Spring Oauth2-Authorization-Server jwt 认证机制
基于 spring-security-oauth2-authorization-server 0.2.3
配置
资源服务器配置
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.mvcMatcher("/messages/**")
.authorizeRequests()
.mvcMatchers("/messages/**").authenticated()
.and()
.oauth2ResourceServer().jwt();
return http.build();
}
application.yml 配置:
spring:
security:
oauth2:
resourceserver:
jwt:
jws-algorithm: RS256
jwk-set-uri: http://localhost:9000/oauth2/jwks
issuer-uri: http://localhost:9000
资源服务器
- user
- BearerTokenAuthenticationFilter: 拦截 Header 中 有
bearer {token}
请求- 解析出 jwt token
- 委托给 JwtAuthenticationProvider 认证
- JwtAuthenticationProvider
- 获取 jwt token, 解析 jwt
- 委托RemoteJWKSet 通过 jwksUrl 获取 jwks 对 jwt 进行校验, 会使用 JWKSetCache 缓存 jwks
- 认证成功
- JwtAuthenticationProvider
- BearerTokenAuthenticationFilter: 拦截 Header 中 有
authentication-server 认证服务器
- NimbusJwkSetEndpointFilter: 拦截
/oauth2/jwks
- 返回JWKSet