相关文章:
Spring Security OAuth2 Provider 之 最小实现
Spring Security OAuth2 Provider 之 数据库存储
Spring Security OAuth2 Provider 之 第三方登录简单演示
Spring Security OAuth2 Provider 之 自定义开发
Spring Security OAuth2 Provider 之 整合JWT
(1)Maven依赖
Authorization Server 和 Resource Server都需要添加依赖。
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<optional>true</optional>
</dependency>
(2)生成签名证书
生成证书
引用
# keytool -genkeypair -alias jwt-test -keyalg RSA -dname "CN=jwt,OU=ren,O=ren,L=china,S=china,C=CN" -keypass my_pass -keystore jwt-test.jks -storepass my_pass
把.jks文件放到Authorization Server 的 src/main/resources/jwt-test.jks
导出公钥
引用
# keytool -list -rfc --keystore jwt-test.jks | openssl x509 -inform pem -pubkey
把PUBLIC KEY部分复制到Resource Server 的 src/main/resources/public.txt
(3)认证服务端设置
@Bean
protected JwtAccessTokenConverter jwtTokenEnhancer() {
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-test.jks"), "my_pass".toCharArray());
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt-test"));
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
(4)资源服务端设置
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
Resource resource = new ClassPathResource("public.txt");
String publicKey = null;
try {
publicKey = IOUtils.toString(resource.getInputStream());
} catch (final IOException e) {
throw new RuntimeException(e);
}
converter.setVerifierKey(publicKey);
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
(5)确认测试
获取Token:
通过jwt.io确认Token:
通过access_token访问资源API:
(6)算法HS256
把Authorization Server 和 Resource Server的配置改成:
@Bean
protected JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("rensanning");
return converter;
}
获取Token:
通过jwt.io确认Token:
通过access_token访问资源API:
参考:
http://www.baeldung.com/spring-security-oauth-jwt
https://github.com/dynamind/spring-boot-security-oauth2-minimal