当我使用以下pom例如将springBoot版本从1.5.x更改为2.0.3时:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>dictionary-web</artifactId>
<packaging>war</packaging>
<parent>
<groupId>X</groupId>
<artifactId>dictionary</artifactId>
<version>4.6.0-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>X</groupId>
<artifactId>Y-trace</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>X</groupId>
<artifactId>Y-security</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>X</groupId>
<artifactId>Y-timemachine</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>${spring-security-jwt.version}</version>
</dependency>
<dependency>
<groupId>X</groupId>
<artifactId>dictionary-bo</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-sleuth</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-zipkin</artifactId>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>${swagger.version}</version>
</dependency>
</dependencies>
<profiles>
<profile>
<id>default</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
<archive>
<manifestEntries>
<Sys-Version>${project.version}</Sys-Version>
<!-- Variables set by Hudson -->
<Build-Number>${BUILD_NUMBER}</Build-Number>
<Build-Date>${BUILD_TIMESTAMP}</Build-Date>
<!-- Next two for potential usage in the next AppInfo versions -->
<Job-Name>${JOB_NAME}</Job-Name>
<Git-Branch>${GIT_BRANCH}</Git-Branch>
<Git-Commit>${GIT_COMMIT}</Git-Commit>
</manifestEntries>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.0.3.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<!-- Enable this profile to run in IntelliJ. IntelliJ excludes provided dependencies from compile by default. -->
<id>intellij</id>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>compile</scope>
</dependency>
</dependencies>
</profile>
</profiles>
</project>
我只能通过401获得zuul。
在这里可以读到:https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide#oauth2
OAuth2
Functionality from the Spring Security OAuth project is being migrated to core Spring Security. Dependency management is no longer provided for that dependency and Spring Boot 2 provides OAuth 2.0 client support via Spring Security 5.
If you depend on Spring Security OAuth features that have not yet been migrated, you will need to add a dependency on an additional jar, check the documentation for more details. We’re also continuing to support Spring Boot 1.5 so older applications can continue to use that until an upgrade path is provided.
我认为安全性可能需要改变-但我不知道该朝哪个方向前进。
我是否需要将spring-security-jwt更改为其他内容?
有人可以提示我安全性如何变化吗?这是安全问题还是zuul?
OAuth配置:
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}
@Bean
public TokenStore tokenStore() {
JwtAccessTokenConverter converter = JwtAccessTokenConverterProvider.addKeyPair(new JwtAccessTokenConverter());
DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
defaultAccessTokenConverter.setUserTokenConverter(new XUserTokenConverter());
converter.setAccessTokenConverter(defaultAccessTokenConverter);
return new JwtTokenStore(converter);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}
401的问题也在此处描述:JWT 401 only when hitting via zuul