我正在使用带有用于 Oauth2 的 keycloak 适配器的 Spring Boot 2.6.3,在带有文件上传或多部分文件上传的端点上,所有部分都是空的,并且控制器在没有使用 KeycloakWebSecurityConfigurerAdapter 的项目上接收 null 作为 MultipartFile 文件值,它可以解决盒子。
有趣的是,如果我手动调用 ((HttpServletRequest) request).getParts(); 在调用控制器之前的最后一个过滤器中,部件设置正常。
对此有任何线索吗?
我的安全配置
@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
private final String swaggerUrl;
private final CorsFilter corsFilter;
private final CustomSecurityConfig customSecurityConfig;
@Autowired
public SecurityConfig(
@Value("${springdoc.swagger-ui.url:#{null}}") String swaggerUrl,
CorsFilter corsFilter,
CustomSecurityConfig customSecurityConfig) {
this.swaggerUrl = swaggerUrl;
this.corsFilter = corsFilter;
this.customSecurityConfig = customSecurityConfig;
}
@Bean
public FilterRegistrationBean keycloakAuthenticationProcessingFilterRegistrationBean(KeycloakAuthenticationProcessingFilter filter) {
FilterRegistrationBean registrationBean = new FilterRegistrationBean(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
KeycloakAuthenticationProvider keycloakProvider = keycloakAuthenticationProvider();
keycloakProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakProvider);
}
@Override
public void configure(WebSecurity web) {
if (Objects.nonNull(swaggerUrl)) {
web.ignoring().antMatchers(
"/**/swagger-ui.html",
"/**/swagger-ui/**",
"/**/api-docs/**",
"/**" + swaggerUrl,
"/error");
}
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.addFilterBefore(corsFilter, ChannelProcessingFilter.class).csrf().disable();
http.requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/actuator/**")));
http.headers().frameOptions().disable()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/public/**", "/resources/**", "/resources/public/**").permitAll()
.antMatchers(OPTIONS, "/**").permitAll();
if (Objects.nonNull(swaggerUrl)) {
http.authorizeRequests()
.antMatchers(
"/**/swagger-ui.html",
"/**/swagger-ui/**",
"/**/v3/api-docs/**",
"/**" + swaggerUrl,
"/error")
.permitAll();
}
customSecurityConfig.configureEndpointSecurity(http);
}
}