相关文章:
Spring Security OAuth2 Provider 之 最小实现
Spring Security OAuth2 Provider 之 数据库存储
Spring Security OAuth2 Provider 之 第三方登录简单演示
Spring Security OAuth2 Provider 之 自定义开发
Spring Security OAuth2 Provider 之 整合JWT
(1)Maven依赖
Authorization Server 和 Resource Server都需要添加依赖。
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> <optional>true</optional> </dependency>
(2)生成签名证书
生成证书
引用
# keytool -genkeypair -alias jwt-test -keyalg RSA -dname "CN=jwt,OU=ren,O=ren,L=china,S=china,C=CN" -keypass my_pass -keystore jwt-test.jks -storepass my_pass
把.jks文件放到Authorization Server 的 src/main/resources/jwt-test.jks
导出公钥
引用
# keytool -list -rfc --keystore jwt-test.jks | openssl x509 -inform pem -pubkey
把PUBLIC KEY部分复制到Resource Server 的 src/main/resources/public.txt
(3)认证服务端设置
@Bean protected JwtAccessTokenConverter jwtTokenEnhancer() { KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-test.jks"), "my_pass".toCharArray()); JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt-test")); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); }
(4)资源服务端设置
@Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); Resource resource = new ClassPathResource("public.txt"); String publicKey = null; try { publicKey = IOUtils.toString(resource.getInputStream()); } catch (final IOException e) { throw new RuntimeException(e); } converter.setVerifierKey(publicKey); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); }
(5)确认测试
获取Token:
![](http://dl2.iteye.com/upload/attachment/0126/2337/d424cf2c-c042-3f74-8027-5a454e1e4fd4.png)
通过jwt.io确认Token:
![](http://dl2.iteye.com/upload/attachment/0126/2339/bc39afcd-2ea9-311c-b207-c5e97735e655.png)
通过access_token访问资源API:
![](http://dl2.iteye.com/upload/attachment/0126/2341/ea6ee272-4b3b-35ff-a72a-06682c616236.png)
(6)算法HS256
把Authorization Server 和 Resource Server的配置改成:
@Bean protected JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey("rensanning"); return converter; }
获取Token:
![](http://dl2.iteye.com/upload/attachment/0126/2343/28039be9-a2bc-36db-b5ad-3821d884acd4.png)
通过jwt.io确认Token:
![](http://dl2.iteye.com/upload/attachment/0126/2345/f0d1156f-13ee-3ad8-8a3e-6af901dcde9b.png)
通过access_token访问资源API:
![](http://dl2.iteye.com/upload/attachment/0126/2347/8e664893-73c0-33f7-9c19-3374a2927424.png)
参考:
http://www.baeldung.com/spring-security-oauth-jwt
https://github.com/dynamind/spring-boot-security-oauth2-minimal