当前位置: 首页 > news >正文

Springboot继承Keycloak实现单点登陆与退出

news 2025/7/29 4:15:55

由于网上博客大部分都只有登陆没有退出,自己花了一些时间研究了一下,这里将相关内容进行记录,基于Keyclaok 20的版本,实现springboot服务单点登录与退出

一、依赖

<!-- 在父工程中 -->
<dependencyManagement><dependencies><!-- 导入依赖 --><dependency><groupId>org.keycloak.bom</groupId><artifactId>keycloak-adapter-bom</artifactId><version>22.0.1</version><type>pom</type><scope>import</scope></dependency></dependencies>
</dependencyManagement><!-- 在子工程中 -->
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.keycloak</groupId><artifactId>keycloak-spring-boot-starter</artifactId></dependency><dependency><groupId>org.keycloak</groupId><artifactId>keycloak-spring-security-adapter</artifactId></dependency>
</dependencies>

二、keycloak配置

这个是主要的,用设置拦截器实现登陆与退出

package com.example.basic.conf;import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class KeycloakSecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {@Autowiredpublic void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());auth.authenticationProvider(keycloakAuthenticationProvider);}@Bean@Overrideprotected SessionAuthenticationStrategy sessionAuthenticationStrategy() {return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());}@Beanpublic org.keycloak.adapters.KeycloakConfigResolver KeycloakConfigResolver() {return new KeycloakSpringBootConfigResolver();}@Overrideprotected void configure(HttpSecurity http) throws Exception {super.configure(http);http.logout()//拦截logout请求.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).addLogoutHandler(keycloakLogoutHandler()).logoutSuccessHandler(logoutSuccessHandler()).deleteCookies("JSESSIONID").and()//设置哪些可以忽略掉授权.authorizeRequests().antMatchers("/user/login", "/token/generate","/access/**", "/js/**","/css/**","/fonts/**", "/index.html", "/error").permitAll()//除了上面忽略掉授权请求,剩下所有必须经过授权才可以访问.antMatchers("/**").authenticated().and().cors().and().csrf().disable();}//处理logout自动跳转请求private LogoutSuccessHandler logoutSuccessHandler() {return new LogoutSuccessHandler() {@Overridepublic void onLogoutSuccess(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse, Authentication authentication)throws IOException, ServletException {KeycloakAuthenticationToken keycloakAuthenticationToken = (KeycloakAuthenticationToken)authentication;KeycloakSecurityContext keycloakSecurityContext =keycloakAuthenticationToken.getAccount().getKeycloakSecurityContext();String idTokenHint = keycloakSecurityContext.getIdTokenString();String issuer = keycloakSecurityContext.getIdToken().getIssuer();String keycloakBaseUrl = issuer + "/protocol/openid-connect/logout";String postLogoutRedirectUri = httpServletRequest.getScheme() + "://" + httpServletRequest.getHeader("host");String logoutUrl = keycloakBaseUrl + "?post_logout_redirect_uri=" + postLogoutRedirectUri + "&id_token_hint=" + idTokenHint;// Do logout by redirecting to Keycloak logouthttpServletResponse.sendRedirect(logoutUrl);}};}
}

http://www.lryc.cn/news/139306.html

相关文章:

  • 天眼查接口 查询企业信息API 企查查接口
  • Linux 网络编程 和 字节序的概念
  • unet pytorch
  • 前置微小信号放大器的作用是什么
  • 一百六十五、Kettle——用海豚调度器调度Linux资源库中的kettle任务脚本(亲测、附流程截图)
  • xfs ext4 结合lvm 扩容、缩容 —— 筑梦之路
  • 如何修改由 img 标签引入的 svg 图片颜色 (react环境)
  • 归一化的作用,sklearn 安装
  • 半导体企业如何进行跨网数据传输,又能保护核心数据安全?
  • lvs-DR模式:
  • Delphi 开发手持机(android)打印机通用开发流程(举一反三)
  • nodejs替换模版中${}的内容
  • 【快速傅里叶变换(fft)和逆快速傅里叶变换】生成雷达接收到的经过多普勒频移的脉冲雷达信号(Matlab代码实现)
  • 嵌入式学习之linux
  • 自动驾驶合成数据科普一:不做真实数据的“颠覆者”,做“杠杆”
  • 云服务器 宝塔(每次更新)
  • 【学习FreeRTOS】第16章——FreeRTOS事件标志组
  • Echarts 柱状图的 itemStyle的normal中label如何format?
  • 我的笔记:数据体系规则
  • 苍穹外卖 day2 反向代理和负载均衡
  • 【SpringBoot】SpringBoot完整实现电子商务系统
  • RT-Thread 线程管理(学习二)
  • ESP32应用教程(1)— VL53L3CX距离传感器
  • Redis从基础到进阶篇(一)
  • postgresql的基本使用
  • ABC 258 G Triangle(bitset 优化)
  • 使用StreamLold写入 Starrocks报错:Caused by org
  • WX1860- ngbe-1.2.5 xdp程序在路由模式下,使用iperf工具测试数据包不转发,用jmeter可以
  • PHPStudy 安装tp8 php8.2.9 安装XDbug、redis扩展
  • 结构体指针和结构体数组指针