我创建了一个zuul网关,该网关通过使用秘密密钥对其进行签名来生成JWT令牌。然后,我在路由到我的API时在标头中发送此令牌。
Jwt令牌生成器的代码
public String SECRET_KEY = "secretKeyToSign";
@Description("Function to generate token")
public String generateJwt(String client_id) {
String token = new String();
//claims is anything you want to include in your JWT payload
Claims claims = Jwts.claims();
claims.put("client_id",client_id);
token = Jwts.builder().setClaims(claims).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
.signWith(SignatureAlgorithm.HS256, SECRET_KEY).compact();
return token;
}
已生成JWT令牌
eyJhbGciOiJIUzI1NiJ9.eyJjbGllbnRfaWQiOiJjbGllbnRpZCIsImlhdCI6MTU5MDEyNzQ3NCwiZXhwIjoxNTkwMTYzNDc0fQ.mO0H0uFKFuEW
我在检查此令牌的代码
@SpringBootApplication
@EnableResourceServer
public class SpringZuulRouteApi1Application extends
ResourceServerConfigurerAdapter
{
public static void main(String[] args) {
SpringApplication.run(SpringZuulRouteApi1Application.class, args);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.tokenServices(tokenServices());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setVerifierKey("secretKeyToSign");
converter.setSigningKey("secretKeyToSign");
return converter;
}
我正在从标头传递授权承载令牌值。 我正在使用秘密密钥(“ secretKeyToSign”),而不是publicKey。我相信它不会解析Jwt令牌,否则应该给令牌过期错误,但是会抛出无效的访问令牌
{
"error": "invalid_token",
"error_description": "Cannot convert access token to JSON"
}
任何帮助将不胜感激。在此先感谢