Spring Boot应用集成Keycloak

Keycloak后台配置

创建角色、用户，并进行绑定
创建用户admin及角色ROLE_ADMIN

创建一个简单的springboot项目
pom文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.5.0</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.zzu</groupId>
	<artifactId>securityKeycloak</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>securityKeycloak</name>
	<description>Demo project for Spring Boot</description>
	<properties>
		<java.version>11</java.version>
		<keycloak.version>12.0.4</keycloak.version>
		<oauth2-autoconfigure.version>2.1.6.RELEASE</oauth2-autoconfigure.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
			<exclusions>
				<exclusion>
					<groupId>org.junit.vintage</groupId>
					<artifactId>junit-vintage-engine</artifactId>
				</exclusion>
			</exclusions>
		</dependency>

		<dependency>
			<groupId>org.keycloak</groupId>
			<artifactId>keycloak-spring-boot-starter</artifactId>
			<version>${keycloak.version}</version>
		</dependency>

	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.keycloak.bom</groupId>
				<artifactId>keycloak-adapter-bom</artifactId>
				<version>${keycloak.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
</project>

application.yml

spring:
  application:
    name: keycloakDemo
server:
  port: 8082
keycloak:
  # keycloak中的realm
  realm: iam
  # keycloak的地址
  auth-server-url: http://10.107.42.181:8080/auth
  # client ID
  resource: iam-test
  ssl-required: external
  credentials:
    secret: e6feaf0d-6460-4b1a-a7c6-532f83805d39
  # 使用realm级别还是应用级别的角色控制
  use-resource-role-mappings: false
  # 应用的Keycloak访问类型是bearer-only设置为true，否则设为false
  bearer-only: false
  # 应用同时提供web页面跟Restful API服务时需设置为true，Keycloak会根据请求的方式，将未通过认证的请求重定向到登录页或者直接返回401状态码
  autodetect-bearer-only: true
  # 安全约束
  security-constraints:
    - authRoles:
        - ROLE_CUSTOMER
      securityCollections:
        - name: customer
          patterns:
            - /customer
    - authRoles:
        - ROLE_ADMIN
      securityCollections:
        # 以下路径需要demoUser角色才能访问
        - name: admin
          patterns:
            - /demo/getValue

测试HelloController

package com.zzu.securityKeycloak;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;


@RestController
@RequestMapping("/demo")
public class HelloController {
    @GetMapping("getValue")
    public String getValue(){
        return "Hello Keycloak!";
    }

}

启动访问ip:8082/demo/getValue会跳转keycloak登录页