问题:
Quarkus JWT在部署时未经授权返回
谭翔
我有一个Quarkus项目,它公开了一些RESTendpoint。当在开发模式下工作或从本地构建docker容器中运行时,所有工作都很好,那些用@rolesalloved和@permitall注释的endpoint都正常工作。但是当我按照以下步骤部署到AWS服务时:
- 提交到Gitlab
- 运行Gitlab cicd
- 将结果与配置一起发送到AWS S3 bucket
- 触发AWS CodePipeline
- 使用docker映像部署到弹性Bean
HTTP/1.1 401 Unauthorized
Date: Mon, 25 Oct 2021 15:51:01 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx/1.20.0
www-authenticate: Bearer
<Response body is empty>
Response code: 401 (Unauthorized); Time: 397ms; Content length: 0 bytes
更新:
我深入研究了Quarkus文档,添加了一些配置,映射了所有授权异常,并获得了日志和stacktrace,但我不知道为什么会发生这种情况,因为我使用的是que guide在创建公钥和私钥时所说的过程。另外,如果我把所有的base64令牌放在jwt.io调试器中,并粘贴公钥内容,它就表示签名是有效的。
io.quarkus.security.AuthenticationFailedException
at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:61)
at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:49)
at io.smallrye.context.impl.wrappers.SlowContextualConsumer.accept(SlowContextualConsumer.java:21)
at io.smallrye.mutiny.operators.uni.builders.UniCreateWithEmitter.subscribe(UniCreateWithEmitter.java:22)
at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
at io.smallrye.mutiny.operators.uni.UniMemoizeOp.subscribe(UniMemoizeOp.java:76)
at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni.subscribe(UniOnItemTransformToUni.java:25)
at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
at io.smallrye.mutiny.operators.uni.UniOnTermination.subscribe(UniOnTermination.java:21)
at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
at io.smallrye.mutiny.operators.uni.UniMemoizeOp.subscribe(UniMemoizeOp.java:76)
at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
at io.smallrye.mutiny.operators.uni.UniBlockingAwait.await(UniBlockingAwait.java:54)
at io.smallrye.mutiny.groups.UniAwait.atMost(UniAwait.java:61)
at io.smallrye.mutiny.groups.UniAwait.indefinitely(UniAwait.java:42)
at io.quarkus.security.runtime.SecurityIdentityAssociation.getIdentity(SecurityIdentityAssociation.java:66)
at io.quarkus.security.runtime.SecurityIdentityAssociation_ClientProxy.getIdentity(SecurityIdentityAssociation_ClientProxy.zig:250)
at io.quarkus.security.runtime.SecurityIdentityProxy.hasRole(SecurityIdentityProxy.java:38)
at io.quarkus.security.runtime.SecurityIdentityProxy_ClientProxy.hasRole(SecurityIdentityProxy_ClientProxy.zig:401)
at io.quarkus.security.runtime.interceptor.check.RolesAllowedCheck.apply(RolesAllowedCheck.java:55)
at io.quarkus.security.runtime.interceptor.SecurityConstrainer.check(SecurityConstrainer.java:28)
at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:23)
at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor.intercept(RolesAllowedInterceptor.java:29)
at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor_Bean.intercept(RolesAllowedInterceptor_Bean.zig:386)
at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:41)
at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:41)
at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:32)
at za.co.tenfour.controller.UserController_Subclass.findMyself(UserController_Subclass.zig:1031)
at za.co.tenfour.controller.UserController_ClientProxy.findMyself(UserController_ClientProxy.zig:262)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:138)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:93)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)\nCaused by: io.smallrye.jwt.auth.principal.ParseException: SRJWT07000: Failed to verify a token
at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:166)
at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parse(DefaultJWTTokenParser.java:56)
at io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipalFactory.parse(DefaultJWTCallerPrincipalFactory.java:31)
at io.smallrye.jwt.auth.principal.DefaultJWTParser.parse(DefaultJWTParser.java:60)
at io.smallrye.jwt.auth.principal.DefaultJWTParser_ClientProxy.parse(DefaultJWTParser_ClientProxy.zig:298)
at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator$1.accept(MpJwtValidator.java:53)
... 59 more\nCaused by: org.jose4j.jwt.consumer.InvalidJwtSignatureException: JWT rejected due to invalid signature. Additional details: [[9] Invalid JWS Signature: JsonWebSignature{\"typ\":\"JWT\",\"alg\":\"RS256\"}->eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovLzEwZm91ci5jby56YS9pc3N1ZXIiLCJncm91cHMiOlsiQWRtaW5pc3RyYXRvciJdLCJpYXQiOjE2MzUxOTcyMjUsImV4cCI6MTY2Njc1NDgyNSwidXBuIjoic3VwcG9ydEAxMGZvdXIuY28uemEiLCJ1aWQiOjEsImZ1bGxfbmFtZSI6IjEwRm91ciBBZG1pbmlzdHJhdG9yIiwianRpIjoiMWZmNDA4MjYtNmNhNy00NzQxLTk0Y2QtOTlhY2Q0ZGY4M2IyIn0.i8skIOrh6Et84uuASjwhQQMnIjRnfiP4zjPQAB7XsyVwSEuZEc31m9reXTW1uWjzvoZTbllYZ79Aiu4Vq7MqMPJKvXIqXhmTWbX-R9JnQoI0M_Sb1c6DAXDD_biZGYUM48-FO3lRG9XCu_qr06uT4sOb1DLwh6pjdehTwnkbMX_B1Jckn-7hStCcV04XwXOOZkZWnP6_uFltsDLIQd7PsYbnRzgO19xhaAb6sfuUeKwhTs2WJL7msj0FhH_HbeEFel5OnH_NLfPhEvzByS5VRdN9j3LRNZ5z0OOm3rK_W9A6r34VRaUvddJ2_wXiyv3hvtMKLoN8wJUJuhhjqQKtTQ]
at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:224)
at org.jose4j.jwt.consumer.JwtConsumer.process(JwtConsumer.java:433)
at io.smallrye.jwt.auth.principal.DefaultJWTTokenParser.parseClaims(DefaultJWTTokenParser.java:145)
... 64 more\n
共有1个答案
曾云
问题是AWS时区配置,出于某种奇怪的原因,它干扰了Quarkus如何验证令牌的IAT和EXP声明。我删除了AWS时区设置,并在JVM级别使用系统属性设置了时区,问题完全解决了。
类似资料:
-
所以,我试图用Tweepy喜欢一个推文,但是这个错误正在发生: 有什么想法吗?
-
问题内容: 我从Nexus存储库中检出了代码。我更改了帐户密码,并在文件中正确设置了密码。在执行时,我收到错误消息,说明它尝试从该存储库下载文件。 任何想法如何解决此错误?我在Maven 3.04中使用Windows 7 问题答案: 这里的问题是所使用的密码出现错字错误,由于密码中使用了字符/字母,因此很难识别。
-
我正在使用postman,并尝试通过http://localhost:8180/auth/admin/realms/demo/users/{userID}更新用户的配置文件,但收到响应。 通过http://localhost:8180/auth/admin/realms/demo/users/{userID}发送带有Json内容类型和用户信息的Put请求。 不幸的是,我已经连续收到了401个回复。
-
注意:3.0之后不支持从免费版升级到授权版。 授权源码购买后,大家登录Niushop官网,点击授权账号进入到个人中心,在首页就可以看到购买的授权信息,包括授权码和授权证书。 授权码在商城->设置->版权设置里进行绑定之后,即可修改网站版权信息。 受域名授权限制,授权证书下载后需要放在源码根目录,系统即可正常使用。 接下来给大家介绍宝塔安装授权源码教程。 第一步,登录宝塔账号,进入宝塔,选择网站。
-
在我将Jenkins升级到1.494之前,这是可行的。现在,当我在Jenkins中使用构建提升插件将war工件复制到快照repo时,我得到了这个错误: 不知道为什么这突然停止了1.494的工作。我逐渐降级到1.491,但它仍然发生了。非常令人沮丧。