Spring security 使用RSA验证JWT令牌的步骤
我试图验证jwt令牌并在线程“main”java.lang.IllegalArgumentException中获取异常:当前仅支持私钥数据 有关于如何使用公钥验证jwt令牌的指针吗Spring security 使用RSA验证JWT令牌的步骤,spring-security,java-8,Spring Security,Java 8,我试图验证jwt令牌并在线程“main”java.lang.IllegalArgumentException中获取异常:当前仅支持私钥数据 有关于如何使用公钥验证jwt令牌的指针吗 import org.springframework.security.jwt.JwtHelper; public boolean verify(String jwtToken) { ResponseEntity<JwtKey> response = restTemplate
import org.springframework.security.jwt.JwtHelper;
public boolean verify(String jwtToken) {
ResponseEntity<JwtKey> response = restTemplate.getForEntity(tokenKey, JwtKey.class);
JwtKey jwtKey = response.getBody();
Jwt decode = JwtHelper.decode(jwtToken);
System.out.println(decode);
System.out.println(decode.getClaims());
JwtHelper.decodeAndVerify(jwtToken, new RsaVerifier(jwtKey.getValue()));
return true;
}
import org.springframework.security.jwt.JwtHelper;
公共布尔验证(字符串jwtToken){
ResponseEntity response=restemplate.getForEntity(tokenKey,JwtKey.class);
JwtKey=response.getBody();
Jwt decode=JwtHelper.decode(jwtToken);
系统输出打印项次(解码);
System.out.println(decode.getClaims());
decodeandvirify(jwtToken,新的rsavirifier(jwtKey.getValue());
返回true;
}
@Bean RsaVerifier rsaVerifier(){
Resource resource = new ClassPathResource(pubKeyFilename);
try {
String pubKey = IOUtils.toString(resource.getInputStream(), "UTF-8");
return new RsaVerifier(pubKey);
} catch (final IOException e) {
throw new Exception("Cannot get public key to check JWT",e);
}
}
Jwt jwt = JwtHelper.decodeAndVerify(token, rsaVerifier());
使用公钥创建RSA验证器:
@Bean RsaVerifier rsaVerifier(){
Resource resource = new ClassPathResource(pubKeyFilename);
try {
String pubKey = IOUtils.toString(resource.getInputStream(), "UTF-8");
return new RsaVerifier(pubKey);
} catch (final IOException e) {
throw new Exception("Cannot get public key to check JWT",e);
}
}
Jwt jwt = JwtHelper.decodeAndVerify(token, rsaVerifier());
最后,我采用了下面的解决方案
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.apache.commons.lang.StringUtils;
public boolean verify(String jwtToken) {
JWTKey jwtKey = restTemplateManager.getTokenPublicKey();
try {
JwtHelper.decodeAndVerify(jwtToken, new RsaVerifier(getRSAPublicKey(jwtKey.getValue())));
} catch (Exception e) {
logger.error("Error in verifying token{}", e);
return false;
}
return true;
}
private RSAPublicKey getRSAPublicKey(String publicKey) {
if( StringUtils.isBlank(publicKey)) return null;
publicKey = sanitaize(publicKey);
try {
KeyFactory keyFactory = java.security.KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(java.util.Base64.getDecoder().decode(publicKey));
return (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
logger.error("Error forming RSA key {}", e);
throw new GatewayException(e);
}
}
最后,我采用了下面的解决方案
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.apache.commons.lang.StringUtils;
public boolean verify(String jwtToken) {
JWTKey jwtKey = restTemplateManager.getTokenPublicKey();
try {
JwtHelper.decodeAndVerify(jwtToken, new RsaVerifier(getRSAPublicKey(jwtKey.getValue())));
} catch (Exception e) {
logger.error("Error in verifying token{}", e);
return false;
}
return true;
}
private RSAPublicKey getRSAPublicKey(String publicKey) {
if( StringUtils.isBlank(publicKey)) return null;
publicKey = sanitaize(publicKey);
try {
KeyFactory keyFactory = java.security.KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(java.util.Base64.getDecoder().decode(publicKey));
return (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
logger.error("Error forming RSA key {}", e);
throw new GatewayException(e);
}
}