WEB/Security

Lesson 19 - Configuring the authorization server to expose the public key

Tony Lim 2022. 5. 11. 11:40
728x90

created public key accessible from resource server by giving endpoint url 

with client's credenital set up in Authorization

 

no access token

 

get access token by using user's credential and client's credential

now we can access resource server with access token (JWT)

 

security.oauth2.resource.jwt.key-uri=http://localhost:8080/oauth/token_key
        
security.oauth2.client.client-id=rs
security.oauth2.client.client-secret=rssecret

resoruce server will be able to validate by given public key from key-uri

 

@Configuration
@EnableAuthorizationServer
public class AuthServerConfig
        extends AuthorizationServerConfigurerAdapter {

    @Autowired
    public AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client1")
                .secret("secret1")
                .authorizedGrantTypes("password")
                .scopes("read")
                    .and()
                .withClient("rs")
                .secret("rssecret");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager)
                 .tokenStore(tokenStore())
                 .accessTokenConverter(converter());
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("isAuthenticated()"); // isAuthenticated() permitAll()
    }

    @Bean
    public TokenStore tokenStore() {
      return new JwtTokenStore(converter());
    }

    @Bean
    public JwtAccessTokenConverter converter() {
        var conv = new JwtAccessTokenConverter();

        KeyStoreKeyFactory keyFactory =
                new KeyStoreKeyFactory(
                      new ClassPathResource("ssia.jks"),
                      "ssia123".toCharArray()
                );

        conv.setKeyPair(keyFactory.getKeyPair("ssia"));

        return conv;
    }
}

 

728x90
저작자표시

'WEB > Security' 카테고리의 다른 글

Lesson 23 - Configuring endpoint authorization  (0) 2022.05.13
Lesson 20 - Using Keycloak as an authorization server  (0) 2022.05.11
Lesson 17,18 - Using symmetric , asymmetric keys with JWT  (0) 2022.05.11
Lesson 16 - Using non-opaque tokens in Spring Security with JWT  (0) 2022.05.10
Lesson 15 - Using Opaque Tokens - Blackboarding  (0) 2022.05.09

'WEB/Security'의 다른글

  • 현재글Lesson 19 - Configuring the authorization server to expose the public key

관련글

댓글

티스토리툴바