SpringBoot开发Keycloak token的获取以及校验
通过Keycloak的登录页跳转Client方式获取token
client开发
client的demo开发参考:SpringBoot集成Keycloak简单实例
查看token
我们在后台的Controller中打上断点。
当我们登陆成功后,断点被触发,我们可以找到token的位置
获取token
上代码,直接调用getTokenString接口就能获取token字符串
public static KeycloakPrincipal getKeycloakPrinciple(HttpServletRequest request){
KeycloakPrincipal keycloakPrincipal = null;
try{
keycloakPrincipal = (KeycloakPrincipal)request.getUserPrincipal();
}catch (Exception e){
e.printStackTrace();
}
return keycloakPrincipal;
}
public static String getTokenString(HttpServletRequest request){
String tokenString = null;
try{
tokenString = getKeycloakPrinciple(request).getKeycloakSecurityContext().getTokenString();
}catch (Exception e){
e.printStackTrace();
}
return tokenString;
}
通过接口校验token
使用postman发送请求
请求URL:
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token
方式:
POST
参数:
{
client_id:"keycloakDemo",
grant_type:"password",
username:"test",
password:"test"
}
发送请求结果如下
校验token
上代码
private static String realm = "myrealm";
private static String resource = "keycloakDemo";
private static String authServerUrl = "http://localhost:8080/auth";
public static boolean verifyToken(String token) {
AccessToken accessToken = null;
try {
//1、设置client配置信息
AdapterConfig adapterConfig = new AdapterConfig();
//realm name
adapterConfig.setRealm(realm);
//client_id
adapterConfig.setResource(resource);
//认证中心keycloak地址
adapterConfig.setAuthServerUrl(authServerUrl);
//访问https接口时,禁用证书检查。
adapterConfig.setDisableTrustManager(true);
//2、根据client配置信息构建KeycloakDeployment对象
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(adapterConfig);
//3、执行token签名验证和有效性检查(不通过会抛异常)
accessToken = AdapterTokenVerifier.verifyToken(token, deployment);
}catch (Exception e){
e.printStackTrace();
}
if(accessToken!=null){
return true;
}else{
return false;
}
}
Keycloak依赖包如下
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>10.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>10.0.1</version>
<scope>provided</scope>
</dependency>