在资源服务器上解码Spring Boot 2.1 OAuth2编码的JWT

时间:2019-03-17 22:15:02

标签: spring-boot spring-security jwt spring-security-oauth2

尝试将现有资源服务从Spring Boot 1.x升级到2.x。 Spring Security 4.5在身份验证服务器上运行,并对JWT令牌进行编码,如下所示:

  @Bean
  public JwtAccessTokenConverter jwtAccessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey(privateKey);
    converter.setVerifierKey(publicKey);
    return converter;
  }

升级到Spring Boot 2.1.3的资源服务器释放此错误:

OAuth2AuthenticationProcessingFilter:165 : 
Authentication request failed: error="invalid_token",
error_description="Invalid access token:****..."

该日志显示OAuth2AuthenticationProcessingFilter正在使用MappingJackson2HttpMessageConverter提取JWT令牌。春季安全性自动配置应提供JwtAccessTokenConverter Bean而不是MappingJackson2HttpMessageConverter Bean,因为我的属性文件中包含键值:

  security:
    oauth2:
      resource:
        jwt:
          key-value: |
            -----BEGIN PUBLIC KEY-----
            ...
            -----END PUBLIC KEY-----

这是应该检测到它的Spring Security ResourceServerTokenServiceConfiguration类。该属性与“ security.oauth2.resource.jwt.key-value”匹配。

  public ConditionOutcome getMatchOutcome(ConditionContext context,
            AnnotatedTypeMetadata metadata) {
    ConditionMessage.Builder message = ConditionMessage
                .forCondition("OAuth JWT Condition");
    Environment environment = context.getEnvironment();
    String keyValue = environment
                .getProperty("security.oauth2.resource.jwt.key-value");
    String keyUri = environment
                .getProperty("security.oauth2.resource.jwt.key-uri");
    if (StringUtils.hasText(keyValue) || StringUtils.hasText(keyUri)) {
      return ConditionOutcome
                    .match(message.foundExactly("provided public key"));
    }
    return ConditionOutcome
                .noMatch(message.didNotFind("provided public key").atAll());
  }

这些是资源服务器安全性依赖项:

  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.security.oauth.boot</groupId>
    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
    <scope>compile</scope>
  </dependency>
  <dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-oauth2</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-test</artifactId>
    <scope>test</scope>
  </dependency>

这是资源服务器配置。它与Spring Boot 1.5.x基本上相同。

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  private static final String RESOURCE_ID = "my-service";

  @Override
  public void configure(final HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().authenticated();
  }

  @Override
  public void configure(ResourceServerSecurityConfigurer resources) {
    resources.resourceId(RESOURCE_ID);
  }
}

我想念什么?

1 个答案:

答案 0 :(得分:0)

问题出在属性方面。我已经将“ security.oauth2”移到了“ spring.security.oauth2”。当我打开org.springframework.boot.autoconfigure.security.oauth2的日志记录并看到以下内容时:

did not match due to OAuth Client ID did not find security.oauth2.client.client-id property

因此,我决定尝试将oauth2属性从“ spring”下移回。并且能够提取JWT令牌。

相关问题
最新问题