快捷導(dǎo)航

springboot?集成identityserver4身份驗證的過程解析

更新時間：2024年01月20日 11:15:55 作者：大熊程序猿

這篇文章主要介紹了springboot?集成identityserver4身份驗證的相關(guān)知識,本文給大家介紹的非常詳細,對大家的學(xué)習(xí)或工作具有一定的參考借鑒價值,需要的朋友參考下吧

一、新建項目：com.saas.swaggerdemo

詳情見：spring-boot2.7.8添加swagger

在之前項目基礎(chǔ)上添加如下依賴

       <dependency>
            <groupId>com.nimbusds</groupId>
            <artifactId>nimbus-jose-jwt</artifactId>
            <version>7.9</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.4.10</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.6</version>
        </dependency>
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
            <version>1.11</version>
        </dependency>
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>20180813</version>
        </dependency>

二、添加過濾器JwkFilter

package com.saas.swaggerdemo;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.SecurityContext;
import org.json.JSONObject;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URL;
import java.text.ParseException;
import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.source.*;
import com.nimbusds.jwt.*;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jwt.proc.*;
@WebFilter(urlPatterns = "/*", filterName="jwkTokenFilter")
public class JwkFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("jwk公鑰解析驗證授權(quán)...");
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
    {
        boolean authenticated = false;
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse rep = (HttpServletResponse) servletResponse;
        boolean authorizationHeaderExist = req.getHeader("Authorization") != null;
        if (!authorizationHeaderExist) {
            rep.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        String jwkEndpoint = "http://192.168.31.132:7000/.well-known/openid-configuration/jwks";
        String token = cutToken(req.getHeader("Authorization"));
        ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();
        JWKSource keySource = new RemoteJWKSet(new URL(jwkEndpoint));
        JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
        JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource);
        if(keySelector==null)
        {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            System.out.println("無法獲取公鑰");
            return;
        }
        jwtProcessor.setJWSKeySelector(keySelector);
        SecurityContext ctx = null;
        JWTClaimsSet claimsSet = null;
        try {
            claimsSet = jwtProcessor.process(token, ctx);
            authenticated = true;
        } catch (ParseException e) {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            e.printStackTrace();
            return;
        } catch (BadJOSEException e) {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            e.printStackTrace();
            return;
        } catch (JOSEException e) {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            e.printStackTrace();
            return;
        }
        System.out.println(claimsSet.toJSONObject());
        if(claimsSet==null) {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        JSONObject jo = new JSONObject(claimsSet.toJSONObject());
        String userid = jo.getString("userid");
        if (authenticated)
        {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
    }
    //幫助類
    public String cutToken(String originToken)
    {
        String[] temp = originToken.split(" ");
        return temp[1];
    }
    @Override
    public void destroy() {
    }
}

添加 @ServletComponentScan

三、準(zhǔn)備Identityserver4Server

三、測試

Postman帶上Token調(diào)用接口

獲取到用戶ID

使用過期或無效的token

到此這篇關(guān)于springboot 集成identityserver4身份驗證的文章就介紹到這了,更多相關(guān)springboot 集成identityserver身份驗證內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: