Keycloak、Wildfly 和 JSF - 'Forbidden'
Let*_*rus 5 jsf wildfly keycloak
美好的一天朋友
首先,我阅读了文档,谷歌并尝试了各种方法。
我正在尝试保护作为 WAR 部署的应用程序在 Wildfly_11.0.0.0_Final 上运行的 JSF 2.2 webapp。
Keycloak 设置了正确的领域信息,并定义了角色和用户。
登录 Keycloak 帐户(对于管理员和用户)工作 100%
没有“激活” Keycloak 应用程序工作正常(它加载和所有导航工作,用户界面主要是 PrimeFaces 和 OmniFaces)。
当“激活” Keycloak(并在端口偏移上运行它以确保端口不与 WildFly 冲突)时,在使用 Keycloak 进行身份验证后,我得到的只是一个“禁止”页面。
我想要做的就是访问应用程序内的安全令牌,以便能够根据分配给用户的角色呈现 UI 片段和访问 bean 方法。
是的,这是我当前尝试的设置和相关信息(如果你们中的一位大师看到与此特定问题无关的内容,可以改进,所有反馈将不胜感激)。
我的 POM 文件:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- Model Version -->
<modelVersion>4.0.0</modelVersion>
<!-- mvn version prerequisite -->
<prerequisites>
<maven>3.3.9</maven>
</prerequisites>
<!-- Application package information -->
<groupId>com.mydomain</groupId>
<artifactId>myapp</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<!-- Properties -->
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<!-- mvn repositories -->
<repositories>
<repository>
<id>JBoss</id>
<name>public-jboss</name>
<url>http://repository.jboss.org/nexus/content/groups/public-jboss/</url>
</repository>
<repository>
<id>java.net-maven2-SNAPSHOT-repository</id>
<name>Java.net SNAPSHOT-Repository for Maven</name>
<url>https://maven.java.net/content/repositories/snapshots/</url>
<layout>default</layout>
</repository>
<repository>
<id>java.net-maven2-repository</id>
<name>Java.net Repository for Maven</name>
<url>https://maven.java.net/content/repositories/releases/</url>
<layout>default</layout>
</repository>
<repository>
<id>oss.sonatype.org</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</repository>
<repository>
<id>bintray-snapshot</id>
<name>libs-snapshot</name>
<url>http://oss.jfrog.org/artifactory/libs-snapshot</url>
</repository>
</repositories>
<!-- Dependencies -->
<dependencies>
<!-- Server specific dependencies for WildFly 11 -->
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-api</artifactId>
<version>2.2.13</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.sun.faces</groupId>
<artifactId>jsf-impl</artifactId>
<version>2.2.13</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>5.1.10.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-search-orm</artifactId>
<version>5.5.8.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.3.5.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.1-api</artifactId>
<version>1.0.0.Final-redhat-1</version>
</dependency>
<!-- Target dependency for Java EE 7 server. -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<!-- Runtime dependencies. -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>3.4.1.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
<version>3.4.1.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-spi</artifactId>
<version>3.4.1.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2.redhat-1</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.1_spec</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-server</artifactId>
<version>3.0.10.Final-redhat-1</version>
</dependency>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-feature-pack</artifactId>
<version>11.0.0.Final</version>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.3</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>org.primefaces</groupId>
<artifactId>primefaces</artifactId>
<version>6.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.primefaces.themes</groupId>
<artifactId>all-themes</artifactId>
<version>1.0.10</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.primefaces.extensions</groupId>
<artifactId>primefaces-extensions</artifactId>
<version>6.1.1</version>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>omnifaces</artifactId>
<version>2.6.4</version>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>omnisettings</artifactId>
<version>0.1</version>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>omniutils</artifactId>
<version>0.5</version>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>omnipersistence</artifactId>
<version>0.3</version>
</dependency>
<dependency>
<groupId>org.omnifaces</groupId>
<artifactId>optimusfaces</artifactId>
<version>0.4</version>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-core</artifactId>
<version>8.2.8.Final</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.1.4</version>
</dependency>
<dependency>
<groupId>org.jboss.weld</groupId>
<artifactId>weld-api</artifactId>
<version>2.4.SP1</version>
</dependency>
<dependency>
<groupId>org.jboss.weld</groupId>
<artifactId>weld-core-impl</artifactId>
<version>2.4.3.Final</version>
</dependency>
<dependency>
<groupId>org.atmosphere</groupId>
<artifactId>atmosphere-runtime</artifactId>
<version>2.4.14</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.9.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.9.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-web</artifactId>
<version>2.9.1</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.9</version>
</dependency>
<!-- Test dependencies. -->
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<!-- Build settings -->
<build>
<finalName>${project.artifactId}</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-archetype-plugin</artifactId>
<version>3.0.1</version>
</plugin>
</plugins>
</build>
</project>
我的 keycloak.json 文件位于:/WEB-INF/keycloak.json
{
"realm": "MyRealm",
"bearer-only": true,
"auth-server-url": "http://localhost:62223/auth",
"ssl-required": "external",
"resource": "myapp",
"principal-attribute": "preferred_username"
}
我的 web.xml 的内容如下所示:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.1"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<!-- Application information -->
<display-name>MyApp</display-name>
<description>MyApp description.</description>
<!-- App Security -->
<security-constraint>
<web-resource-collection>
<web-resource-name>myapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>MyRealm</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<!-- context params -->
<!-- Save State On Client -->
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<!-- enable development mode -->
<context-param>
<description>
Development version of MyApp
</description>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>org.jboss.weld.development</param-name>
<param-value>true</param-value>
</context-param>
<!-- convert to local timezone -->
<context-param>
<param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<!-- PrimeFaces setup -->
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>bootstrap</param-value>
</context-param>
<context-param>
<param-name>primefaces.FONT_AWESOME</param-name>
<param-value>true</param-value>
</context-param>
<!-- log4j -->
<context-param>
<param-name>log4jContextName</param-name>
<param-value>myapp</param-value>
</context-param>
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<!-- Welcome File -->
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
</web-app>
从 Keycloak 中的“安装”选项卡复制的 xml 部分,然后粘贴到 Wildfly 的 standalone.xml 文件中,如下所示:
subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<secure-deployment name="myapp.war">
<realm>MyRealm</realm>
<auth-server-url>http://localhost:62223/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<resource>myapp</resource>
<credential name="secret">ce0984f0-c6ef-4808-bfd4-342480437051</credential>
<use-resource-role-mappings>true</use-resource-role-mappings>
</secure-deployment>
</subsystem>
我有一个 index.xhtml 文件位于 /webapp/index.xhtml (即不在 WEB-INF 文件夹内)。
我想要发生的是,只有在成功验证之后,才应该将用户重定向到 index.xhtml 文件。然后,此文件访问 /WEB-INF/ 文件夹下的模板和 CRUD 文件。
我在https://github.com/dasniko/keycloak-javaee-demo找到了示例代码,它允许我读取用户的角色,并根据角色部分呈现 UI 和菜单。
如果您需要与上述相关的任何其他信息,请告诉我。
最诚挚的感谢
编辑:添加了 Keycloak 客户端设置选项卡的屏幕截图
| 归档时间: |
|
| 查看次数: |
2243 次 |
| 最近记录: |