- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
我目前正在尝试将我的 spring boot 微服务连接到 keycloak,以验证来自前端的所有 token 并验证用户。为此,我将 keycloak 适配器用于 spring boot。这是我第一次使用 Keycloak 作为身份提供者,我正在尝试弄清楚如何使用它。到目前为止,我已经成功地使用简单的 rest API 从 Keycloak 获取所有用户和有关领域的信息。
现在我想使用 keycloak 提供的适配器,但遇到证书错误(我发布了所有相关日志):
2019-08-27 09:19:58.529 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8080/data/23
2019-08-27 09:19:58.569 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'authentication-service'
2019-08-27 09:19:58.572 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2019-08-27 09:19:58.574 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2019-08-27 09:19:58.576 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret-jwt
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret-jwt
2019-08-27 09:19:58.587 DEBUG 14236 --- [nio-8080-exec-4] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2019-08-27 09:19:58.589 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://192.168.222.153:8444/auth/, tokenUrl: https://192.168.222.153:8444/auth/realms/GRCC/protocol/openid-connect/token, relativeUrls: NEVER
2019-08-27 09:19:58.601 TRACE 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : --> authenticate()
2019-08-27 09:19:58.603 TRACE 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : try bearer
2019-08-27 09:19:58.604 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Found [1] values in authorization header, selecting the first value for Bearer.
2019-08-27 09:19:58.604 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Verifying access_token
2019-08-27 09:19:58.690 TRACE 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : access_token: eyJhbGciOiJSUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjT3hqT1pOQWtieXhPM0diQ1BLWVNVS2lVY3JPZTRLRXFLN21qQ2JpZHA0In0.eyJqdGkiOiI1N2I0MGU0Ny1kMGQ5LTQ4NWItYmQyNi1hOTViNTczMTU2NzQiLCJleHAiOjE1NjY4MjYwMTMsIm5iZiI6MCwiaWF0IjoxNTY2ODI1NzEzLCJpc3MiOiJodHRwczovLzE5Mi4xNjguMjIyLjE1Mzo4NDQ0L2F1dGgvcmVhbG1zL0dSQ0MiLCJhdWQiOlsicmVhbG0tbWFuYWdlbWVudCIsImFjY291bnQiXSwic3ViIjoiOTYyMWZmMDItYjUwMy00NDk2LTg1ZWUtYjQ3NzJhZDRkMDE1IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXV0aGVudGljYXRpb24tc2VydmljZSIsImF1dGhfdGltZSI6MTU2NjgyNTY5Miwic2Vzc2lvbl9zdGF0ZSI6IjFlMjg4MDgzLWUxODgtNDhhMC04YzcxLTY4MTFiOWFkYzVmYyIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhdXRoZW50aWNhdGlvbi1zZXJ2aWNlIjp7InJvbGVzIjpbIlVTRVIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwidXNlcl9uYW1lIjoibGxlbWFpcmUiLCJuYW1lIjoiTG_Dr2MgTGVtYWlyZSIsInByZWZlcnJlZF91c2VybmFtZSI6ImxsZW1haXJlIiwiZ2l2ZW5fbmFtZSI6Ikxvw69jIiwiZmFtaWx5X25hbWUiOiJMZW1haXJlIiwiZW1haWwiOiJsb2ljLmxlbWFpcmVAaXJpc2NvcnBvcmF0ZS5jb20ifQ.signature
2019-08-27 09:19:58.752 TRACE 14236 --- [nio-8080-exec-4] o.k.a.rotation.JWKPublicKeyLocator : Going to send request to retrieve new set of realm public keys for client authentication-service
2019-08-27 09:19:59.166 ERROR 14236 --- [nio-8080-exec-4] o.k.a.rotation.JWKPublicKeyLocator : Error when sending request to retrieve realm keys
org.keycloak.adapters.HttpClientAdapterException: IO error
at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:58) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:99) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:203) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:50) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:57) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.21.jar:9.0.21]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.21.jar:9.0.21]
at java.base/java.lang.Thread.run(Thread.java:834) [na:na]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361) [na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) [na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) [na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) [na:na]
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178) [na:na]
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) [na:na]
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:570) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.SniSSLSocketFactory.createLayeredSocket(SniSSLSocketFactory.java:114) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:415) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:37) [keycloak-adapter-core-6.0.1.jar:6.0.1]
... 26 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290) [na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626) [na:na]
... 51 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) [na:na]
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) [na:na]
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) [na:na]
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [na:na]
... 57 common frames omitted
2019-08-27 09:19:59.166 ERROR 14236 --- [nio-8080-exec-4] o.k.a.rotation.AdapterTokenVerifier : Didn't find publicKey for kid: cOxjOZNAkbyxO3GbCPKYSUKiUcrOe4KEqK7mjCbidp4
2019-08-27 09:19:59.166 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token
2019-08-27 09:19:59.169 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : Bearer FAILED
我在使用带有 RestEasy 的 rest API 时已经解决了这个问题,只需在过程中添加证书即可。
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
keystore.load(new ClassPathResource("truststore").getInputStream(), password.toCharArray());
.resteasyClient(new ResteasyClientBuilder().trustStore(keystore).connectionPoolSize(1).hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build())
处理完DNS问题后,一切正常。但是现在,我在适配器方面遇到了完全相同的问题。
经过一些研究,我已经将证书添加到我的 java cacerts 中,甚至在 windows 上安装了证书。但这些都不起作用。我一直有同样的错误。
这是我的应用程序属性:
#Keycloak configuration
keycloak.auth-server-url=https://192.168.222.153:8444/auth/
keycloak.realm=GRCC
keycloak.resource=authentication-service
keycloak.verify-token-audience=true
keycloak.ssl-required=none
keycloak.credentials.secret=49632b4b-5f8d-43af-b10d-3ecea7c114cf
keycloak.principal-attribute=preferred_username
logging.level.org.keycloak=TRACE
keycloak.security-constraints[0].authRoles[0]=user
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/projects/*
keycloak.security-constraints[0].securityCollections[0].patterns[1]=/data/*
我还尝试在应用程序属性中使用 keycloak truststore 参数,但它也不起作用。
我使用 Keycloak 的方式有什么问题吗?
提前致谢
最佳答案
想办法!
我使用的是领域证书而不是 Keycloak 全局证书。
要获取领域证书,您需要向JVM 提供全局证书。
使用 openssl 调用获取正确的证书显示有两种不同类型的证书。
关于java - Keycloak 适配器 pkix 路径构建失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57670284/
我正在编写一个具有以下签名的 Java 方法。 void Logger(Method method, Object[] args); 如果一个方法(例如 ABC() )调用此方法 Logger,它应该
我是 Java 新手。 我的问题是我的 Java 程序找不到我试图用作的图像文件一个 JButton。 (目前这段代码什么也没做,因为我只是得到了想要的外观第一的)。这是我的主课 代码: packag
好的,今天我在接受采访,我已经编写 Java 代码多年了。采访中说“Java 垃圾收集是一个棘手的问题,我有几个 friend 一直在努力弄清楚。你在这方面做得怎么样?”。她是想骗我吗?还是我的一生都
我的 friend 给了我一个谜语让我解开。它是这样的: There are 100 people. Each one of them, in his turn, does the following
如果我将使用 Java 5 代码的应用程序编译成字节码,生成的 .class 文件是否能够在 Java 1.4 下运行? 如果后者可以工作并且我正在尝试在我的 Java 1.4 应用程序中使用 Jav
有关于why Java doesn't support unsigned types的问题以及一些关于处理无符号类型的问题。我做了一些搜索,似乎 Scala 也不支持无符号数据类型。限制是Java和S
我只是想知道在一个 java 版本中生成的字节码是否可以在其他 java 版本上运行 最佳答案 通常,字节码无需修改即可在 较新 版本的 Java 上运行。它不会在旧版本上运行,除非您使用特殊参数 (
我有一个关于在命令提示符下执行 java 程序的基本问题。 在某些机器上我们需要指定 -cp 。 (类路径)同时执行java程序 (test为java文件名与.class文件存在于同一目录下) jav
我已经阅读 StackOverflow 有一段时间了,现在我才鼓起勇气提出问题。我今年 20 岁,目前在我的家乡(罗马尼亚克卢日-纳波卡)就读 IT 大学。足以介绍:D。 基本上,我有一家提供簿记应用
我有 public JSONObject parseXML(String xml) { JSONObject jsonObject = XML.toJSONObject(xml); r
我已经在 Java 中实现了带有动态类型的简单解释语言。不幸的是我遇到了以下问题。测试时如下代码: def main() { def ks = Map[[1, 2]].keySet()
一直提示输入 1 到 10 的数字 - 结果应将 st、rd、th 和 nd 添加到数字中。编写一个程序,提示用户输入 1 到 10 之间的任意整数,然后以序数形式显示该整数并附加后缀。 public
我有这个 DownloadFile.java 并按预期下载该文件: import java.io.*; import java.net.URL; public class DownloadFile {
我想在 GUI 上添加延迟。我放置了 2 个 for 循环,然后重新绘制了一个标签,但这 2 个 for 循环一个接一个地执行,并且标签被重新绘制到最后一个。 我能做什么? for(int i=0;
我正在对对象 Student 的列表项进行一些测试,但是我更喜欢在 java 类对象中创建硬编码列表,然后从那里提取数据,而不是连接到数据库并在结果集中选择记录。然而,自从我这样做以来已经很长时间了,
我知道对象创建分为三个部分: 声明 实例化 初始化 classA{} classB extends classA{} classA obj = new classB(1,1); 实例化 它必须使用
我有兴趣使用 GPRS 构建车辆跟踪系统。但是,我有一些问题要问以前做过此操作的人: GPRS 是最好的技术吗?人们意识到任何问题吗? 我计划使用 Java/Java EE - 有更好的技术吗? 如果
我可以通过递归方法反转数组,例如:数组={1,2,3,4,5} 数组结果={5,4,3,2,1}但我的结果是相同的数组,我不知道为什么,请帮助我。 public class Recursion { p
有这样的标准方式吗? 包括 Java源代码-测试代码- Ant 或 Maven联合单元持续集成(可能是巡航控制)ClearCase 版本控制工具部署到应用服务器 最后我希望有一个自动构建和集成环境。
我什至不知道这是否可能,我非常怀疑它是否可能,但如果可以,您能告诉我怎么做吗?我只是想知道如何从打印机打印一些文本。 有什么想法吗? 最佳答案 这里有更简单的事情。 import javax.swin
我是一名优秀的程序员,十分优秀!