gpt4 book ai didi

java - 使用 Spring Security 5 在 Issuer Resolver 之后从 Bearer Token 中提取身份验证

转载 作者:行者123 更新时间:2023-12-05 01:32:46 25 4
gpt4 key购买 nike

我使用新的 Spring 资源服务器创建了一个资源服务器。

        <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

我会有两个不同的供应商,所以我创建了一个 JwtIssuerAuthenticationManagerResolver .

JwtIssuerAuthenticationManagerResolver resolver =
new JwtIssuerAuthenticationManagerResolver(
"http://localhost:8180/auth/realms/externalauth",
"http://localhost:8080/auth/realms/myauth");

...

protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer(oauth2 ->
oauth2.authenticationManagerResolver(resolver));
}

我想在 token 被认为是有效 token 后,获取它并提取和设置 SecurityContext。

我试过 BearerTokenResolver但没有用,我也试过implements Converter<Jwt, AbstractAuthenticationToken> .

但是我收到了这个错误:

If an authenticationManagerResolver() is configured, then it takes precedence over any jwt() or opaqueToken() configuration.

提前致谢

最佳答案

当我尝试为 keycloak 实现客户 JwtAuthenticationConverter 时,我遇到了类似的异常。不确定这是否与您的问题有关,但找到了如下所述的解决方案。

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {

Map<String, AuthenticationManager> authenticationManagers = new HashMap<>();

JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);

@Override
protected void configure(HttpSecurity http) throws Exception {

List<String> issuers = new ArrayList<>();
issuers.add("http://localhost:4040/auth/realms/branch1");
issuers.add("http://localhost:4040/auth/realms/branch2");

issuers.stream().forEach(issuer -> addManager(authenticationManagers, issuer));

http
.httpBasic().disable()
.authorizeRequests(auth -> auth

.anyRequest().authenticated()
).oauth2ResourceServer(oauth2ResourceServer -> {
oauth2ResourceServer.authenticationManagerResolver(this.authenticationManagerResolver);
});
}

public void addManager(Map<String, AuthenticationManager> authenticationManagers, String issuer) {
JwtAuthenticationProvider authenticationProvider = new JwtAuthenticationProvider(JwtDecoders.fromOidcIssuerLocation(issuer));
authenticationProvider.setJwtAuthenticationConverter(getJwtAuthenticationConverter());
authenticationManagers.put(issuer, authenticationProvider::authenticate);
}

private Converter<Jwt, AbstractAuthenticationToken> getJwtAuthenticationConverter() {
JwtAuthenticationConverter conv = new JwtAuthenticationConverter();

conv.setJwtGrantedAuthoritiesConverter(jwt -> {

Map<String, Object> realmAccess = (Map<String,Object>) jwt.getClaims().get("realm_access");
if(realmAccess == null) {
return new ArrayList<>();
}

List<String > roles = (List<String>) realmAccess.get("roles");
return roles.stream()
.map(r -> "ROLE_" + r)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
});
return conv;
}

关于java - 使用 Spring Security 5 在 Issuer Resolver 之后从 Bearer Token 中提取身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65398610/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com