在使用keycloak集成springboot的过程中,对于需要授权访问的接口,它会跳到keycloak里进行登录,之前有个redirect_uri,登录成功后会跳回本客户端,而这个地址默认没有修改的地方,需要我们手动开发,这块不是很方便。
自定义redirect_uri
一 重写BeanPostProcessor来实现
@Component
public class KeycloackAuthenticationProcessingFilterPostProcessor implements BeanPostProcessor {
private static final Logger logger = LoggerFactory.getLogger(KeycloackAuthenticationProcessingFilterPostProcessor.class);
private void process(KeycloakAuthenticationProcessingFilter filter) {
filter.setRequestAuthenticatorFactory(new SpringSecurityRequestAuthenticatorFactory() {
@Override
public RequestAuthenticator createRequestAuthenticator(HttpFacade facade, HttpServletRequest request, KeycloakDeployment deployment, AdapterTokenStore tokenStore, int sslRedirectPort) {
return new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, sslRedirectPort) {
@Override
protected OAuthRequestAuthenticator createOAuthAuthenticator() {
return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore) {
@Override
protected String getRequestUrl() {
return "http://localhost:8081/callback";
}
};
}
};
}
});
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof KeycloakAuthenticationProcessingFilter) {
logger.info("Injecting Custom handler...");
process(((KeycloakAuthenticationProcessingFilter) bean));
}
return bean;
}
二 在没有授权时,直接跳到 授权系统,然后观察地址上redirect_uri已经发生变化了
参考文档:https://stackoverflow.com/questions/54163924/how-to-set-redirect-uri-in-keycloak-with-spring-boot
