client settings
dependencies {
..
implementation("org.springframework.boot:spring-boot-starter-security")
..
implementation("org.springframework.security:spring-security-oauth2-client")
implementation("org.springframework.security:spring-security-oauth2-jose")
}
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://니꺼키클록/auth/realms/니꺼
spring.security.oauth2.client.provider.keycloak.authorization-uri=https://니꺼키클록/auth/realms/니꺼/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.token-uri=https://니꺼키클록/auth/realms/니꺼/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.user-info-uri=https://니꺼키클록/auth/realms/니꺼/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.jwk-set-uri=https://니꺼키클록/auth/realms/니꺼/protocol/openid-connect/certs
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
spring.security.oauth2.client.registration.keycloak.client-id=니꺼클라
spring.security.oauth2.client.registration.keycloak.client-secret=니꺼
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.scope=openid
@Configuration
@EnableSwagger2
class SwaggerConfig : WebFluxConfigurer {
private val log = LoggerFactory.getLogger(javaClass)
override fun addResourceHandlers(registry: ResourceHandlerRegistry) {
val baseUrl: String = StringUtils.trimTrailingCharacter("/api", '/') // 적당히 수정
registry.addResourceHandler("$baseUrl/swagger-ui/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/springfox-swagger-ui/")
.resourceChain(false)
}
@Bean
fun securityConfiguration(): SecurityConfiguration? {
val additionalQueryStringParams: MutableMap<String, Any> = HashMap()
additionalQueryStringParams["nonce"] = "123456" // 랜덤값
return SecurityConfigurationBuilder.builder()
.clientId("클라이름").realm("니꺼").appName("swagger-ui")
.additionalQueryStringParams(additionalQueryStringParams)
.build()
}
@Bean
fun api(): Docket? {
return Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.example.demo")) // 요기 수정
.paths(PathSelectors.any())
.build().securitySchemes(buildSecurityScheme()).securityContexts(buildSecurityContext())
}
private fun buildSecurityContext(): List<SecurityContext>? {
val securityReferences: MutableList<SecurityReference> = ArrayList()
securityReferences.add(SecurityReference.builder().reference("oauth2").scopes(scopes().toTypedArray()).build())
val context: SecurityContext = SecurityContext.builder().operationSelector { true }.securityReferences(securityReferences).build()
val ret: MutableList<SecurityContext> = ArrayList<SecurityContext>()
ret.add(context)
return ret
}
private fun buildSecurityScheme(): List<SecurityScheme?>? {
val lst: MutableList<SecurityScheme?> = ArrayList<SecurityScheme?>()
val login = LoginEndpointBuilder().url("니꺼/auth/realms/니꺼/protocol/openid-connect/auth").build()
val gTypes: MutableList<GrantType> = ArrayList<GrantType>()
gTypes.add(ImplicitGrant(login, "acces_token"))
lst.add(OAuth("oauth2", scopes(), gTypes))
return lst
}
private fun scopes(): List<AuthorizationScope?> {
val scopes: MutableList<AuthorizationScope?> = ArrayList()
for (scopeItem in arrayOf("openid=openid", "profile=profile")) {
val scope = scopeItem.split("=").toTypedArray()
if (scope.size == 2) {
scopes.add(AuthorizationScopeBuilder().scope(scope[0]).description(scope[1]).build())
} else {
log.warn("Scope '{}' is not valid (format is scope=description)", scopeItem)
}
}
return scopes
}
}