代码之家  ›  专栏  ›  技术社区  ›  Edwin

如何在WebLogic中设置keyclaft

keycloak servlet-filters weblogic
  •  0
  • Edwin  · 技术社区  · 8 年前

    我在操场上用 keycloak 2.5.5-final Docker图像和 weblogic 12.2.1 Docker图像。

    我创造了一件钥匙斗篷 Java Servlert Filter 并集成到我的app.war(web.xml)。

    现在,当我尝试访问我的servlet并使用令牌调用它时,出现了以下问题: 

    GET https://localhost:7005/test/
Accept: */*
Cache-Control: no-cache
Authorization: bearer eyJhbGc....

    我得到: Error 401--Unauthorized 来自WebLogic。

    我理解为:调用尝试验证vs-weblogic,而不是vs-keyclaft。到达keychaft过滤器,因为我可以看到过滤器中的日志记录。

    我的问题是: 我需要在WebLogic中设置一些东西来识别keychaft过滤器吗?

    这是 weblogic.xml 应用程序的 

        <?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.6/weblogic-web-app.xsd">

    <context-root>test</context-root>

    <session-descriptor>
        <cookie-secure>true</cookie-secure>
    </session-descriptor>

    <container-descriptor>
        <prefer-application-packages>
            <package-name>javax.faces.*</package-name>
            <package-name>net.sf.cglib.*</package-name>
            <package-name>org.objectweb.asm.*</package-name>
            <package-name>antlr.*</package-name>
            <package-name>com.fasterxml</package-name>
            <package-name>org.apache.logging.*</package-name>
            <package-name>org.keycloak.*</package-name>
        </prefer-application-packages>

        <prefer-application-resources>
            <resource-name>META-INF/resources/javax.faces.*</resource-name>

            <resource-name>META-INF/services/javax.servlet.ServletContainerInitializer</resource-name>
        </prefer-application-resources>
    </container-descriptor>

    <charset-params>
        <input-charset>
            <resource-path>/*</resource-path>
            <java-charset-name>UTF-8</java-charset-name>
        </input-charset>
    </charset-params>
</weblogic-web-app>

    我也得到这个错误 publicKey is not found 但据我所知,这种情况不应该适用于2.4版的keychaft。 

        ####<May 28, 2018 7:16:54 AM GMT> <Error> <org.keycloak.adapters.rotation.JWKPublicKeyLocator> <bf82fa2eb72b> <Server-1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <d97c6c05-f7e1-4e66-906d-65ca828ad685-0000006c> <1527491814775> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-000000> <Error when sending request to retrieve realm keys
org.keycloak.adapters.HttpClientAdapterException: IO error
        at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:58)
        at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:99)
        at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:44)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
        at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:67)
        at com.mytest.keycloak.OIDCFilter.doFilter(OIDCFilter.java:105)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3654)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3620)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
        at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:196)
        at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
        at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
        at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2423)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2280)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2258)
        at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1626)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1586)
        at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
        at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
        at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
        at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
        at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
        at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:617)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:397)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
Caused By: java.net.ConnectException: Connection refused (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)
        at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:37)
        at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:99)
        at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:44)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
        at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:67)
        at com.mytest.keycloak.OIDCFilter.doFilter(OIDCFilter.java:105)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3654)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3620)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
        at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:196)
        at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
        at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
        at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2423)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2280)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2258)
        at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1626)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1586)
        at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
        at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
        at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
        at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
        at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
        at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:617)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:397)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
>
####<May 28, 2018 7:16:54 AM GMT> <Error> <org.keycloak.adapters.rotation.AdapterRSATokenVerifier> <bf82fa2eb72b> <Server-1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <d97c6c05-f7e1-4e66-906d-65ca828ad685-0000006c> <1527491814777> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-000000> <Didn't find publicKey for kid: Opsl9YmngDniBXfayK17-elBdeSjLyVv27AzK2eMa4s>
####<May 28, 2018 7:16:54 AM GMT> <Error> <org.keycloak.adapters.BearerTokenRequestAuthenticator> <bf82fa2eb72b> <Server-1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <d97c6c05-f7e1-4e66-906d-65ca828ad685-0000006c> <1527491814777> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-000000> <Failed to verify token
org.keycloak.common.VerificationException: Didn't find publicKey for specified kid
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:47)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)
        at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
        at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
        at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:67)
        at com.mytest.keycloak.OIDCFilter.doFilter(OIDCFilter.java:105)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3654)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3620)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
        at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:196)
        at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
        at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
        at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2423)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2280)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2258)
        at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1626)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1586)
        at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
        at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
        at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
        at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
        at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
        at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:617)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:397)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)
    1 回复  |  直到 8 年前
        1
  •  0
  •   Edwin    8 年前

    即使我可以从weblogic容器到keycault容器进行一个curl,并接收访问令牌: 

    curl -X POST -d "grant_type=password" -d "client_id=test" -d "username=demo" 
-d "password=demodemo" "http://localhost:8080/auth/realms/demo/protocol/openid-connect/token"

    问题是 localhost 据我推测 this git-issue 。这个 解决方案 在keychaft设置中使用您自己的IP而不是本地主机( keycloak.json 或其他设置)。 

    {
  "realm": "demo",
  "auth-server-url": "http://myip:8080/auth", //instead of localhost
  "ssl-required": "external",
  "resource": "test",
  "public-client": true
}
    推荐文章
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号