Spring Security OAuth2 Provider 之整合JWT

最新推荐文章于 2025-04-21 06:00:00 发布

最新推荐文章于 2025-04-21 06:00:00 发布 · 578 阅读

文章标签：

#java #数据库 #json

OAuth2 专栏收录该内容

5 篇文章

订阅专栏

本文介绍了如何在Spring Security框架中集成OAuth2和JWT(JSON Web Tokens)，包括Maven依赖配置、签名证书生成、认证服务端及资源服务端的设置等关键步骤，并提供了确认测试过程。

OAuth2 是认证框架、JWT (JSON Web Tokens) 是认证协议。

相关文章：
[url=http://rensanning.iteye.com/blog/2384996]Spring Security OAuth2 Provider 之最小实现[/url]
[url=http://rensanning.iteye.com/blog/2385162]Spring Security OAuth2 Provider 之数据库存储[/url]
[url=http://rensanning.iteye.com/blog/2386309]Spring Security OAuth2 Provider 之第三方登录简单演示[/url]
[url=http://rensanning.iteye.com/blog/2386553]Spring Security OAuth2 Provider 之自定义开发[/url]
[url=http://rensanning.iteye.com/blog/2386766]Spring Security OAuth2 Provider 之整合JWT[/url]

[b]（1）Maven依赖[/b]

Authorization Server 和 Resource Server都需要添加依赖。

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-jwt</artifactId>
    <optional>true</optional>
</dependency>

[b]（2）生成签名证书[/b]

生成证书
[quote]# keytool -genkeypair -alias jwt-test -keyalg RSA -dname "CN=jwt,OU=ren,O=ren,L=china,S=china,C=CN" -keypass my_pass -keystore jwt-test.jks -storepass my_pass[/quote]
把.jks文件放到Authorization Server 的 src/main/resources/jwt-test.jks

导出公钥
[quote]# keytool -list -rfc --keystore jwt-test.jks | openssl x509 -inform pem -pubkey[/quote]
把PUBLIC KEY部分复制到Resource Server 的 src/main/resources/public.txt

[b]（3）认证服务端设置[/b]

@Bean
protected JwtAccessTokenConverter jwtTokenEnhancer() {
    KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt-test.jks"), "my_pass".toCharArray());
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setKeyPair(keyStoreKeyFactory.getKeyPair("jwt-test"));
    return converter;
}

@Bean
public TokenStore tokenStore() {
    return new JwtTokenStore(accessTokenConverter());
}

[b]（4）资源服务端设置[/b]

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    Resource resource = new ClassPathResource("public.txt");
    String publicKey = null;
    try {
        publicKey = IOUtils.toString(resource.getInputStream());
    } catch (final IOException e) {
        throw new RuntimeException(e);
    }
    converter.setVerifierKey(publicKey);
    return converter;
}

@Bean
public TokenStore tokenStore() {
    return new JwtTokenStore(accessTokenConverter());
}

[b]（5）确认测试[/b]

获取Token：
[img]http://dl2.iteye.com/upload/attachment/0126/2337/d424cf2c-c042-3f74-8027-5a454e1e4fd4.png[/img]

通过jwt.io确认Token：
[img]http://dl2.iteye.com/upload/attachment/0126/2339/bc39afcd-2ea9-311c-b207-c5e97735e655.png[/img]

通过access_token访问资源API：
[img]http://dl2.iteye.com/upload/attachment/0126/2341/ea6ee272-4b3b-35ff-a72a-06682c616236.png[/img]

[b]（6）算法HS256[/b]
把Authorization Server 和 Resource Server的配置改成：

@Bean
protected JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey("rensanning");
    return converter;
}

获取Token：
[img]http://dl2.iteye.com/upload/attachment/0126/2343/28039be9-a2bc-36db-b5ad-3821d884acd4.png[/img]

通过jwt.io确认Token：
[img]http://dl2.iteye.com/upload/attachment/0126/2345/f0d1156f-13ee-3ad8-8a3e-6af901dcde9b.png[/img]

通过access_token访问资源API：
[img]http://dl2.iteye.com/upload/attachment/0126/2347/8e664893-73c0-33f7-9c19-3374a2927424.png[/img]

参考：
http://www.baeldung.com/spring-security-oauth-jwt
https://github.com/dynamind/spring-boot-security-oauth2-minimal