KeyCloak返回无效参数:redirect_uri
我正在尝试使用Spring Boot和KeyCloak运行一些简单的应用程序。在Localhost上运行的应用:80。这是我的pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.example</groupId>
<artifactId>testOfKeyCloack</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>15</maven.compiler.source>
<maven.compiler.target>15</maven.compiler.target>
<springboot.plugin.version>2.1.4.RELEASE</springboot.plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.plugin.version}</version>
</plugin>
</plugins>
</build>
</project>
,有我的应用程序。 另外还有领域 - 网络报告和客户端testk:
server:
port: "80"
spring:
application.name: ${APPLICATION_NAME:spring-security-keycloak-oauth}
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://localhost:8080/realms/webReport
registration:
keycloak:
client-id: testK
有效的重定向uri:http:// localhost:80/*
用于测试我使用控制器:
@RestController
@RequestMapping("/api")
public class SampleController {
@GetMapping("/anonymous")
public String getAnonymousInfo() {
return "Anonymous";
}
@GetMapping("/user")
@PreAuthorize("hasRole('USER')")
public String getUserInfo() {
return "user info";
}
@GetMapping("/admin")
@PreAuthorize("hasRole('ADMIN')")
public String getAdminInfo() {
return "admin info";
}
@GetMapping("/service")
@PreAuthorize("hasRole('SERVICE')")
public String getServiceInfo() {
return "service info";
}
@GetMapping("/me")
public Object getMe() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return authentication.getName();
}
}
这是我的WebsecurityConfiguration
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests -> authorizeRequests
.antMatchers("/api/anonymous/**").permitAll()
.anyRequest().authenticated())
.oauth2Login(oauth2Login -> oauth2Login
.userInfoEndpoint(userInfoEndpoint -> userInfoEndpoint
.oidcUserService(this.oidcUserService())
)
);
}
@Bean
public OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
final OidcUserService delegate = new OidcUserService();
return (userRequest) -> {
OidcUser oidcUser = delegate.loadUser(userRequest);
final Map<String, Object> claims = oidcUser.getClaims();
final JSONArray groups = (JSONArray) claims.get("groups");
final Set<GrantedAuthority> mappedAuthorities = groups.stream()
.map(role -> new SimpleGrantedAuthority(("ROLE_" + role)))
.collect(Collectors.toSet());
return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
};
}
}
,但是当我尝试去例如:“ http:// localhost) :80/api/admin” 我遇到了一个错误:“无效参数:redirect_uri” 控制台输出:“ get http:// localhost:8080/realms/webreport/stoloption/openID-connect/auth?wendesp_type = code&amp; amp; amp; amp; amp; sate = *** redirect_uri = http = http:http:// local-host/lo limin/liogin/oauth2/oauth2/oauth2/oauth2/oauth2/oauth2/oauth2/代码/KeyCloak 400(不良请求)“
其他线程的建议无济于事,所以我只是不知道该怎么办。
I am trying to run some simple app by using spring boot and keycloak. App running on localhost:80. Here is my pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.example</groupId>
<artifactId>testOfKeyCloack</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>15</maven.compiler.source>
<maven.compiler.target>15</maven.compiler.target>
<springboot.plugin.version>2.1.4.RELEASE</springboot.plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.plugin.version}</version>
</plugin>
</plugins>
</build>
</project>
There is my application.yml, where keycloak listening port 8080 on localhost.
Also there is realm - WebReport and client testK:
server:
port: "80"
spring:
application.name: ${APPLICATION_NAME:spring-security-keycloak-oauth}
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://localhost:8080/realms/webReport
registration:
keycloak:
client-id: testK
Valid redirect URI: http://localhost:80/*
For test I use controller:
@RestController
@RequestMapping("/api")
public class SampleController {
@GetMapping("/anonymous")
public String getAnonymousInfo() {
return "Anonymous";
}
@GetMapping("/user")
@PreAuthorize("hasRole('USER')")
public String getUserInfo() {
return "user info";
}
@GetMapping("/admin")
@PreAuthorize("hasRole('ADMIN')")
public String getAdminInfo() {
return "admin info";
}
@GetMapping("/service")
@PreAuthorize("hasRole('SERVICE')")
public String getServiceInfo() {
return "service info";
}
@GetMapping("/me")
public Object getMe() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return authentication.getName();
}
}
And this is my WebSecurityConfiguration
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests -> authorizeRequests
.antMatchers("/api/anonymous/**").permitAll()
.anyRequest().authenticated())
.oauth2Login(oauth2Login -> oauth2Login
.userInfoEndpoint(userInfoEndpoint -> userInfoEndpoint
.oidcUserService(this.oidcUserService())
)
);
}
@Bean
public OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
final OidcUserService delegate = new OidcUserService();
return (userRequest) -> {
OidcUser oidcUser = delegate.loadUser(userRequest);
final Map<String, Object> claims = oidcUser.getClaims();
final JSONArray groups = (JSONArray) claims.get("groups");
final Set<GrantedAuthority> mappedAuthorities = groups.stream()
.map(role -> new SimpleGrantedAuthority(("ROLE_" + role)))
.collect(Collectors.toSet());
return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
};
}
}
But when I try to go for example to : "http://localhost:80/api/admin"
I am getting an error: "Invalid parameter: redirect_uri"
Console output: "GET http://localhost:8080/realms/webReport/protocol/openid-connect/auth?response_type=code&client_id=my_webreport&state=*** redirect_uri=http://localhost/login/oauth2/code/keycloak 400 (Bad Request)"
Advices from other threads didn't help, so I just don't know, what to do.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是说您将重定向的URI设置为
http:// localhost:80/*。然后,您提出了此请求:
获取http:// localhost:8080/realms/web Report/stoloption/openID-connect/auth?wendespy_type = code&amp; client&amp; client_id = my_webReport&stane = *** redirect_uri = http:// localhost = http:// :8084/login/oauth2/code/keycloak。http:// localhost:8084/login/oauth2/code/keycloak不匹配http:// localhost:80/*,端口需要匹配实际您的请求端口。You're saying you set your redirect URIs for the client to
http://localhost:80/*.Then you made this request:
GET http://localhost:8080/realms/webReport/protocol/openid-connect/auth?response_type=code&client_id=my_webreport&state=*** redirect_uri=http://localhost:8084/login/oauth2/code/keycloak.http://localhost:8084/login/oauth2/code/keycloakis not matched byhttp://localhost:80/*, the port needs to match the actual port of your request.