我有以下信息: 授予类型:客户凭证 访问令牌URL:https://host/adfs/oauth2/token 客户编号:clientId 客户机密:clientSecret
我的目标是制造一个资源服务器,该资源服务器将在头中接收jwt或访问令牌。令牌通过验证后,我将返回要求的资源。
问题:我不确定如何使用spring react来验证令牌。
注意:服务器已启用开放ID。
我尝试过: https://docs.spring.io/spring-security/site/docs/5.1.0.BUILD-SNAPSHOT/reference/html/webclient.html
和 https://www.youtube.com/watch?v=1N-xwmoN83w&t=1338s
如果您点击
https://host/adfs/.well-known/openid-configuration
{
"issuer":"https:\/\/host\/adfs","authorization_endpoint":"https:\/\/host\/adfs\/oauth2\/authorize\/","token_endpoint":"https:\/\/host\/adfs\/oauth2\/token\/","jwks_uri":"https:\/\/host\/adfs\/discovery\/keys","token_endpoint_auth_methods_supported":[
"client_secret_post","client_secret_basic","private_key_jwt","windows_client_authentication"
],"response_types_supported":[
"code","id_token","code id_token","id_token token","code token","code id_token token"
],"response_modes_supported":[
"query","fragment","form_post"
],"grant_types_supported":[
"authorization_code","refresh_token","client_credentials","urn:ietf:params:oauth:grant-type:jwt-bearer","implicit","password","srv_challenge","urn:ietf:params:oauth:grant-type:device_code","device_code"
],"subject_types_supported":[
"pairwise"
],"scopes_supported":[
"email","profile","winhello_cert","logon_cert","user_impersonation","aza","vpn_cert","openid","allatclaims"
],"id_token_signing_alg_values_supported":[
"RS256"
],"token_endpoint_auth_signing_alg_values_supported":[
"RS256"
],"access_token_issuer":"http:\/\/host\/adfs\/services\/trust","claims_supported":[
"aud","iss","iat","exp","auth_time","nonce","at_hash","c_hash","sub","upn","unique_name","pwd_url","pwd_exp","mfa_auth_time","sid"
],"microsoft_multi_refresh_token":true,"userinfo_endpoint":"https:\/\/host\/adfs\/userinfo","capabilities":[
],"end_session_endpoint":"https:\/\/host\/adfs\/oauth2\/logout","as_access_token_token_binding_supported":true,"as_refresh_token_token_binding_supported":true,"resource_access_token_token_binding_supported":true,"op_id_token_token_binding_supported":true,"rp_id_token_token_binding_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"device_authorization_endpoint":"https:\/\/host\/adfs\/oauth2\/devicecode"
}
我有一个简单的控制器:
@RestController
public class Controller {
@GetMapping("/hello")
public String sayHello(){
return "hello";
}
}
及以下课程:
@ConditionalOnClass({ EnableWebFluxSecurity.class,WebFilterChainProxy.class })
@ConditionalOnmissingBean(WebFilterChainProxy.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REactIVE)
@EnableWebFluxSecurity
public class WebSecurityConfig {
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http.authorizeExchange().anyExchange().authenticated().and().oauth2ResourceServer().jwt();
return http.build();
}
}
在应用程序属性中,我具有: spring.security.oauth2.resourceserver.jwt.issuer-uri:valid-uri
这是日志: 2019-11-05 16:00:55.638调试51492 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter:[7598cb39] HTTP GET“ / hello” 2019-11-05 16:00:55.746调试51492 --- [ctor-http-nio-3] o.s.w.r.f.client.ExchangeFunctions:[628b27eb] HTTP GET https://host/adfs/discovery/keys 2019-11-05 16:00:55.823调试51492 --- [ctor-http-nio-4] o.s.w.r.f.client.ExchangeFunctions:[628b27eb]响应200 OK 2019-11-05 16:00:55.840调试51492 --- [ctor-http-nio-4] oscore.codec.StringDecoder:[628b27eb]解码为“ {” keys“:[{” kty“:” algo“ ,“ use”:“ sig”,“ alg”:“ HS234”,“ kid”:“ feafafa”,“ x5t”:“ fKeeYG0K(截短)... 2019-11-05 16:00:55.858调试51492 --- [ctor-http-nio-4] o.s.w.s.adapter.HttpWebHandlerAdapter:[7598cb39]已完成401未经授权