相关文章:
Spring Security OAuth2 Provider 之 最小实现
Spring Security OAuth2 Provider 之 数据库存储
Spring Security OAuth2 Provider 之 第三方登录简单演示
Spring Security OAuth2 Provider 之 自定义开发
Spring Security OAuth2 Provider 之 整合JWT
(1)Maven依赖
Authorization Server 和 Resource Server都需要添加依赖。
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> <optional>true</optional> </dependency>
(2)生成签名证书
生成证书
引用
# keytool -genkeypair -alias jwt-test -keyalg RSA -dname "CN=jwt,OU=ren,O=ren,L=china,S=china,C=CN" -keypass my_pass -keystore jwt-test.jks -storepass my_pass
把.jks文件放到Authorization Server 的 src/main/resources/jwt-test.jks
导出公钥
引用
# keytool -list -rfc --keystore jwt-test.jks | openssl x509 -inform pem -pubkey
把PUBLIC KEY部分复制到Resource Server 的 src/main/resources/public.txt
(3)认证服务端设置
@Bean protected JwtAccessTokenConverter jwtTokenEnhancer() { KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-test.jks"), "my_pass".toCharArray()); JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt-test")); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); }
(4)资源服务端设置
@Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); Resource resource = new ClassPathResource("public.txt"); String publicKey = null; try { publicKey = IOUtils.toString(resource.getInputStream()); } catch (final IOException e) { throw new RuntimeException(e); } converter.setVerifierKey(publicKey); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); }
(5)确认测试
获取Token:
通过jwt.io确认Token:
通过access_token访问资源API:
(6)算法HS256
把Authorization Server 和 Resource Server的配置改成:
@Bean protected JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey("rensanning"); return converter; }
获取Token:
通过jwt.io确认Token:
通过access_token访问资源API:
参考:
http://www.baeldung.com/spring-security-oauth-jwt
https://github.com/dynamind/spring-boot-security-oauth2-minimal