Spring 使用 jwt 启动客户端服务器身份验证和授权
[英]Spring boot client server authentication and authorization with jwt
问题描述
The application requires to be authenticated and authorized from SSO.
应用程序需要从 SSO 进行身份验证和授权。 All the required information is present in the JWT, but I'm not sure if this the correct approach as OAuth2LoginAuthenticationToken is null. JWT 中存在所有必需的信息,但我不确定这是否正确,因为OAuth2LoginAuthenticationToken是 null。
The client server WebSecurityConfigurerAdapter is as follows客户端服务器WebSecurityConfigurerAdapter如下
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.authenticationProvider(
new OfficeUserAuthProvider()
);
}
}
and OfficeUserAuthProvider is as follows和OfficeUserAuthProvider如下
public class OfficeUserAuthProvider implements AuthenticationProvider{
Logger logger = LoggerFactory.getLogger(OfficeUserAuthProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2LoginAuthenticationToken auth = (OAuth2LoginAuthenticationToken) authentication;
logger.info("{}", authentication);
// TODO Auto-generated method stub
return null;
}
@Override
public boolean supports(Class<?> authentication) {
logger.info("{}", OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication));
return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
}
}
The output from logger.info("{}", authentication); output 来自logger.info("{}", authentication); is是
22-01-31 Mon 01:25:15.700 INFO c.t.s.config.OfficeUserAuthProvider Java : 27 : OAuth2LoginAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=false, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=FF16A2C206F66F021109D86C4997F8F6], Granted Authorities=[]]
The decoded JWT token received from authorization serve is从授权服务器收到的解码 JWT 令牌是
{
"dateTime": 1643570398335,
"aud": [
"documentRepository"
],
"user_name": "admin",
"enable": true,
"scope": [
"read",
"write"
],
"exp": 1643572198,
"department": null,
"authorities": [
"ROLE_ADMIN_USER",
"ROLE_OFFICE_USER"
],
"jti": "bbc551c4-31ec-4744-bc92-c051f5c08719",
"client_id": "appXXXX"
}
and application.property of client server is客户端服务器的application.property是
spring.security.oauth2.client.registration.xyz.client-id=appXXXX
spring.security.oauth2.client.registration.xyz.client-secret=passXXXXX
spring.security.oauth2.client.registration.xyz.client-name=app
spring.security.oauth2.client.registration.xyz.scope=read, write
spring.security.oauth2.client.registration.xyz.provider=xyz-sso
spring.security.oauth2.client.registration.xyz.redirect-uri=http://localhost:8081/login/oauth2/code/
spring.security.oauth2.client.registration.xyz.client-authentication-method=post
spring.security.oauth2.client.registration.xyz.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.xyz-sso.authorization-uri=http://modern-14-b4mw:8080/oauth/authorize
spring.security.oauth2.client.provider.xyz-sso.token-uri=http://modern-14-b4mw:8080/oauth/token
1 个解决方案
解决方案1
0 2022-01-31 11:19:05
Had to improvise and implemented a rest end point for the Principal /user/me in the SSO必须为 SSO 中的Principal /user/me即兴创作并实施 rest 端点
in client application.property added在客户端application.property添加
spring.security.oauth2.client.provider.xyz-sso.user-info-uri=http://modern-14-b4mw:8080/api//user/me
spring.security.oauth2.client.provider.xyz-sso.user-name-attribute=name
with the above update was able to get OAuth2AuthenticationToken通过上述更新能够获得OAuth2AuthenticationToken
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.