我有一个用 Spring Boot 编写的 GraphQL API。我想将它与 Azure Active Directory 连接,但是当我发送一个填充了身份验证承载标头的请求时出现该错误。
com.nimbusds.jose.proc.BadJWSException:签名的 JWT 被拒绝:签名无效
我正在使用 Azure Active Directory Starter,这是我的设置:
网络安全配置器:
import com.microsoft.azure.spring.autoconfigure.aad.AADAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class ADConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private AADAuthenticationFilter aadAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();
http.addFilterBefore(aadAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.csrf().disable()
.authorizeRequests().antMatchers("/api").hasAnyRole("developer")
.and()
.authorizeRequests().antMatchers("/").permitAll()
.and()
.authorizeRequests().anyRequest().permitAll()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
从 MSAL-AngularJS 前端获取不记名令牌:
app.config(['msalAuthenticationServiceProvider', '$locationProvider', (msalProvider, $locationProvider)=>{
msalProvider.init({
clientID: …