OAuth 2.0 遷移
使用 JwtTypeValidator 驗證 typ 頭部
如果在遵循 6.5 準備步驟時將 validateTypes 設定為 false,您現在可以將其刪除。您還可以刪除顯式將 JwtTypeValidator 新增到預設列表的操作。
例如,將此
-
Java
-
Kotlin
@Bean
JwtDecoder jwtDecoder() {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
.validateTypes(false) (1)
// ... your remaining configuration
.build();
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
new JwtIssuerValidator(location), JwtTypeValidator.jwt())); (2)
return jwtDecoder;
}@Bean
fun jwtDecoder(): JwtDecoder {
val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
.validateTypes(false) (1)
// ... your remaining configuration
.build()
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
JwtIssuerValidator(location), JwtTypeValidator.jwt())) (2)
return jwtDecoder
}| 1 | - 關閉 Nimbus 對 typ 的驗證 |
| 2 | - 新增預設的 typ 驗證器 |
更改為
-
Java
-
Kotlin
@Bean
JwtDecoder jwtDecoder() {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
// ... your remaining configuration (1)
.build();
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)); (2)
return jwtDecoder;
}@Bean
fun jwtDecoder(): JwtDecoder {
val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
// ... your remaining configuration
.build()
jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)) (2)
return jwtDecoder
}| 1 | - validateTypes 現在預設為 false |
| 2 | - 所有 createDefaultXXX 方法都添加了 JwtTypeValidator#jwt |
為 BearerTokenAuthenticationFilter 提供 AuthenticationConverter
在 Spring Security 7 中,BearerTokenAuthenticationFilter#setBearerTokenResolver 和 #setAuthenticaionDetailsSource 已棄用,取而代之的是在 BearerTokenAuthenticationConverter 上配置它們。
oauth2ResourceServer DSL 解決了大多數用例,您無需執行任何操作。
如果您直接在 BearerTokenAuthenticationFilter 上設定 BearerTokenResolver 或 AuthenticationDetailsSource,類似於以下內容
-
Java
-
Kotlin
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager);
filter.setBearerTokenResolver(myBearerTokenResolver);
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);val filter = BearerTokenAuthenticationFilter(authenticationManager)
filter.setBearerTokenResolver(myBearerTokenResolver)
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)建議您使用 BearerTokenAuthenticationConverter 來同時指定兩者
-
Java
-
Kotlin
BearerTokenAuthenticationConverter authenticationConverter =
new BearerTokenAuthenticationConverter();
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver);
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager, authenicationConverter);val authenticationConverter = BearerTokenAuthenticationConverter()
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver)
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)
val filter = BearerTokenAuthenticationFilter(authenticationManager, authenticationConverter)
