WEB/Security
Lesson 19 - Configuring the authorization server to expose the public key
Tony Lim
2022. 5. 11. 11:40
728x90
created public key accessible from resource server by giving endpoint url
with client's credenital set up in Authorization
no access token
get access token by using user's credential and client's credential
now we can access resource server with access token (JWT)
security.oauth2.resource.jwt.key-uri=http://localhost:8080/oauth/token_key
security.oauth2.client.client-id=rs
security.oauth2.client.client-secret=rssecretresoruce server will be able to validate by given public key from key-uri
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig
extends AuthorizationServerConfigurerAdapter {
@Autowired
public AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client1")
.secret("secret1")
.authorizedGrantTypes("password")
.scopes("read")
.and()
.withClient("rs")
.secret("rssecret");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.accessTokenConverter(converter());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("isAuthenticated()"); // isAuthenticated() permitAll()
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(converter());
}
@Bean
public JwtAccessTokenConverter converter() {
var conv = new JwtAccessTokenConverter();
KeyStoreKeyFactory keyFactory =
new KeyStoreKeyFactory(
new ClassPathResource("ssia.jks"),
"ssia123".toCharArray()
);
conv.setKeyPair(keyFactory.getKeyPair("ssia"));
return conv;
}
}
728x90