反应式 spring security 中的 OAuth2 - 无法使用提供的颁发者解析配置

Question

我已经实现了一个基于 spring-boot 的 auth-server，oauth2 具有以下端点：

1. /oauth/令牌
2. /oauth/check_token
3. /oauth/token_key

我正在尝试将此身份验证服务器集成到我的反应资源服务器之一中。尝试了以下配置：

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:9001/oauth/token
      client:
        provider:
          custom-provider:
            issuer-uri: http://localhost:9001/oauth/token
            token-uri: http://localhost:9001/oauth/token
            authorization-uri: http://localhost:9001/auth/oauth/authorize
            user-info-uri: http://localhost:9001/auth/user/me
            user-name-attribute: name
        registration:
          custom-client:
            client-id: USER_CLIENT_APP
            client-secret: password
            client-name: Auth Server
            # scope: user_info
            provider: custom-provider
            # redirect-uri-template: http://localhost:8082/login/oauth2/code/
            client-authentication-method: basic
            authorization-grant-type: password

以及下面的SecurityConfig

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: http://localhost:9001/oauth/token
      client:
        provider:
          custom-provider:
            issuer-uri: http://localhost:9001/oauth/token
            token-uri: http://localhost:9001/oauth/token
            authorization-uri: http://localhost:9001/auth/oauth/authorize
            user-info-uri: http://localhost:9001/auth/user/me
            user-name-attribute: name
        registration:
          custom-client:
            client-id: USER_CLIENT_APP
            client-secret: password
            client-name: Auth Server
            # scope: user_info
            provider: custom-provider
            # redirect-uri-template: http://localhost:8082/login/oauth2/code/
            client-authentication-method: basic
            authorization-grant-type: password

构建文件：

plugins {
    id 'org.springframework.boot' version '2.2.4.RELEASE'
    id 'io.spring.dependency-management' version '1.0.9.RELEASE'
    id 'java'
}

group = 'com.turtlemint'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '11'

configurations {
    developmentOnly
    runtimeClasspath {
        extendsFrom developmentOnly
    }
    compileOnly {
        extendsFrom annotationProcessor
    }
}

repositories {
    mavenCentral()
}
ext {
    set('springCloudVersion', "Hoxton.RELEASE")
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    compile group: 'org.springframework.boot', name: 'spring-boot-devtools'
    implementation 'org.springframework.boot:spring-boot-starter-webflux'
    implementation 'org.springframework.boot:spring-boot-starter-data-mongodb-reactive'
    implementation 'org.springframework.cloud:spring-cloud-starter-zipkin'
    compile group: 'com.google.guava', name: 'guava', version: '28.1-jre'
    annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
    //implementation 'org.springframework.cloud:spring-cloud-starter-security'
    compile 'org.projectlombok:lombok'
    annotationProcessor 'org.projectlombok:lombok'

    testCompileOnly 'org.projectlombok:lombok'
    testAnnotationProcessor 'org.projectlombok:lombok'
    testCompile group: 'io.projectreactor', name: 'reactor-test', version: '3.1.0.RELEASE'
    testCompile group: 'org.mockito', name: 'mockito-junit-jupiter', version: '3.2.4'
    compile group: 'org.junit', name: 'junit5-engine', version: '5.0.0-ALPHA'
    compile group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server', version: '5.2.2.RELEASE'
    compile group: 'org.springframework.security', name: 'spring-security-oauth2-jose', version: '5.2.2.RELEASE'
    compile group: 'org.springframework.security', name: 'spring-security-config', version: '5.2.2.RELEASE'
    //compile group: 'org.springframework.security', name: 'spring-security-oauth2-client', version: '5.2.2.RELEASE'
    testImplementation('org.springframework.boot:spring-boot-starter-test')
}

dependencyManagement {
    imports {
        mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
    }
}

test {
    useJUnitPlatform()
}

错误：

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtDecoderByIssuerUri' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration$JwtConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.jwt.ReactiveJwtDecoder]: Factory method 'jwtDecoderByIssuerUri' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://localhost:9001/oauth/token"

根据我的研究，我发现 Issuer-api 是 auth-servers 配置端点（根据 OIDC 标准）。如果是这样，我如何在我的身份验证服务器中公开相同的内容？

我在网上搜索，但大多数示例都使用第三方身份验证提供商，例如 Okta。

提前致谢。

Answer 1

您可以参考与 spring-security 相关的 springboot 示例应用程序，这可能对您的情况有帮助