具有 Spring 安全性的 JWT 解码
JWT decoding with Spring Security
我的 JWT 解码有问题。
我正在为 oauth2 授权服务编写集成。
我发送请求以获取授权令牌并获得如下响应:
{
"access_token": "c76fb018-27c9-43f7-a751-62646eda7e1a-1",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "03e0be32-e72e-47ec-b740-a00b333a8ac4-1",
"id_token": "eyJhbGciOiJnb3N0MzQtMTAuMjAxMiJ9.eyJzdWIiOiIwZDYxNTI3NDRlNDhkMTU4Y2UwMWQ3ZDQwZTdjNzUwYmZhMTVmMWVhY2NkOTQ3YmYwYTU0NzRhNDkwMGMyZTdjIiwiaXNzIjoiaXNzLWRlZmF1bHQtdmFsdWUiLCJhdWQiOiIxMTQzIiwiZXhwIjoxNTE4NzAxMDcxLCJpYXQiOjE1MTg3MDA3NzEsImF1dGhfdGltZSI6MTUxODcwMDc1NiwiYWNyIjoibG9hLTMiLCJhbXIiOiJ7cHdkLCBtY2EsIG1mYSw
gb3RwLCBzbXN9IiwiYXpwIjoiMTE0MyIsIm5vbmNlIjoiN2JlNjZhYzktZDA3Yy00OTY3LWFkZWQtY2EyNzBhMjdlOWU4In0=.EdiC77+9bO+/vRzvv71677+977+977+9eAXvv73vv73vv71E77+977+977+977+9Re+/ve+/vTNbbdm0Bu+/vRY/eO+/vRvvv70q77+977+9LO+/vU4iZO+/vSNF0oFy77+977+977+9GQnvv73vv70v77+9QO+/vXk="
}
id_token - Base64 编码的 URL 是识别用户所需的一组客户端属性。属性以“.”分隔。字符,每个字符都必须单独解码。
我不知道该怎么做。如果有任何帮助,我将不胜感激。
Application.yml
spring:
security:
oauth2:
client:
registration:
sbb:
client-id: *******
client-secret: ******
scope: openid
client-authentication-method: post
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
provider:
sbb:
authorization-uri: https://auth.site.com/ic/sso/api/v1/oauth/authorize
token-uri: https://auth.site.com/ic/sso/api/v1/oauth/token
user-info-uri: https://auth.site.com/ic/sso/api/v1/oauth/user-info
user-name-attribute: sub
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
http.cors().disable();
http.csrf().disable();
http
.authorizeRequests().antMatchers("/login").permitAll().and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Login();
}
}
当我启动我的应用程序时,出现错误:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [missing_signature_verifier] Failed to find a Signature Verifier for Client Registration: 'sbb'. Check to ensure you have configured the JwkSet URI.
我的提供商不提供 JwkSet URI。
Filip 描述了方法 here。我只是稍微扩展了一下。
@Bean
public JwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
final JwtDecoder decoder = new JwtDecoder() {
@SneakyThrows
@Override
public Jwt decode(String token) throws JwtException {
JWT jwt = JWTParser.parse(token);
return createJwt(token, jwt);
}
private Jwt createJwt(String token, JWT parsedJwt) {
try {
Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
Map<String, Object> claims = parsedJwt.getJWTClaimsSet().getClaims();
return Jwt.withTokenValue(token)
.headers(h -> h.putAll(headers))
.claims(c -> c.putAll(claims))
.build();
} catch (Exception ex) {
if (ex.getCause() instanceof ParseException) {
throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"));
} else {
throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
}
}
}
};
return context -> decoder;
}
我的 JWT 解码有问题。 我正在为 oauth2 授权服务编写集成。 我发送请求以获取授权令牌并获得如下响应:
{
"access_token": "c76fb018-27c9-43f7-a751-62646eda7e1a-1",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "03e0be32-e72e-47ec-b740-a00b333a8ac4-1",
"id_token": "eyJhbGciOiJnb3N0MzQtMTAuMjAxMiJ9.eyJzdWIiOiIwZDYxNTI3NDRlNDhkMTU4Y2UwMWQ3ZDQwZTdjNzUwYmZhMTVmMWVhY2NkOTQ3YmYwYTU0NzRhNDkwMGMyZTdjIiwiaXNzIjoiaXNzLWRlZmF1bHQtdmFsdWUiLCJhdWQiOiIxMTQzIiwiZXhwIjoxNTE4NzAxMDcxLCJpYXQiOjE1MTg3MDA3NzEsImF1dGhfdGltZSI6MTUxODcwMDc1NiwiYWNyIjoibG9hLTMiLCJhbXIiOiJ7cHdkLCBtY2EsIG1mYSw
gb3RwLCBzbXN9IiwiYXpwIjoiMTE0MyIsIm5vbmNlIjoiN2JlNjZhYzktZDA3Yy00OTY3LWFkZWQtY2EyNzBhMjdlOWU4In0=.EdiC77+9bO+/vRzvv71677+977+977+9eAXvv73vv73vv71E77+977+977+977+9Re+/ve+/vTNbbdm0Bu+/vRY/eO+/vRvvv70q77+977+9LO+/vU4iZO+/vSNF0oFy77+977+977+9GQnvv73vv70v77+9QO+/vXk="
}
id_token - Base64 编码的 URL 是识别用户所需的一组客户端属性。属性以“.”分隔。字符,每个字符都必须单独解码。
我不知道该怎么做。如果有任何帮助,我将不胜感激。
Application.yml
spring:
security:
oauth2:
client:
registration:
sbb:
client-id: *******
client-secret: ******
scope: openid
client-authentication-method: post
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
provider:
sbb:
authorization-uri: https://auth.site.com/ic/sso/api/v1/oauth/authorize
token-uri: https://auth.site.com/ic/sso/api/v1/oauth/token
user-info-uri: https://auth.site.com/ic/sso/api/v1/oauth/user-info
user-name-attribute: sub
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
http.cors().disable();
http.csrf().disable();
http
.authorizeRequests().antMatchers("/login").permitAll().and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Login();
}
}
当我启动我的应用程序时,出现错误:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [missing_signature_verifier] Failed to find a Signature Verifier for Client Registration: 'sbb'. Check to ensure you have configured the JwkSet URI.
我的提供商不提供 JwkSet URI。
Filip 描述了方法 here。我只是稍微扩展了一下。
@Bean
public JwtDecoderFactory<ClientRegistration> jwtDecoderFactory() {
final JwtDecoder decoder = new JwtDecoder() {
@SneakyThrows
@Override
public Jwt decode(String token) throws JwtException {
JWT jwt = JWTParser.parse(token);
return createJwt(token, jwt);
}
private Jwt createJwt(String token, JWT parsedJwt) {
try {
Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject());
Map<String, Object> claims = parsedJwt.getJWTClaimsSet().getClaims();
return Jwt.withTokenValue(token)
.headers(h -> h.putAll(headers))
.claims(c -> c.putAll(claims))
.build();
} catch (Exception ex) {
if (ex.getCause() instanceof ParseException) {
throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload"));
} else {
throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex);
}
}
}
};
return context -> decoder;
}