问题
I have been been playing with spring boot and been successful in using Keycloak and Vaadin separately in different projects. Now, I wanted to combine both to avoid having to implement my own security using Vaadin. The result I have so far can be found here: github project.
I started from the shared security example given by vaadin4spring. I then added the Keycloak configuration as given by the keycloak-spring-security-adapter and the keycloak-spring-boot-adapter.
I have now hit a wall in getting both to work together. When everything is up and running and I navigate to localhost:8080, I get the following error:
{"timestamp":...,"status":401,"error":"Unauthorized","message":"Unauthorized","path":"/"}
No redirect is triggered to authenticate with Keycloak. However, if I navigate to any other url not managed by Vaadin, e.g. localhost:8080/login, the redirect is triggered.
After logging in successfully, I can navigate to localhost:8080 without an error. However, any operation remains restricted and the secured views remain hidden.
Any ideas how to fix my configuration? I am thinking it is due to Vaadin handling CORS.
回答1:
I use the Keycloak Spring Security Adapter and had some problems when securing the root path ("/") for the UI service too.
I ended up configuring Spring MVC to send a redirect when user tries to access the root path in the UI:
@Bean
public WebMvcConfigurerAdapter forwardToEquipmentManager() {
return new WebMvcConfigurerAdapter() {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("redirect:/ui/home");
}
};
}
This way the browser is redirected to the home path when asking for the root path and it fires the adapter logic. It just works.
回答2:
Apparently, in my setup, upon startup the system would register the user as being anonymous instead of trying to actually authenticate.
http.anonymous().disable();
Adding the above snippet to the security configuration prevents this from happening and the system correctly redirects the user to KC login.
Once I got this working, I noticed my views were also broken. This was due to method security proxy settings affecting all beans. Vaadin requires actual run-time classes instead of proxies to e.g. find views.
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
Changing proxyTargetClass to true ensures subclass proxies are created avoiding any conflict with Vaadin.
I pushed all changes to the github project.
来源:https://stackoverflow.com/questions/43652686/spring-boot-keycloak-and-vaadin-integration-issue