本人在最近使用到的一个项目中,权限系统使用的是Spring Cloud OAuth2,然后使用了JWT非对称加密的授权模式。其他的资源服务器可通过http://localhost:9090/oauth/token_key来获取publicKey,下面谈一下对token进行验签的几种方式:
第一种:yml配置,依赖于spring-cloud-starter-oauth2
引入依赖:
<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
yml配置:
security:
oauth2:
client:
client-id: orderService
client-secret: 123456
resource:
jwt:
key-uri: http://localhost:9090/oauth/token_key
第二种:代码校验,依赖于spring-cloud-starter-oauth2
引入依赖:
<dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency>
String publicKey = "-----BEGIN PUBLIC KEY-----\n.......\n-----END PUBLIC KEY-----"; // 填写你的publicKey
String token = "xxxx.xxxx.xxxx"; // 填写token
System.out.println(JwtHelper.decodeAndVerify(token,new RsaVerifier(publicKey)));
第三种:代码校验,依赖于java-jwt
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.9</version>
</dependency>
String PUBLIC_KEY = "publicKey"
public static KeyPair getPublicKey(){
PublicKey publicKey = null;
PrivateKey privateKey = null;
try {
KeyFactory fact = KeyFactory.getInstance("RSA");
Base64 decoder = new Base64(false);
KeySpec keySpec = new X509EncodedKeySpec(decoder.decode(MiracleCodecs.utf8Encode(PUBLIC_KEY)));
publicKey = fact.generatePublic(keySpec);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
}
return new KeyPair(publicKey, privateKey);
}
public static void main(String[] args) {
try {
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) RSA.getPublicKey().getPublic(),(RSAPrivateKey) RSA.getPublicKey().getPrivate());
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT jwt = verifier.verify(PLAIN_TEXT);
} catch (JWTVerificationException exception){
//Invalid signature/claims
exception.printStackTrace();
}
}