java
@Controller
public class HomeController {
@GetMapping("/")
public String home() {
return "home";
}
@GetMapping("/admin")
public String admin() {
return "admin";
}
@GetMapping("/login")
public String login() {
return "login";
}
}
```
现在,当用户访问 /admin 路径时,只有拥有 admin 角色的用户才能访问该路径。用户可以通过 /login 路径进行身份验证。
阅读全文