Spring 使用 jwt 启动客户端服务器身份验证和授权
Spring boot client server authentication and authorization with jwt
应用程序需要从 SSO 进行身份验证和授权。
JWT 中提供了所有必需的信息,但我不确定这是否是正确的方法,因为 OAuth2LoginAuthenticationToken 为空。
客户端服务器WebSecurityConfigurerAdapter如下
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.authenticationProvider(
new OfficeUserAuthProvider()
);
}
}
和OfficeUserAuthProvider如下
public class OfficeUserAuthProvider implements AuthenticationProvider{
Logger logger = LoggerFactory.getLogger(OfficeUserAuthProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2LoginAuthenticationToken auth = (OAuth2LoginAuthenticationToken) authentication;
logger.info("{}", authentication);
// TODO Auto-generated method stub
return null;
}
@Override
public boolean supports(Class<?> authentication) {
logger.info("{}", OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication));
return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
}
}
logger.info("{}", authentication); 的输出是
22-01-31 Mon 01:25:15.700 INFO c.t.s.config.OfficeUserAuthProvider Java : 27 : OAuth2LoginAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=FF16A2C206F66F021109D86C4997F8F6], Granted Authorities=[]]
从授权服务器收到的解码 JWT 令牌是
{
"dateTime": 1643570398335,
"aud": [
"documentRepository"
],
"user_name": "admin",
"enable": true,
"scope": [
"read",
"write"
],
"exp": 1643572198,
"department": null,
"authorities": [
"ROLE_ADMIN_USER",
"ROLE_OFFICE_USER"
],
"jti": "bbc551c4-31ec-4744-bc92-c051f5c08719",
"client_id": "appXXXX"
}
客户端服务器的和application.property是
spring.security.oauth2.client.registration.xyz.client-id=appXXXX
spring.security.oauth2.client.registration.xyz.client-secret=passXXXXX
spring.security.oauth2.client.registration.xyz.client-name=app
spring.security.oauth2.client.registration.xyz.scope=read, write
spring.security.oauth2.client.registration.xyz.provider=xyz-sso
spring.security.oauth2.client.registration.xyz.redirect-uri=http://localhost:8081/login/oauth2/code/
spring.security.oauth2.client.registration.xyz.client-authentication-method=post
spring.security.oauth2.client.registration.xyz.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.xyz-sso.authorization-uri=http://modern-14-b4mw:8080/oauth/authorize
spring.security.oauth2.client.provider.xyz-sso.token-uri=http://modern-14-b4mw:8080/oauth/token
不得不即兴创作并实施 Principal 的休息终点
/user/me 在 SSO
在客户端application.property添加
spring.security.oauth2.client.provider.xyz-sso.user-info-uri=http://modern-14-b4mw:8080/api//user/me
spring.security.oauth2.client.provider.xyz-sso.user-name-attribute=name
通过以上更新可以得到OAuth2AuthenticationToken
应用程序需要从 SSO 进行身份验证和授权。
JWT 中提供了所有必需的信息,但我不确定这是否是正确的方法,因为 OAuth2LoginAuthenticationToken 为空。
客户端服务器WebSecurityConfigurerAdapter如下
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.authenticationProvider(
new OfficeUserAuthProvider()
);
}
}
和OfficeUserAuthProvider如下
public class OfficeUserAuthProvider implements AuthenticationProvider{
Logger logger = LoggerFactory.getLogger(OfficeUserAuthProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2LoginAuthenticationToken auth = (OAuth2LoginAuthenticationToken) authentication;
logger.info("{}", authentication);
// TODO Auto-generated method stub
return null;
}
@Override
public boolean supports(Class<?> authentication) {
logger.info("{}", OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication));
return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
}
}
logger.info("{}", authentication); 的输出是
22-01-31 Mon 01:25:15.700 INFO c.t.s.config.OfficeUserAuthProvider Java : 27 : OAuth2LoginAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=FF16A2C206F66F021109D86C4997F8F6], Granted Authorities=[]]
从授权服务器收到的解码 JWT 令牌是
{
"dateTime": 1643570398335,
"aud": [
"documentRepository"
],
"user_name": "admin",
"enable": true,
"scope": [
"read",
"write"
],
"exp": 1643572198,
"department": null,
"authorities": [
"ROLE_ADMIN_USER",
"ROLE_OFFICE_USER"
],
"jti": "bbc551c4-31ec-4744-bc92-c051f5c08719",
"client_id": "appXXXX"
}
和application.property是
spring.security.oauth2.client.registration.xyz.client-id=appXXXX
spring.security.oauth2.client.registration.xyz.client-secret=passXXXXX
spring.security.oauth2.client.registration.xyz.client-name=app
spring.security.oauth2.client.registration.xyz.scope=read, write
spring.security.oauth2.client.registration.xyz.provider=xyz-sso
spring.security.oauth2.client.registration.xyz.redirect-uri=http://localhost:8081/login/oauth2/code/
spring.security.oauth2.client.registration.xyz.client-authentication-method=post
spring.security.oauth2.client.registration.xyz.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.xyz-sso.authorization-uri=http://modern-14-b4mw:8080/oauth/authorize
spring.security.oauth2.client.provider.xyz-sso.token-uri=http://modern-14-b4mw:8080/oauth/token
不得不即兴创作并实施 Principal 的休息终点
/user/me 在 SSO
在客户端application.property添加
spring.security.oauth2.client.provider.xyz-sso.user-info-uri=http://modern-14-b4mw:8080/api//user/me
spring.security.oauth2.client.provider.xyz-sso.user-name-attribute=name
通过以上更新可以得到OAuth2AuthenticationToken