stackoom
  简体   繁体   中英

How to configure a Reactive Resource Server to use a JWT with a symmetric key?

 原文  2020-11-09 19:47:28       java/ spring-security/ spring-webflux/ spring-security-oauth2

Question

On the Authorization server, my Jwt was generated with this:

      @Value("${jwt.key}")
      private String jwtKey;

      @Override
      public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
            .authenticationManager(authenticationManager)
            .tokenStore(tokenStore)
            .accessTokenConverter(jwtAccessTokenConverter);
      }
    
      @Bean
      public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
      }
    
      @Bean
      public JwtAccessTokenConverter jwtAccessTokenConverter() {
        var converter = new JwtAccessTokenConverter();
        converter.setSigningKey(jwtKey);
        return converter;
      }

Now on the Reactive Resource server side:

  @Value("${jwt.key}")
  private String jwtKey;

  @Bean
  public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http
        .authorizeExchange()
        .anyExchange().authenticated()
        .and()
        .oauth2ResourceServer()
        .jwt(jwtSpec -> {...})
        .and.build();
  }

How can I configure my Reactive Resource Server to use that token, given the signing key ?

1 answers

solution1
 2 ACCPTED  2020-11-10 07:46:07

  @Value("${jwt.key}")
  private String jwtKey;

  @Bean
  public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http
        .authorizeExchange()
        .anyExchange().authenticated()
        .and()
        .oauth2ResourceServer()
        .jwt(jwtSpec -> { jwtSpec.decoder(jwtDecoder()); })
        .and.build();
  }

  @Bean
  public JwtDecoder jwtDecoder() {
    SecretKey secretKey = new SecretKeySpec(jwtKey, "HMACSHA256");
    return NimbusJwtDecoder
            .withSecretKey(secretKey)
            .macAlgorithm(MacAlgorithm.HS256)
            .build();
 }

Unless you specify sign algorithm, authorization server uses HMACSHA256 as default algorithm. So you need to specify this in resource server config.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can OAuth2 resource server use endpoint to access public key when I add custom jwt details to the authorization server? How to avoid KeyLengthException when using Spring OAuth2 Resource Server and a symmetric key How to export symmetric encryption key? How to configure a Reactive WebClient to use 2-way TLS? How to get Additional fields in the JWT token in security context of Resource Server Java symmetric key file generation and use How to generate a symmetric key with Bouncy Castle? Spring Security OAuth 2 Resource Server: converting jwks for jwt verification not supporting use==enc How to use public key to validate JWT Token using vertx Verify JWT token from resource server on Spring
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM