WSO2IS JWT访问令牌

时间:2017-03-08 05:57:28

标签: jwt wso2is msf4j

我正在尝试从WSO2 IS获取JWT访问令牌。我按照msf4j Oauth2 Security Sample的说明操作,并设法通过resource owner password授权类型获取JWT访问令牌。 但我在外部验证令牌时遇到问题。

似乎该令牌未被默认的“wso2carbon.jks”签名。

另外,我在“服务提供商”中的声明配置未反映在jwt内容

所以我的问题:如何在WSO2IS中配置JWT签名证书?

还有: 如何操纵JWT中的声明?

我不想出于性能问题而转向“内省”端点,我的策略是只信任IS,只是为了确保(本地)JWT令牌的真实性

请告知

感谢

2 个答案:

答案 0 :(得分:1)

您可以按照[1]使用WSO2 Identity Server获取JWT访问令牌(自包含访问令牌)

[1] https://medium.com/@hasinthaindrajee/self-contained-access-tokens-with-wso2-identity-server-82111631d5b6

答案 1 :(得分:0)

好吧,这似乎是我自己的错。

我一直在使用jose4j JWT包,并且不断收到验证失败的消息。

在进一步检查msf4j实现后,我切换到nimbus-jose-jwt JWT包,并完成了它,

下面是我的实施。 

import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
public class JwtParser {

     private static final String KEYSTORE = System.getProperty("javax.net.ssl.trustStore");
     private static final String KEYSTORE_PASSWORD = System.getProperty("javax.net.ssl.trustStorePassword");

     private static Map<String, JWSVerifier> verifiers = getVerifiers();

     public static JWTClaimsSet verify(String jwt) throws Exception {

                SignedJWT signedJWT = SignedJWT.parse(jwt);
                if (!new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) {
                    new Exception("token has expired");
                }

                boolean notYet = true;
                for(Iterator<JWSVerifier> it = verifiers.values().iterator(); notYet && it.hasNext();){
                    JWSVerifier verifier = it.next();
                    notYet =  !signedJWT.verify(verifier);
                }

                if(notYet){
                    throw new Exception("token verification failed");
                }
                JWTClaimsSet claims = signedJWT.getJWTClaimsSet();
                if (claims == null) {
                    // Do something with claims
                    throw new Exception("non valid payload in token, failed");
                }

                return claims;
     }

     private static Map<String, JWSVerifier> getVerifiers(){

         Map<String, JWSVerifier> verifiers = new HashMap<>();

        try (InputStream inputStream = new FileInputStream(KEYSTORE)) {
            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            keystore.load(inputStream, KEYSTORE_PASSWORD.toCharArray());
            Enumeration<String> aliases = keystore.aliases();

            while(aliases.hasMoreElements()){
                String alias = aliases.nextElement();

                if(!keystore.isCertificateEntry(alias)){
                    continue;   
                }
                Certificate cert = keystore.getCertificate(alias);
                if(cert == null){
                    continue;
                }
                PublicKey key = cert.getPublicKey(); 
                verifiers.put(alias, new RSASSAVerifier((RSAPublicKey)key));        
            }


        }catch(KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e){
            //TODO: report the exception
        }
        return verifiers;
     }

}
相关问题
最新问题