将spring boot 2.4.7切换到2.5.1时无法识别KeyClope令牌

wnvonmuf  于 2021-09-30  发布在  Java
关注(0)|答案(1)|浏览(428)

我有一个使用SpringBoot2.4.7的简单应用程序,它不适用于SpringBoot2.5.1
新版本无法识别我的KeyClope示例(v12.0.4)提供的令牌
在服务器日志上的调试模式下,我只有消息“由于jwt无效,身份验证失败”:

2021-06-16 13:33:18,789 DEBUG org.springframework.security.web.FilterChainProxy : Securing GET /
2021-06-16 13:33:18,792 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-06-16 13:33:18,796 DEBUG org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2021-06-16 13:33:18,808 DEBUG org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider : Failed to authenticate since the JWT was invalid
2021-06-16 13:33:18,812 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository : Did not store empty SecurityContext

在客户端,我有以下日志:

< HTTP/1.1 401 
< WWW-Authenticate: Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Malformed payload", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
< X-Content-Type-Options: nosniff

有没有办法获得更多信息?
以下是身份验证配置的代码:

package test;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        configureCommon(http);
        http
                .oauth2ResourceServer()
                .jwt();
    }

    public static void configureCommon(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest()
                  .authenticated()
        ;

    }

}

生成配置(渐变):

plugins {
    id 'org.springframework.boot' version '2.5.1'
}

apply plugin: 'java'
apply plugin: 'io.spring.dependency-management' 

repositories { 
    mavenCentral() 
}

configurations {
    compileOnly {
        extendsFrom annotationProcessor
    }
}

//create a single Jar with all dependencies
jar {
    archiveBaseName = 'jwtTest'
    archiveVersion =  '0.1.0'
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation "org.springframework.security:spring-security-oauth2-resource-server"
    implementation "org.springframework.security:spring-security-oauth2-jose"
}

使用jwk集合uri配置ressource服务器(KeyClope服务器):

server:
  port: 8090
spring:
  application:
    name: externalApp 
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: http://localhost:89/auth/realms/dev/protocol/openid-connect/certs

以下是根据jwt.io有效的令牌:
EYJHBGCOIJZZZZCTEYA1DAXNTRKW5U2NWBKNPBJIN0.EYJLEHAIOJM4NZKXOTGSIMLHDCI6MYMZG0MZW5NZZW5NZK5NZK5NZZZY5NZL5NZYDZFZY0O5NZYDZ0OZFZFZFZMZY2V2FZZF9ZZZZZZZZZZZZZZYI0FZFZFZFZYYJJJJJJJJJJJJ0Y2FZZZZZZZZZZZZZZZZZZY2FZFZYYZZZZZZZYY2FZZZZZZZYYYZZZZZZY2FJJJJJJJJJJJJJJJ2.本文是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章是一篇文章,一篇文章是一篇文章是一篇文章,一篇文章是一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章是一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章,一篇文章是一篇文章是一篇文章是一篇文章,一篇文章,一篇文章是一篇文章是一篇文章,一篇文章是一篇文章,一篇文章,一篇文章是一篇文章,一篇文章是一篇文章,一篇文章,一篇文章,一篇文章是一篇文章,一篇文章,一篇文章,一篇文章是一篇文章。2 WCM2.在中国,一个中国的一个中国的一个中国的一个中国的一个中国的一个中国的一个中国的一个中国的一个ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZzpli6dvllsq26aoamr8io 5DsynluF3 Utzlx1r26Y85SJ9SOJxe1HEYJNLX2C-ti6idz29-YRZGHAF3A10IuLYOtMBOAPBV\u pmjftygad\u 15b56FahkbnVRLc\u nnxt9EbwkPxyWgD9YLMHjmWyTghvgWgGoo-IHQL8D57-s9npaphcba
在日志处于跟踪模式时:

2021-06-17 09:20:51,029 TRACE org.springframework.security.authentication.ProviderManager : Authenticating request with JwtAuthenticationProvider (1/2)
2021-06-17 09:20:51,042 TRACE org.springframework.security.oauth2.jwt.NimbusJwtDecoder : Failed to process JWT
com.nimbusds.jwt.proc.BadJWTException: Payload of JWS object is not a valid JSON object
        at com.nimbusds.jwt.proc.DefaultJWTProcessor.extractJWTClaimsSet(DefaultJWTProcessor.java:286)
        at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:379)
        at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:330)
        at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:154)
        at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:137) 
        at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:97)
        at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:88)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
        at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:130)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)        
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.text.ParseException: Payload of JWS object is not a valid JSON object
        at com.nimbusds.jwt.SignedJWT.getJWTClaimsSet(SignedJWT.java:98)
        at com.nimbusds.jwt.proc.DefaultJWTProcessor.extractJWTClaimsSet(DefaultJWTProcessor.java:283)
        ... 60 common frames omitted
nzkunb0c

nzkunb0c1#

更新com.nimbusds:nimbus jose jwt:9.8.1至9.10解决问题
外接程序gradle.build:

implementation "com.nimbusds:nimbus-jose-jwt:9.10"

相关问题