jwt持有人不断返回401状态 - 携带者错误=; invalid_token" error_description =&quort; ess索赔无效;
我正在使用Postman和Spring Boot,我将KeyCloak用于身份验证服务。我向Postman提出请求到KeyCloak服务器,该服务器将我返回一个熊市代币,然后将其发送到Spring Server进行身份验证,但是Spring回复了令牌的ISS索赔无效。
这是我的代码
类配置:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/genere/**").permitAll()
.antMatchers("/valutazione/**").permitAll()
.antMatchers("/users/**").permitAll()
.antMatchers("/carrello/**").permitAll()
.antMatchers("/film/**").permitAll()
.anyRequest().authenticated().and().oauth2ResourceServer().jwt();
}
类RestController:
@RestController
public class HomeController {
@GetMapping("/")
@PreAuthorize("hasAuthority('user')")
public String home(@RequestParam(value="someValue") int value){
return "Welcome,"+ Util.getEmail()+" "+value+" !";
}
}
application.yaml
keycloak:
realm: demo
resource: spa-demo
auth-server-url: http://localhost:8080/realms/demo/account
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://localhost:8080/realms/demo/protocol/openid-connect/certs
issuer-uri: http://localhost:8080/realms/demo/
我在开发模式下使用命令kc.bat start-dev启动keyclaok。
I am using postman and spring boot, I use Keycloak for the authentication service. I make the request with postman to the Keycloak server which returns me a Bearear token which I then send to the spring server for authentication, but spring replies that the iss claim of the token is not valid.
Here is my code
Class configuration:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/genere/**").permitAll()
.antMatchers("/valutazione/**").permitAll()
.antMatchers("/users/**").permitAll()
.antMatchers("/carrello/**").permitAll()
.antMatchers("/film/**").permitAll()
.anyRequest().authenticated().and().oauth2ResourceServer().jwt();
}
Class restController:
@RestController
public class HomeController {
@GetMapping("/")
@PreAuthorize("hasAuthority('user')")
public String home(@RequestParam(value="someValue") int value){
return "Welcome,"+ Util.getEmail()+" "+value+" !";
}
}
application.yaml
keycloak:
realm: demo
resource: spa-demo
auth-server-url: http://localhost:8080/realms/demo/account
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://localhost:8080/realms/demo/protocol/openid-connect/certs
issuer-uri: http://localhost:8080/realms/demo/
I start keyclaok with the command kc.bat start-dev in development mode.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Spring Conf和
ISS索赔必须完全匹配。甚至拖延斜线,如果有的话。将您从KeyCloak获取的授权中的一种,例如 https://jwt.io 并复制该值
ISS在您的春季配置中的主张。Spring conf and
issclaim must match exactly. Even trailing slash if any.Put one of the Authorization-token you get from Keycloak in a tool like https://jwt.io and copy the value of
issclaim in your spring config.问题是在发行者 - 乌里(Ears-uroi)中的演示一词之后的斜线。
正确的表格是:
发行者-URI:http:// localhost:8080/roends/demo
the problem was the slash after the word demo in the issuer-uri.
The correct form was:
issuer-uri: http://localhost:8080/realms/demo