使用 OAuth2 保护服务,JWT 令牌不起作用 Spring 云
[英]Protecting the service using OAuth2, JWT token not working Spring cloud
问题描述
I have a micro service architecture.
我有一个微服务架构。 And I am securing the service by using OAuth2 and configured in using the JWT token.我通过使用 OAuth2 保护服务并使用 JWT 令牌进行配置。 I am having a problem regarding securing the services in this micro service.我在保护此微服务中的服务时遇到问题。 I have implemented the authorization server successfully.我已经成功实现了授权服务器。 I am able to generate the JWT token and access the protected resource of Authorization server.我能够生成 JWT 令牌并访问授权服务器的受保护资源。
For securing the micro sevices I have done the following things:为了保护微服务,我做了以下事情:
- Added dependency in pom file of the micro service that i want to secure with OAuth2:在我想用 OAuth2 保护的微服务的 pom 文件中添加了依赖项:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
- Modified the boostrap application as below:修改了 boostrap 应用程序如下:
@SpringBootApplication
@EnableResourceServer
public class Application {
...
}
- Created the JwtTokenConfiguration as below:创建 JwtTokenConfiguration 如下:
private String getPublicKeyAsString() {
try {
Resource resource = new ClassPathResource("publickey.pem");
// return IOUtils.toString(oAuth2ConfigProperties.getJwt().getPublicKey().getInputStream(),
// StandardCharsets.UTF_8);
String strPublicKey= ".....";
String verifierKey = String.format("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----", strPublicKey);
//verifierKey = String.format("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----", strPublicKey);
System.out.println(verifierKey);
return verifierKey;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setVerifierKey(getPublicKeyAsString());
return jwtAccessTokenConverter;
}
The error is like below:错误如下:
... 33 common frames omitted
Caused by: java.lang.IllegalStateException: For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key
at org.springframework.util.Assert.state(Assert.java:73) ~[spring-core-5.2.4.RELEASE.jar:5.2.4.RELEASE]
at org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter.afterPropertiesSet(JwtAccessTokenConverter.java:318) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1855) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1792) ~[spring-beans-5.2.4.RELEASE.jar:5.2.4.RELEASE]
... 53 common frames omitted
The oauthcer.jks is located in the authorization server. oauthcer.jks 位于授权服务器中。 I have generate the public from the oauthcer.jks by running the commmand below:我通过运行以下命令从 oauthcer.jks 生成了公众:
keytool -list -rfc --keystore oauth2cer.jks
The result that i get from running command is like below:我从运行命令得到的结果如下:
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIJAM8UC/xKlIfwMA0GCSqG ...
-----END CERTIFICATE-----
I tested the result in the url: https://8gwifi.org/PemParserFunctions.jsp and it works fine.我在 url: https://8gwifi.org/PemParserFunctions.jsp中测试了结果,它工作正常。
I don't know why it is not working.我不知道为什么它不起作用。 I have tried many things.我已经尝试了很多东西。 I will apriciate any guide.我会感谢任何指南。
1 个解决方案
解决方案1
0 已采纳 2020-04-15 18:41:31
I have faced a similar problem.我也遇到过类似的问题。 What you are doing wrong is you are passing the certificate to the: jwtAccessTokenConverter.setVerifierKey(getPublicKeyAsString());您做错了什么是将证书传递给: jwtAccessTokenConverter.setVerifierKey(getPublicKeyAsString()); . . You need to pass the public key.您需要传递公钥。
To fix this issue you need to extract the public key from the oauth2cer.jks.要解决此问题,您需要从 oauth2cer.jks 中提取公钥。 Execute the command below to extract the public key:执行以下命令提取公钥:
keytool -list -rfc --keystore oauth2cer.jks | openssl x509 -inform pem -pubkey -noout
After executing the command above it will display the result like below:执行上面的命令后会显示如下结果:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAdfsdfsdaxzcCAQ8AMIIBCgKCAQEAvJXQdLvlF1d
hx+AAzmNpuD89XPFAcmrvCt7CTGzi0bd/3WzK8dP2clxnVFANh7mbu24U91jK9ZS
3rewr4534tgfdryt54ytry6uyr
-----END PUBLIC KEY-----
The result above needs to be passed to the setVerifierKey method.上面的结果需要传递给 setVerifierKey 方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.