使用Azure Ad Spring Starter 2.1.6。使用AADAuthenticationFilter https://github.com/Microsoft/azure-spring-boot,代码将转到buildUserPrincipal中,其中存在一个验证发布者调用。默认值显示在下面。我的发卡行不是https://login.microsoftonline.com/uuid/v2.0的默认发卡行,因此会引发错误,我该如何覆盖或配置它以检查我的发卡行?
private ConfigurableJWTProcessor<SecurityContext> getAadJwtTokenValidator(JWSAlgorithm jwsAlgorithm) {
final ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
final JWSKeySelector<SecurityContext> keySelector =
new JWSVerificationKeySelector<>(jwsAlgorithm, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<SecurityContext>() {
@Override
public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException {
super.verify(claimsSet, ctx);
final String issuer = claimsSet.getIssuer();
if (issuer == null || !issuer.contains("https://sts.windows.net/")
&& !issuer.contains("https://sts.chinacloudapi.cn/")) {
throw new BadJWTException("Invalid token issuer");
}
}
});
return jwtProcessor;
}