在使用keycloak集成springboot的(de)過程(cheng)中，對于(yu)需要(yao)授權訪問的(de)接口，它會(hui)跳到keycloak里(li)進行登(deng)錄，之前有個redirect_uri,登(deng)錄成功后會(hui)跳回本客戶(hu)端，而這個地(di)址默認沒有修改的(de)地(di)方(fang)，需要(yao)我們(men)手動開(kai)發，這塊不是很方(fang)便。

自定義redirect_uri

一(yi) 重寫BeanPostProcessor來實現

@Component
public class KeycloackAuthenticationProcessingFilterPostProcessor implements BeanPostProcessor {

    private static final Logger logger = LoggerFactory.getLogger(KeycloackAuthenticationProcessingFilterPostProcessor.class);

    private void process(KeycloakAuthenticationProcessingFilter filter) {
        filter.setRequestAuthenticatorFactory(new SpringSecurityRequestAuthenticatorFactory() {
            @Override
            public RequestAuthenticator createRequestAuthenticator(HttpFacade facade, HttpServletRequest request, KeycloakDeployment deployment, AdapterTokenStore tokenStore, int sslRedirectPort) {
                return new SpringSecurityRequestAuthenticator(facade, request, deployment, tokenStore, sslRedirectPort) {

                    @Override
                    protected OAuthRequestAuthenticator createOAuthAuthenticator() {
                        return new OAuthRequestAuthenticator(this, facade, deployment, sslRedirectPort, tokenStore) {

                            @Override
                            protected String getRequestUrl() {
                                return "//localhost:8081/callback";
                            }
                        };
                    }

                };
            }
        });
    }

    @Override
    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
        if (bean instanceof KeycloakAuthenticationProcessingFilter) {
            logger.info("Injecting Custom handler...");
            process(((KeycloakAuthenticationProcessingFilter) bean));
        }
        return bean;
    }

二 在沒有授權時，直接跳到 授權系統，然后觀察地址上redirect_uri已經發生變化了

參考文檔：