Spring Boot集成Keycloak

前言

本文参考A Quick Guide to Using Keycloak with Spring Boot，整理实战中遇到的问题。

Docker 安装 Keycloak

下载镜像

quay下载镜像

docker pull quay.io/keycloak/keycloak

失败的话，可再次尝试。

启动keycloak

docker run -p 6060:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:latest

端口根据实际做映射。

官方是：docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:9.0.2

目前最新版本是9.0.2，建议直接换成：latest，自动拉取最新的镜像。

启动成功：

本例是在本地环境启动，若在生产环境启动，需要开启SSL。

Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they will not be allowed to interact with the server.

登陆

http://localhost:6060/auth

点击Administration Console

用户名：admin
密码：admin

Keycloak配置

参考A Quick Guide to Using Keycloak with Spring Boot，一样的配置就行。

Spring Boot应用启动

下载源码

下载源码

更改配置

keycloak.auth-server-url=http://localhost:6060/auth

keycloak.realm=SpringBootKeycloak
keycloak.resource=login-app
keycloak.public-client=true
keycloak.security-constraints[0].authRoles[0]=user
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/customers/*

更改依赖

源码的部分依赖，拉取不到。

移除parent

    <parent><groupId>com.baeldung</groupId><artifactId>parent-boot-1</artifactId><version>0.0.1-SNAPSHOT</version><relativePath>../../parent-boot-1</relativePath></parent>

增加dependencyManagement

    <properties><spring-boot.version>1.5.22.RELEASE</spring-boot.version></properties><dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>${spring-boot.version}</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement>

增加dependency

        <dependency><groupId>javax.xml.bind</groupId><artifactId>jaxb-api</artifactId><version>2.3.0</version></dependency><dependency><groupId>org.keycloak</groupId><artifactId>keycloak-spring-boot-starter</artifactId><version>3.3.0.Final</version></dependency>

增加maven-compiler-plugin

    <build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><configuration><source>10</source><target>10</target></configuration></plugin></plugins></build>

启动

23:37:26.668 [main] INFO  o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
23:37:26.681 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8081"]
23:37:26.689 [main] INFO  o.a.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
23:37:26.701 [main] INFO  o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8081 (http)
23:37:26.735 [main] INFO  com.baeldung.keycloak.SpringBoot - Started SpringBoot in 4.541 seconds (JVM running for 10.586)

访问

http://localhost:8081/

点击customers,登陆，获取列表

用户名：user1
密码：xsw2@WSX

参考

Keycloak on Docker

A Quick Guide to Using Keycloak with Spring Boot

spring-boot-keycloak