Rpj*_*Rpj 6 java spring-security spring-boot keycloak
无法定义以 keycloak 开头的属性。如果 keycloak-spring-boot-starter starter jar 观察到 jar 不知道的 keycloak 属性,则它无法加载属性。如果我们sso在属性前加上“ ”,问题就解决了,有没有办法即使在保留 keycloak 前缀的情况下也能避免这个错误。
keycloak.admin.username=
keycloak.admin.password=
sso.keycloak.admin.username=
sso.keycloak.admin.password=
这是看到的错误 Spring Boot 2.5.0 and Keycloak 13.0.0
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
... 21 more
Caused by: java.lang.NullPointerException
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterAtOffsetOf(HttpSecurity.java:2654)
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterAfter(HttpSecurity.java:2645)
at org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter.configure(KeycloakWebSecurityConfigurerAdapter.java:123)
at com.foo.config.KeycloakSecurityConfig.configure(KeycloakSecurityConfig.java:36)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:217)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:93)
at com.foo.config.KeycloakSecurityConfig$$EnhancerBySpringCGLIB$$501f46fb.init(<generated>)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:338)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:300)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:127)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
此错误是在Spring Boot 2.5.0附带的 Spring Security 5.5.0版中引入的。发生这种情况是因为 KeyCloak 依次添加了两个过滤器,如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class)
...
}
并且现在有一个错误,其中自定义过滤器顺序没有被持久化,从而导致NullPointerException尝试添加相对于最近添加的另一个自定义过滤器的过滤器。
我建议你现在做的是使用较低版本的 Spring Boot,比如 2.4.x,直到GitHub 中的问题得到解决。
| 归档时间: |
|
| 查看次数: |
127 次 |
| 最近记录: |