Skip to content

Spring 中文文档社区
Spring 中文文档社区

tianxingzijian / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 1
Fork 0
Spring 中文文档社区
Spring 中文文档社区

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
548.67ed7a21.js 7.2 KB
Newer Older
茶陵後's avatar
#1 添加本地编译文件  
茶陵後 已提交
1 
(window.webpackJsonp=window.webpackJsonp||[]).push([[548],{977:function(t,e,n){"use strict";n.r(e);var i=n(56),a=Object(i.a)({},(function(){var t=this,e=t.$createElement,n=t._self._c||e;return n("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[n("h1",{attrs:{id:"客户端身份验证支持"}},[n("a",{staticClass:"header-anchor",attrs:{href:"#客户端身份验证支持"}},[t._v("#")]),t._v(" 客户端身份验证支持")]),t._v(" "),n("h2",{attrs:{id:"jwt-持有人"}},[n("a",{staticClass:"header-anchor",attrs:{href:"#jwt-持有人"}},[t._v("#")]),t._v(" JWT 持有人")]),t._v(" "),n("table",[n("thead",[n("tr",[n("th"),t._v(" "),n("th",[t._v("有关"),n("a",{attrs:{href:"https://datatracker.ietf.org/doc/html/rfc7523#section-2.2",target:"_blank",rel:"noopener noreferrer"}},[t._v("JWT Bearer"),n("OutboundLink")],1),t._v("客户端身份验证的更多详细信息,请参考 JSON Web Token 配置文件中的 OAuth2.0 客户端身份验证和授权授予。")])])]),t._v(" "),n("tbody")]),t._v(" "),n("p",[t._v("JWT 承载客户端身份验证的默认实现是"),n("code",[t._v("NimbusJwtClientAuthenticationParametersConverter")]),t._v(",这是一个"),n("code",[t._v("Converter")]),t._v(",它通过在"),n("code",[t._v("client_assertion")]),t._v("参数中添加签名的 JSON Web 令牌来定制令牌请求参数。")]),t._v(" "),n("p",[t._v("用于对 JWS 进行签名的"),n("code",[t._v("java.security.PrivateKey")]),t._v(""),n("code",[t._v("javax.crypto.SecretKey")]),t._v("由与"),n("code",[t._v("NimbusJwtClientAuthenticationParametersConverter")]),t._v("关联的"),n("code",[t._v("com.nimbusds.jose.jwk.JWK")]),t._v("解析器提供。")]),t._v(" "),n("h3",{attrs:{id:"使用private-key-jwt进行身份验证"}},[n("a",{staticClass:"header-anchor",attrs:{href:"#使用private-key-jwt进行身份验证"}},[t._v("#")]),t._v(" 使用"),n("code",[t._v("private_key_jwt")]),t._v("进行身份验证")]),t._v(" "),n("p",[t._v("给出了 OAuth2.0 客户端注册的以下 Spring Boot2.x 属性:")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("spring:\n  security:\n    oauth2:\n      client:\n        registration:\n          okta:\n            client-id: okta-client-id\n            client-authentication-method: private_key_jwt\n            authorization-grant-type: authorization_code\n            ...\n")])])]),n("p",[t._v("下面的示例展示了如何配置"),n("code",[t._v("WebClientReactiveAuthorizationCodeTokenResponseClient")]),t._v(":")]),t._v(" "),n("p",[t._v("爪哇")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("Function<ClientRegistration, JWK> jwkResolver = (clientRegistration) -> {\n\tif (clientRegistration.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.PRIVATE_KEY_JWT)) {\n\t\t// Assuming RSA key type\n\t\tRSAPublicKey publicKey = ...\n\t\tRSAPrivateKey privateKey = ...\n\t\treturn new RSAKey.Builder(publicKey)\n\t\t\t\t.privateKey(privateKey)\n\t\t\t\t.keyID(UUID.randomUUID().toString())\n\t\t\t\t.build();\n\t}\n\treturn null;\n};\n\nWebClientReactiveAuthorizationCodeTokenResponseClient tokenResponseClient =\n\t\tnew WebClientReactiveAuthorizationCodeTokenResponseClient();\ntokenResponseClient.addParametersConverter(\n\t\tnew NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver));\n")])])]),n("p",[t._v("Kotlin")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("val jwkResolver: Function<ClientRegistration, JWK> =\n    Function<ClientRegistration, JWK> { clientRegistration ->\n        if (clientRegistration.clientAuthenticationMethod.equals(ClientAuthenticationMethod.PRIVATE_KEY_JWT)) {\n            // Assuming RSA key type\n            var publicKey: RSAPublicKey = ...\n            var privateKey: RSAPrivateKey = ...\n            RSAKey.Builder(publicKey)\n                    .privateKey(privateKey)\n                    .keyID(UUID.randomUUID().toString())\n                .build()\n        }\n        null\n    }\n\nval tokenResponseClient = WebClientReactiveAuthorizationCodeTokenResponseClient()\ntokenResponseClient.addParametersConverter(\n    NimbusJwtClientAuthenticationParametersConverter(jwkResolver)\n)\n")])])]),n("h3",{attrs:{id:"使用client-secret-jwt进行身份验证"}},[n("a",{staticClass:"header-anchor",attrs:{href:"#使用client-secret-jwt进行身份验证"}},[t._v("#")]),t._v(" 使用"),n("code",[t._v("client_secret_jwt")]),t._v("进行身份验证")]),t._v(" "),n("p",[t._v("给出了 OAuth2.0 客户端注册的以下 Spring Boot2.x 属性:")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v("spring:\n  security:\n    oauth2:\n      client:\n        registration:\n          okta:\n            client-id: okta-client-id\n            client-secret: okta-client-secret\n            client-authentication-method: client_secret_jwt\n            authorization-grant-type: client_credentials\n            ...\n")])])]),n("p",[t._v("下面的示例展示了如何配置"),n("code",[t._v("WebClientReactiveClientCredentialsTokenResponseClient")]),t._v(":")]),t._v(" "),n("p",[t._v("爪哇")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v('Function<ClientRegistration, JWK> jwkResolver = (clientRegistration) -> {\n\tif (clientRegistration.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.CLIENT_SECRET_JWT)) {\n\t\tSecretKeySpec secretKey = new SecretKeySpec(\n\t\t\t\tclientRegistration.getClientSecret().getBytes(StandardCharsets.UTF_8),\n\t\t\t\t"HmacSHA256");\n\t\treturn new OctetSequenceKey.Builder(secretKey)\n\t\t\t\t.keyID(UUID.randomUUID().toString())\n\t\t\t\t.build();\n\t}\n\treturn null;\n};\n\nWebClientReactiveClientCredentialsTokenResponseClient tokenResponseClient =\n\t\tnew WebClientReactiveClientCredentialsTokenResponseClient();\ntokenResponseClient.addParametersConverter(\n\t\tnew NimbusJwtClientAuthenticationParametersConverter<>(jwkResolver));\n')])])]),n("p",[t._v("Kotlin")]),t._v(" "),n("div",{staticClass:"language- extra-class"},[n("pre",{pre:!0,attrs:{class:"language-text"}},[n("code",[t._v('val jwkResolver = Function<ClientRegistration, JWK?> { clientRegistration: ClientRegistration ->\n    if (clientRegistration.clientAuthenticationMethod == ClientAuthenticationMethod.CLIENT_SECRET_JWT) {\n        val secretKey = SecretKeySpec(\n            clientRegistration.clientSecret.toByteArray(StandardCharsets.UTF_8),\n            "HmacSHA256"\n        )\n        OctetSequenceKey.Builder(secretKey)\n            .keyID(UUID.randomUUID().toString())\n            .build()\n    }\n    null\n}\n\nval tokenResponseClient = WebClientReactiveClientCredentialsTokenResponseClient()\ntokenResponseClient.addParametersConverter(\n    NimbusJwtClientAuthenticationParametersConverter(jwkResolver)\n)\n')])])]),n("p",[n("RouterLink",{attrs:{to:"/spring-security/authorization-grants.html"}},[t._v("OAuth2 授权授予")]),n("RouterLink",{attrs:{to:"/spring-security/authorized-clients.html"}},[t._v("OAuth2 授权客户")])],1)])}),[],!1,null,null,null);e.default=a.exports}}]);