迁移到使用弹簧安全性的应用程序的keycloak

我想这是如此简单，如果我会读完keycloak的文档:)。以下是我在Sitewhere迁移到keycloak时遵循的步骤。

1. 按照以下步骤在keycloak DOC给出spring-security
2. 添加依赖性sitewhere核& sitewhere-网络的pom.xml在adapter installation
3. 说还要添加在sitewhere- JBoss的日志记录的依赖因为web的pom.xml，keycloak弹簧适配器对jboss日志记录具有硬编码依赖性。

4. 修改applicationContext.xml中，以便它可以使用keycloak于网站& API，所述样品为API

   <sec:http pattern="/api/**" entry-point-ref="keycloakAuthenticationEntryPoint"> 
   <sec:custom-filter ref="keycloakPreAuthActionsFilter" before="LOGOUT_FILTER" /> 
   <sec:custom-filter ref="keycloakAuthenticationProcessingFilter" before="FORM_LOGIN_FILTER" /> 
   

5. 修改LoginManager.java如下

   public static IUser getCurrentlyLoggedInUser() throws SiteWhereException { 
   Authentication KeyCloakAuth = SecurityContextHolder.getContext().getAuthentication(); 
   if (KeyCloakAuth == null) { 
       throw new SiteWhereSystemException(ErrorCode.NotLoggedIn, ErrorLevel.ERROR, 
         HttpServletResponse.SC_FORBIDDEN); 
   } 
   
   KeycloakAccount keyAccount = ((KeycloakAuthenticationToken) KeyCloakAuth).getAccount(); 
   
   String username = keyAccount.getKeycloakSecurityContext().getIdToken().getPreferredUsername(); 
   String password = ""; 
   
   IUser user = SiteWhere.getServer().getUserManagement().authenticate(username, password); 
   List<IGrantedAuthority> auths = 
        SiteWhere.getServer().getUserManagement().getGrantedAuthorities(user.getUsername()); 
   SitewhereUserDetails details = new SitewhereUserDetails(user, auths); 
   
   
   Authentication auth = new SitewhereAuthentication(details, password); 
   
   if (!(auth instanceof SitewhereAuthentication)) { 
       throw new SiteWhereException("Authentication was not of expected type: " 
         + SitewhereAuthentication.class.getName() + " found " + auth.getClass().getName() 
         + " instead."); 
   } 
   return (IUser) ((SitewhereAuthentication) auth).getPrincipal(); 
   

   以下}

6. 由于我们已将身份验证迁移到keycloak，并且事实上我们不会获得用户的凭据，因此最好在IUserManagement的身份验证方法中将有关密码验证的代码无效。以下是从MongoUserManagement.java

   public IUser authenticate(String username, String password) throws SiteWhereException { 
   if (password == null) { 
       throw new SiteWhereSystemException(ErrorCode.InvalidPassword, ErrorLevel.ERROR, 
         HttpServletResponse.SC_BAD_REQUEST); 
   } 
   DBObject userObj = assertUser(username); 
   String inPassword = SiteWherePersistence.encodePassoword(password); 
   User match = MongoUser.fromDBObject(userObj); 
   //nullify authentication since we are using keycloak 
   /*if (!match.getHashedPassword().equals(inPassword)) { 
       throw new SiteWhereSystemException(ErrorCode.InvalidPassword, ErrorLevel.ERROR, 
         HttpServletResponse.SC_UNAUTHORIZED); 
   }*/ 
   
   // Update last login date. 
   match.setLastLogin(new Date()); 
   DBObject updated = MongoUser.toDBObject(match); 
   DBCollection users = getMongoClient().getUsersCollection(); 
   BasicDBObject query = new BasicDBObject(MongoUser.PROP_USERNAME, username); 
   MongoPersistence.update(users, query, updated); 
   
   return match;} 
   

7. 样品请确保您有在keycloak是更具体的sitewhere用户各自的作用。

8. 更改您的主页，以便重定向到keycloak进行身份验证。以下是重定向示例：

   Tracer.start(TracerCategory.AdminUserInterface, "login", LOGGER); 
   try { 
       Map<String, Object> data = new HashMap<String, Object>(); 
       data.put("version", VersionHelper.getVersion()); 
       String keycloakConfig = environment.getProperty("AUTHSERVER_REDIRECTION_URL");   
       if (SiteWhere.getServer().getLifecycleStatus() == LifecycleStatus.Started) { 
        return new ModelAndView("redirect:"+keycloakConfig); 
       } else { 
        ServerStartupException failure = SiteWhere.getServer().getServerStartupError(); 
        data.put("subsystem", failure.getDescription()); 
        data.put("component", failure.getComponent().getLifecycleError().getMessage()); 
        return new ModelAndView("noserver", data); 
       } 
   } finally { 
       Tracer.stop(LOGGER); 
   }