keycloak自定义页面开发 2020-04-28

2020-04-28  本文已影响0人  张亚旭

keycloak 自定义页面开发

(https://my.oschina.net/wecanweup/blog/4254362#comments)

realmkeycloakfreemarker

1.开发方式

主题类型

创建主题

主题开发

调整主题

完全覆盖开发

2.难点

难点在于找到并理解原页面中出现的表达式及含义。

挖掘模板引擎中realm.password表达式含义:

在login.ftl中有如下代码:

  <#if realm.password>
          <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}"
                method="post">
                .............
 <#if>

可以看到有一个realm.password表达式,如果realm.password为ture,则展示登录表单。 经过查找源码其计算依赖的是realm model中的getRequiredCredentials(),经过研究其对应的应当是官方文档中描述的credentials属性,解释如下:

Specify the credentials of the application. This is an object notation where the key is the credential type and the value is the value of the credential type. Currently password and jwt is supported. This is REQUIRED only for clients with 'Confidential' access type.

其实际值与client中的Access Type属性相关:

Access Type
This defines the type of the OIDC client.

  • confidential
    Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
  • public
    Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
  • bearer-only
    Bearer-only access type means that the application only allows bearer token requests. If this is turned on, this application cannot participate in browser logins.

结果就是:如果client的Access Type为public ,则realm.password 为true。

当然可以无视这个变量,去写自己的页面,但是:

上一篇 下一篇

猜你喜欢

热点阅读