如何使用jboss-cli添加密钥罩子系统来保护WAR

Question

我遵循keycloak documentation来使用wildfly适配器子系统保护我的WAR。

我正在尝试使用jboss-cli.sh添加以下内容-

<secure-deployment name="WAR MODULE NAME.war">
  <realm>bkofc</realm>
  <auth-server-url>http://192.168.99.100:30001/auth</auth-server-url>
  <bearer-only>true</bearer-only>
  <ssl-required>EXTERNAL</ssl-required>
  <resource>bkofc-svc</resource>
  <credential name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
  <use-resource-role-mappings>true</use-resource-role-mappings>
</secure-deployment>

但是，无法识别"credential“属性：

[standalone@localhost:9990 /] 
/subsystem=keycloak/securedeployment=my.war/:add(realm=bkofc,auth-server-
url=http://192.168.99.100/30001/auth, bearer-only=true, ssl-
required=EXTERNAL, resource=bkofc-svc, use-resource-role-mappings=true, 
credential=9bcc6d9f-9c72-4b58-b297-79f0f207d9e1)


'credential' is not found among the supported properties: [allow-any-
hostname, always-refresh-token, auth-server-url, auth-server-url-for-
backend-requests, autodetect-bearer-only, bearer-only, client-key-password, 
client-keystore, client-keystore-password, connection-pool-size, cors-
allowed-headers, cors-allowed-methods, cors-max-age, disable-trust-manager, 
enable-basic-auth, enable-cors, expose-token, min-time-between-jwks-
requests, principal-attribute, public-client, realm, realm-public-key, 
register-node-at-startup, register-node-period, resource, ssl-required, 
token-minimum-time-to-live, token-store, truststore, truststore-passw
ord, turn-off-change-session-id-on-login, use-resource-role-mappings]
[standalone@localhost:9990 /]

如果没有credential属性，rest将被正确添加。

我该如何解决这个问题呢？

Answer 1

您必须稍后添加凭据，您应该尝试如下所示：

/subsystem=keycloak/securedeployment=my.war/:add(realm=bkofc,auth-server-url=http://192.168.99.100/30001/auth, bearer-only=true, ssl-required=EXTERNAL, resource=bkofc-svc, use-resource-role-mappings=true)

/subsystem=keycloak/secure-deployment=my.war/credential=secret:add(value="9bcc6d9f-9c72-4b58-b297-79f0f207d9e1")