spring security
判断是否有权限访问请求路径
FilterSecurityInterceptor.doFilter -- >AccessDecisionManager.decide()(实现类AffirmativeBased) 抛出异常AccessDeniedException -->ExceptionTranslationFilter -->AuthenticationEntryPoint-->RedirectStrategy
AuthenticationEntryPoint在系统启动时完成初始化
RedirectStrategy跳转到http://localhost:9003/oauth2/authorization/keycloak oauth2入口
oauth2登录
OAuth2AuthorizationRequestRedirectFilter --> RedirectStrategy(DefaultRedirectStrategy)
RedirectStrategy跳转到
http://127.0.0.1:8080/auth/realms/gd/protocol/openid-connect/auth?response_type=code&client_id=appname&scope=openid address email microprofile-jwt offline_access phone profile roles web-origins&state=kOyEKvdVvbdzBxZOb4J2Gs60T2BwejLILkj7Advsym4=&redirect_uri=http://127.0.0.1:9527/login/oauth2/code/keycloak&nonce=l1C-05KZfPcsQis4nPxGXIjC4zBXBivrCtZW8GsEXrY
keycloak登录后跳转到
http://127.0.0.1:9527/login/oauth2/code/keycloak?state=kOyEKvdVvbdzBxZOb4J2Gs60T2BwejLILkj7Advsym4=&session_state=883d0c79-15e3-49ae-9946-a598dc0af316&code=0fe070bb-0e8a-4c60-abfa-f985fb563c86.883d0c79-15e3-49ae-9946-a598dc0af316.17e4b437-1dff-477e-a36c-0772554440e4
OAuth2LoginAuthenticationFilter --> SimpleUrlAuthenticationSuccessHandler(可自定义)-->响应中带有token
客户端取响应中的token和roles,带着token去访问后台资源
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步