问题:
完成-Spring SecurityJWT令牌\u密钥
缑智敏
我对Spring Security/Boot(1.2.5)和JWT有问题。
首先,我有一个运行的Auth服务器,它使用JWT。我已经可以测试它并启用/oauth/token_密钥资源。
# curl -u client_id:client_secret http://localhost:8080/oauth/token_key
{"alg":"SHA256withRSA","value":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiGB\n-----END PUBLIC KEY-----"}
在spring boot“28.1.2资源服务器”的文档中(http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/boot-features-security.html)有一个名为“security.oauth2.resource.jwt.key uri”的配置条目。这样就可以从给定的uri加载公钥。与我在此处输入的内容无关,结果总是以下例外情况:
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [javax.servlet.Filter]: : Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setAuthenticationConfiguration(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.setGlobalAuthenticationConfigurers(java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springBootAuthenticationConfigurerAdapter' defined in class path resource [org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.springframework.boot.autoconfigure.security.SecurityProperties]: : Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setAuthenticationConfiguration(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.setGlobalAuthenticationConfigurers(java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springBootAuthenticationConfigurerAdapter' defined in class path resource [org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.springframework.boot.autoconfigure.security.SecurityProperties]: : Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:464)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1119)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1014)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.boot.context.embedded.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:209)
at org.springframework.boot.context.embedded.ServletContextInitializerBeans.addServletContextInitializerBeans(ServletContextInitializerBeans.java:85)
at org.springframework.boot.context.embedded.ServletContextInitializerBeans.<init>(ServletContextInitializerBeans.java:73)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.getServletContextInitializerBeans(EmbeddedWebApplicationContext.java:234)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.selfInitialize(EmbeddedWebApplicationContext.java:221)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.access$000(EmbeddedWebApplicationContext.java:84)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext$1.onStartup(EmbeddedWebApplicationContext.java:206)
at org.springframework.boot.context.embedded.tomcat.TomcatStarter.onStartup(TomcatStarter.java:54)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5156)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
有什么想法吗?
向你问好,斯塔克
共有1个答案
乐正嘉瑞
正如用户M.Deinum在回答中所说的,OAuth2自动配置支持只在SpringBoot的1.3版中添加,因此您需要更新它才能使用它。
类似资料:
-
问题内容: 我正在使用Apache Oltu框架实现OAuth 2.0提供程序服务器,以寻找有关如何在Java中生成访问令牌和秘密令牌的想法。请指教。 问题答案: OAuth 2.0 规范并未说明如何生成令牌和秘密令牌。因此,由您决定是使用一些现有的/锚定数据来生成令牌,还是要使用随机序列来生成令牌。唯一的区别是,如果您使用大概已知的数据(例如,用户数据,例如用户名,创建日期等),则可以在需要时随
-
问题内容: 为了生成用于访问我们的API的32个字符的令牌,我们目前使用: 我已经读到,这种方法不是基于密码的安全性,因为它基于系统时钟,这将是一个更好的解决方案,因为它很难预测。 如果是这种情况,等效代码将是什么样? 我猜是这样的,但是我不知道这是否对… 我应该传递给函数什么长度也有意义? 问题答案: 这是正确的解决方案:
-
我试图解决我的Jetty servlet在HTTPS上运行的问题。 这是浏览器中的错误: 这是卷曲中的错误: 我所做的: > 我创建了密钥库和信任库,如下所述:如何生成密钥库和信任库,以及https://serverfault.com/questions/488003/keytool-subjectalternativename 这是我创建密钥库和信任库的批处理脚本: 我不知道我的情况有什么问题,
-
定义的新集成密钥9xxx7e null 但仍然得到401的回应内容:
-
我们正在使用JWT Nuget来创建和验证令牌。下面是我们用来创建令牌的代码 我的理解是,这不会加密令牌,因为我能够通过访问jwt.io解析令牌,并且能够读取内容。我想加密令牌,这样它就不应该被解析。我在JWT Nuget中找不到任何可以加密令牌的方法。 那么如何使用JWT nuget对令牌进行签名和加密呢? 编辑: 我知道JWT不需要任何加密,因为只有经过身份验证的用户才能读取令牌,这意味着,我
-
我正在使用php saml工具包https://github.com/onelogin/php-saml在web应用程序中实现SSO。身份验证本身可以工作,但当我与拦截代理进行检查时https://portswigger.net/burp/communitydownloadsaml标记以清晰的形式显示(作为xml,带有用户名以及为身份验证传递的所有信息)。在连接器和设置中https://githu
-
我正在尝试从RESTAPI获取数据,他们还没有完全实现OAuth。他们只使用OAuth在您已经拥有访问令牌后使用的签名方法。我已获得消费者密钥 你能建议怎么做吗?
-
问题内容: 我正在尝试使用Elasticsearch来实现自动完成功能,因为我知道该怎么做… 我正在尝试在索引已爬网数据时使用ES的edge_n_grams建立多词(短语)建议。 a 和a 之间有什么区别-我已经阅读了有关这些文档,但仍需要更多了解…。 例如,token_filter是ES用来针对用户输入进行搜索的内容吗?ES用于制作令牌的令牌生成器是吗?什么是代币? ES是否可以使用其中任何一种