[英]Spring boot client server authentication and authorization with jwt
The application requires to be authenticated and authorized from SSO.应用程序需要从 SSO 进行身份验证和授权。 All the required information is present in the JWT, but I'm not sure if this the correct approach as
OAuth2LoginAuthenticationToken
is null. JWT 中存在所有必需的信息,但我不确定这是否正确,因为
OAuth2LoginAuthenticationToken
是 null。
The client server WebSecurityConfigurerAdapter
is as follows客户端服务器
WebSecurityConfigurerAdapter
如下
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.authenticationProvider(
new OfficeUserAuthProvider()
);
}
}
and OfficeUserAuthProvider
is as follows和
OfficeUserAuthProvider
如下
public class OfficeUserAuthProvider implements AuthenticationProvider{
Logger logger = LoggerFactory.getLogger(OfficeUserAuthProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2LoginAuthenticationToken auth = (OAuth2LoginAuthenticationToken) authentication;
logger.info("{}", authentication);
// TODO Auto-generated method stub
return null;
}
@Override
public boolean supports(Class<?> authentication) {
logger.info("{}", OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication));
return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
}
}
The output from logger.info("{}", authentication);
output 来自
logger.info("{}", authentication);
is是
22-01-31 Mon 01:25:15.700 INFO c.t.s.config.OfficeUserAuthProvider Java : 27 : OAuth2LoginAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=FF16A2C206F66F021109D86C4997F8F6], Granted Authorities=[]]
The decoded JWT token received from authorization serve is从授权服务器收到的解码 JWT 令牌是
{
"dateTime": 1643570398335,
"aud": [
"documentRepository"
],
"user_name": "admin",
"enable": true,
"scope": [
"read",
"write"
],
"exp": 1643572198,
"department": null,
"authorities": [
"ROLE_ADMIN_USER",
"ROLE_OFFICE_USER"
],
"jti": "bbc551c4-31ec-4744-bc92-c051f5c08719",
"client_id": "appXXXX"
}
and application.property
of client server is客户端服务器的
application.property
是
spring.security.oauth2.client.registration.xyz.client-id=appXXXX
spring.security.oauth2.client.registration.xyz.client-secret=passXXXXX
spring.security.oauth2.client.registration.xyz.client-name=app
spring.security.oauth2.client.registration.xyz.scope=read, write
spring.security.oauth2.client.registration.xyz.provider=xyz-sso
spring.security.oauth2.client.registration.xyz.redirect-uri=http://localhost:8081/login/oauth2/code/
spring.security.oauth2.client.registration.xyz.client-authentication-method=post
spring.security.oauth2.client.registration.xyz.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.xyz-sso.authorization-uri=http://modern-14-b4mw:8080/oauth/authorize
spring.security.oauth2.client.provider.xyz-sso.token-uri=http://modern-14-b4mw:8080/oauth/token
Had to improvise and implemented a rest end point for the Principal
/user/me
in the SSO必须为 SSO 中的
Principal
/user/me
即兴创作并实施 rest 端点
in client application.property
added在客户端
application.property
添加
spring.security.oauth2.client.provider.xyz-sso.user-info-uri=http://modern-14-b4mw:8080/api//user/me
spring.security.oauth2.client.provider.xyz-sso.user-name-attribute=name
with the above update was able to get OAuth2AuthenticationToken
通过上述更新能够获得
OAuth2AuthenticationToken
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.