我已经整合了keycloak与传统的春季应用程序。我已将keycloak spring安全适配器添加到我的pom.xml文件并添加了安全配置。完成所有工作后,我可以在没有令牌的情况下访问其余的api。我如何解决这个问题?春季安全休息api没有安全keycouak
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
{
/**
* Registers the KeycloakAuthenticationProvider with the authentication manager.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/school-admin*").hasRole("ADMIN")
.anyRequest().permitAll();
}
}
keycloak.json
{
"realm": "appscook",
"bearer-only": true,
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "ssd-backend"
}
阿比
@RequestMapping(value="/hello",method=RequestMethod.GET)
@ResponseBody
public String getStandards(){
return "hello";
}
“/你好”是类级别的请求映射的内部“/学校管理员*” – boycod3
?你尝试用*前“/学校管理员/ *” –
添加斜线我试过了。 – boycod3