Lee*_*tal 5 spring spring-security jwt spring-security-oauth2
我正在尝试使用https://github.com/spring-projects/spring-security-oauth配置我的spring应用程序以使用JWT .我已经暴露了一个ConsumerTokenServices由a支持的bean JwtTokenStore,但是命中/oauth/token并没有给我一个JWT.
$ curl localhost:8643/contextpath/oauth/token?grant_type=client_credentials -u user:password`
{"access_token":"a78a6225-78d5-4cb8-9393-6c0b567a6f24","token_type":"bearer","expires_in":5684,"scope":"read write"}%
我知道TokenStore正在使用它,因为击中check_token会产生错误,而之前没有.
$ curl https://localhost:8643/context/oauth/check_token?token=a78a6225-78d5-4cb8-9393-6c0b567a6f24
{"error":"invalid_token","error_description":"Cannot convert access token to JSON"}%
如何让我的TokenEndpoint吐痰回到JWT?
小智 1
也许你应该使用spring提供的JwtAccessTokenConverter,然后正确配置。这是一个例子:
public class YourTokenEnhancer extends JwtAccessTokenConverter {
//you can autowire sth for you logic
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,
OAuth2Authentication authentication) {
DefaultOAuth2AccessToken customAccessToken = new DefaultOAuth2AccessToken(accessToken);
OAuth2AccessToken enhancedToken = super.enhance(customAccessToken, authentication);
return enhancedToken;
}
配置是:
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
//other config...
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new YourTokenEnhancer();
converter.setSigningKey("secret");
return converter;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.tokenStore(redisTokenStore())
.tokenServices(authorizationServerTokenServices())
.accessTokenConverter(accessTokenConverter())//configure it here
;
}
}