Security 5 OAuth2 17在Docker容器中运行时获得“连接拒绝”
Security 5 OAuth2 17在Docker容器中运行时获得“连接拒绝”
提问于 2022-02-17 12:49:29
我有一个带有Security 5的超级简单的Spring应用程序,它使用在Docker中运行的Keycloak 17实例在OAuth2上进行身份验证。
当我从Intellij本地启动应用程序时,一切都很好。
但是,当我从一个带有Docker编写的docker容器中运行这个应用程序时,我得到:
invalid_token_response在试图检索OAuth 2.0访问令牌响应时发生错误:针对"http://localhost:80/realms/Demo/protocol/openid-connect/token":连接拒绝(连接拒绝)“的POST请求出现I/O错误;嵌套异常为java.net.ConnectException:连接拒绝(连接拒绝)
当我在keycloak登录页面上输入凭据时。但是有一个会话是为那个穿着keycloak的用户创建的。
系统:
- MacBook与蒙特里12.0.1
- 码头桌面4.5与Kubernetes 1.22.5
docker-compose.yml
version: '3.9'
networks:
network_keycloak_postgres_app:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
volumes:
keycloak_postgres_data:
driver: local
services:
postgres:
container_name: postgres
image: postgres
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak_db_admin
POSTGRES_PASSWORD: keycloak_db_password
ports:
- "5432:5432"
networks:
- network_keycloak_postgres_app
keycloak:
container_name: keycloak
hostname: keycloak
image: quay.io/keycloak/keycloak:17.0.0
command: ["start-dev", "--log-level=debug"]
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: change_me
KC_DB: postgres
KC_DB_USERNAME: keycloak_db_admin
KC_CACHE: local
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_PASSWORD: keycloak_db_password
ports:
- "80:8080"
- "443:8443"
depends_on:
- postgres
networks:
- network_keycloak_postgres_app
demo_app:
container_name: demo_app
hostname: demoapp
build:
context: ../
dockerfile: Dockerfile
environment:
SPRING_PROFILES_ACTIVE: default
ports:
- "4242:4242"
depends_on:
- keycloak
networks:
- network_keycloak_postgres_appDockerfile (确保在构建之前运行'mvn干净包‘)
FROM openjdk:11.0.11-jre-slim
COPY ./target/demo-0.0.1-SNAPSHOT.jar /usr/local/lib/demo.jar
EXPOSE 4242
ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"]application.yml
server:
port: 4242
logging:
level:
root: DEBUG
org.springframework.web: DEBUG
org.springframework.security: DEBUG
# org.springframework.boot.autoconfigure: DEBUG
spring:
thymeleaf:
cache: false
security:
oauth2:
client:
registration:
keycloak:
client-id: demo-app
client-secret: 5cuxTUgiLJATP4pMpw7j8HZieekdOBsM
client-name: Keycloak
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
scope:
- openid
- profile
- email
provider:
keycloak:
authorization-uri: http://localhost:80/realms/Demo/protocol/openid-connect/auth
token-uri: http://localhost:80/realms/Demo/protocol/openid-connect/token
user-info-uri: http://localhost:80/realms/Demo/protocol/openid-connect/userinfo
jwk-set-uri: http://localhost:80/realms/Demo/protocol/openid-connect/certs
user-name-attribute: preferred_usernamepom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.kressing</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>demo</name>
<description>Spring Security 5 OAuth2 Client and Keycloak sample</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>我已经尝试过的是:
将应用程序和密钥披风容器hostnames
- running赋予应用程序容器docker-compose
- using容器为另一个docker-compose
构建的localhost
- using其他openjdk映像。
提前感谢您的提示和帮助!
回答 1
Stack Overflow用户
回答已采纳
发布于 2022-02-22 14:58:49
现在起作用了。我添加了一个反向代理,并将提供者urls的端口更改为内部停靠端口。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71158469
复制相关文章
相似问题
腾讯云开发者
