api-gateway에 연결하는 방법을 선택했다.
먼저 config 파일을 하나 만들어준다.
KeycloakConfig
package gabia.library.config;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import java.io.InputStream;
@Configuration
@EnableWebSecurity
public class KeycloakConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(
new SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/app*").permitAll()
.antMatchers("/book-service/*").hasRole("ADMIN") //여기서 말하는 Role은
.antMatchers("/user-service/*").hasRole("USER") //realm의 role을 말함
.anyRequest().authenticated();
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakConfigResolver() {
private KeycloakDeployment keycloakDeployment;
@Override
public KeycloakDeployment resolve(HttpFacade.Request facade) {
if (keycloakDeployment != null) {
return keycloakDeployment;
}
InputStream configInputStream = getClass().getResourceAsStream("/keycloak.json");
return KeycloakDeploymentBuilder.build(configInputStream);
}
};
}
}
keycloak.json
{
"realm": "MSA", //realm 이름
"auth-server-url": "http://localhost:8080/auth/",
"ssl-required": "external",
"resource": "memberService", //client 이름
"credentials": {
"secret": "영어로 되어있는 클라이언트 비번 쳐주시면 됩니당" //client 비번
},
"confidential-port": 0
}build.gradle
keycloak 관련 해서 불러올 수 있도록 추가해준다
version = '0.0.1-SNAPSHOT'
ext['springCloudVersion'] = 'Hoxton.RELEASE'
jar {
manifest {
attributes 'Main-Class': 'gabia.library.ApigatewayApplication'
}
}
dependencies {
implementation project(':common')
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation('org.springframework.cloud:spring-cloud-starter-netflix-zuul')
implementation('org.springframework.cloud:spring-cloud-starter-netflix-eureka-client')
implementation('org.springframework.boot:spring-boot-starter-security')
implementation('org.keycloak:keycloak-spring-boot-starter') //추가한 행
implementation group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
implementation group: 'io.springfox', name: 'springfox-swagger-ui', version: '2.9.2'
testImplementation('org.springframework.boot:spring-boot-starter-test') {
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
}
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
mavenBom "org.keycloak.bom:keycloak-adapter-bom:12.0.1" //추가한 행
}
}
test {
useJUnitPlatform()
}이렇게 두개의 keycloak관련한 의존성을 주입해주어야
keycloakConfig에서 keycloak 관련 jar들이 성공적으로 import된다.
기록이 쌓이면 지식이 된다.