如何使用java验证keybeave签名的JWT
我有一个由keyCloack生成的JWT,RS256,类似这样的东西 样本:如何使用java验证keybeave签名的JWT,java,jwt,rsa,keycloak,Java,Jwt,Rsa,Keycloak,我有一个由keyCloack生成的JWT,RS256,类似这样的东西 样本: eyJhbGciOwia2lkIiA6ICJtSG1lajZEc09GaV9MejdSMjhzWjdMWkxBRXVzIn0.eyBzA2MzQvOTcwNjM1L1NNUyIsIi83Ni83NS9TTVMiXSwicHJYW1lIjoidGVzdDEwNUB1c2VyLmNvbSIsInVzZXJOYW1lIjoidGVzdDEwNUB1c2VyLmNvbSIsInVzZXJJZCI6IjU4NDM2NmQ4LWU
eyJhbGciOwia2lkIiA6ICJtSG1lajZEc09GaV9MejdSMjhzWjdMWkxBRXVzIn0.eyBzA2MzQvOTcwNjM1L1NNUyIsIi83Ni83NS9TTVMiXSwicHJYW1lIjoidGVzdDEwNUB1c2VyLmNvbSIsInVzZXJOYW1lIjoidGVzdDEwNUB1c2VyLmNvbSIsInVzZXJJZCI6IjU4NDM2NmQ4LWU5NDItNGJhNy04OGVlLWMyZTBlODhmZmY5ZCIsImVtYWlsIjoidGVzdDEwNUB1c2VyLmNvbSJ9.4TgC1MLyUl1P36oD6FafBCh0peEaCBmkyLheVjnlBu8uePl9xgEN6wdeWe
我需要使用KeyClock证书解码和验证此令牌
我可以通过api获得KeyClock证书
https://xxx.xxx.com.tr/auth/realms/myrealm/protocol/openid-connect/certs
在响应中,我有x5c字段
{
"keys": [
{
"kid": "j6DsCpPOz1RXJhtPR28sZ7LZLAEus",
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"n": "m0oTFvyLhLGIciXfndxc7uhIKE2-q9nJQKByd0FVYe8Cd4CHDpTzzcYdPWRR-1_VKQ75wqpybRt-LnnTKPNCXrPtPDRn2GFihtYyyO8VjeVtnz-iYJJAHkdp25HlMtX9l-VjnQX9s70-lbMmCVCRTerw",
"e": "AQAB",
"x5c": [
"MIICnTCCAYUCBgFzh2ZkQzANBgkqhkiG9w0BAQ50F/bO9PpWzJglQkU3q8CAwEAATANBgkqhkiG9w01faO/9ZzyiLMLsorUKzYPNAxc7Q9rLE0J2MCWfapx3/E4yyNjISuB1HpS5iF44OEhGHJlw7JQeogcZat0enB8yyXtP/cgBhCnrWwfugX8rHsWfHakBGdsoazR9w=="
],
"x5t": "YF6LE97opzsTtD-yLNx9-Lo",
"x5t#S256": "SdNCfMbCjvcq-JY3iiGAj7De9Hal_0Cck-bDFK3Ow"
}
]
}
如果我把x5c部件放在----证书----标签中,我就可以验证这个jwt
如何在Java中验证相同的东西
我尝试了几件事,但都失败了。我想你们可以用图书馆来做这件事
HttpsJwks httpsJkws=新的HttpsJwks(“https://xxx.xxx.com.tr/auth/realms/myrealm/protocol/openid-connect/certs");
HttpsJwksVerificationKeyResolver httpsJwksKeyResolver=新的HttpsJwksVerificationKeyResolver(httpsJkws);
//使用JwtConsumerBuilder构造适当的JwtConsumer,它将
//用于验证和处理JWT。但是,在这种情况下,为其提供
//HttpsJwksVerificationKeyResolver实例,而不是设置
//明确验证密钥。
jwtConsumer=newjwtconsumerbuilder()
// ... JwtConsumerBuilder的其他设置。。。
.setVerificationKeyResolver(httpsJwksKeyResolver)
// ...
.build();
我找到了路
首先,我们需要登录keycloack控制台,您可以访问与领域相关的公钥
现在,您有了来自KeyClope的publickey和来自user的JWT
您需要先导入相关的库
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.2</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.2</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.2</version>
<scope>runtime</scope>
</dependency>
我们有公钥,我们需要验证它
Jws<Claims> jwt = null;
try {
jwt = Jwts.parserBuilder()
.setSigningKey(publicKey)
.build()
.parseClaimsJws(token);
} catch (Exception e) {
// if you get error, that means token is invalid.
}
Jws-jwt=null;
试一试{
jwt=Jwts.parserBuilder()
.设置点火钥匙(公钥)
.build()
.parseClaimsJws(令牌);
}捕获(例外e){
//若得到错误,则表示令牌无效。
}
这是否回答了您的问题@jps not it not我在下面添加了一个解决方案,如果您正在将插件写入KeyClope,使用AppAuthManager可以帮助您验证令牌。这不是你正在寻找的,但可能会帮助某人。虽然此链接可能会回答问题,但最好在此处包含答案的基本部分,并提供链接供参考。如果链接页面发生更改,仅链接的答案可能无效。-@Carsten Løvbo Andersen你完全正确。我编辑了我的答案。
String token = "ghfghfdhdhdfhdfghdhdfhdfhdfhhdf";
String rsaPublicKey = "awdasdsadaefafafaef5df65d4f";
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(rsaPublicKey));
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey = kf.generatePublic(keySpec);
Jws<Claims> jwt = null;
try {
jwt = Jwts.parserBuilder()
.setSigningKey(publicKey)
.build()
.parseClaimsJws(token);
} catch (Exception e) {
// if you get error, that means token is invalid.
}