OAuth 2.0 迁移
使用 JwtTypeValidator 验证 typ 头部
如果在遵循 6.5 准备步骤时将 validateTypes 设置为 false,您现在可以将其删除。您还可以删除显式将 JwtTypeValidator 添加到默认列表的操作。
例如,将此
-
Java
-
Kotlin
@Bean
JwtDecoder jwtDecoder() {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
.validateTypes(false) (1)
// ... your remaining configuration
.build();
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
new JwtIssuerValidator(location), JwtTypeValidator.jwt())); (2)
return jwtDecoder;
}@Bean
fun jwtDecoder(): JwtDecoder {
val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
.validateTypes(false) (1)
// ... your remaining configuration
.build()
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
JwtIssuerValidator(location), JwtTypeValidator.jwt())) (2)
return jwtDecoder
}| 1 | - 关闭 Nimbus 对 typ 的验证 |
| 2 | - 添加默认的 typ 验证器 |
更改为
-
Java
-
Kotlin
@Bean
JwtDecoder jwtDecoder() {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
// ... your remaining configuration (1)
.build();
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)); (2)
return jwtDecoder;
}@Bean
fun jwtDecoder(): JwtDecoder {
val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
// ... your remaining configuration
.build()
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)) (2)
return jwtDecoder
}| 1 | - validateTypes 现在默认为 false |
| 2 | - 所有 createDefaultXXX 方法都添加了 JwtTypeValidator#jwt |
为 BearerTokenAuthenticationFilter 提供 AuthenticationConverter
在 Spring Security 7 中,BearerTokenAuthenticationFilter#setBearerTokenResolver 和 #setAuthenticaionDetailsSource 已弃用,取而代之的是在 BearerTokenAuthenticationConverter 上配置它们。
oauth2ResourceServer DSL 解决了大多数用例,您无需执行任何操作。
如果您直接在 BearerTokenAuthenticationFilter 上设置 BearerTokenResolver 或 AuthenticationDetailsSource,类似于以下内容
-
Java
-
Kotlin
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager);
filter.setBearerTokenResolver(myBearerTokenResolver);
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);val filter = BearerTokenAuthenticationFilter(authenticationManager)
filter.setBearerTokenResolver(myBearerTokenResolver)
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)建议您使用 BearerTokenAuthenticationConverter 来同时指定两者
-
Java
-
Kotlin
BearerTokenAuthenticationConverter authenticationConverter =
new BearerTokenAuthenticationConverter();
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver);
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager, authenicationConverter);val authenticationConverter = BearerTokenAuthenticationConverter()
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver)
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)
val filter = BearerTokenAuthenticationFilter(authenticationManager, authenticationConverter)
