避坑指南（八）：Spring Cloud Oauth2 token

2023-12-16 06:23| 来源: 网络整理| 查看: 265

问题

授权服务器基于Spring Cloud Oauth2创建后，配置TokenStore为JwtTokenStore，访问/oauth/token_key接口获取公钥，出现404错误。

授权服务器配置如下。

package com.luas.xmall.auth.configuration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.ClientRegistrationException; import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService; import org.springframework.security.oauth2.provider.endpoint.TokenKeyEndpoint; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.*; import javax.sql.DataSource; import java.security.KeyPair; @Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; @Autowired private UserDetailsService userDetailsService; @Autowired private AuthenticationManager authenticationManager; @Autowired private DataSource dataSource; @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security. allowFormAuthenticationForClients() .tokenKeyAccess("permitAll()") .checkTokenAccess("permitAll()") ; } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager) .userDetailsService(userDetailsService) .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST) .accessTokenConverter(jwtAccessTokenConverter()) .tokenStore(new JwtTokenStore(jwtAccessTokenConverter())); ; } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // 配置方法1，只需配置DataSource即可，其它交给框架自动配置 clients.jdbc(dataSource).passwordEncoder(passwordEncoder); } private JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setKeyPair(keyPair()); return jwtAccessTokenConverter; } private KeyPair keyPair() { return new KeyStoreKeyFactory(new ClassPathResource("xxx.jks"), "123456".toCharArray()).getKeyPair("xxx", "123456".toCharArray()); } }

分析

先检查授权服务器配置，是否将该端点放开。本例配置中，此端点已为公共端点。

查看授权服务器端点配置类AuthorizationServerEndpointsConfiguration，发现其中只有授权端点、token端点、token校验端点的定义，并无token_key相关端点的定义。

查看token key端点类TokenKeyEndpoint，也并无异常。

解决

基于以上分析，可以大胆猜测，加上端点404报错，应该是没有注册到容器中。那么我们仿照授权端点、token端点、token校验端点的定义，在授权服务器配置中，添加token key端点的定义。

@Bean public TokenKeyEndpoint tokenKeyEndpoint() { return new TokenKeyEndpoint(jwtAccessTokenConverter()); }

重启服务，再次访问端点，已可以正常展示公钥信息。

本文系【银河架构师】原创，如需转载请在文章明显处注明作者及出处。

微信搜索【银河架构师】，发现更多精彩内容。

技术资料领取方法：关注公众号，回复微服务，领取微服务相关电子书；回复MK精讲，领取MK精讲系列电子书；回复JAVA 进阶，领取JAVA进阶知识相关电子书；回复JAVA面试，领取JAVA面试相关电子书，回复JAVA WEB领取JAVA WEB相关电子书。

【本文地址】

公司简介

联系我们