当我包含资源服务器时,我无法验证客户端的访问令牌
当我包含资源服务器时,我无法验证客户端的访问令牌
提问于 2022-10-29 03:49:49
我今天来问你关于我的码头集装箱的这个问题。实际上,我使用OAuth2保护rest资源,如pom.xml所示,
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>这是应用程序属性配置。
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://authServer.com/auth/realms/api-dev我的授权服务器是keycloak,并且部署在一个Docker容器中,当我启动我的资源时,没有码头,一切都是正确的,并且我可以认证客户端的访问权限,并且没有问题地访问资源保护。但是,当我将服务器资源容器化时,我收到一个401错误,作为我的邮递员客户端的返回,码头容器日志如下所示
org.springframework.security.authentication.AuthenticationServiceException: An error occurred while attempting to decode the Jwt: Couldn't retrieve remote JWK set: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://authServer.com/auth/realms/api-dev/protocol/openid-connect/certs": Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)
Caused by: org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Couldn't retrieve remote JWK set: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://authServer.com/auth/realms/api-dev/protocol/openid-connect/certs": Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)
at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:169) ~[spring-security-oauth2-jose-5.7.4.jar!/:5.7.4]
at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:137) ~[spring-security-oauth2-jose-5.7.4.jar!/:5.7.4]
at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:97) ~[spring-security-oauth2-resource-server-5.7.4.jar!/:5.7.4]
... 55 common frames omitted
Caused by: com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://authServer.com/auth/realms/api-dev/protocol/openid-connect/certs": Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)事实上,我只是想保护我的资源,只给那些拥有有效访问令牌的人授权。
回答 1
Stack Overflow用户
发布于 2022-10-30 10:00:21
为了检查JWT的签名是否有效,Security需要获取配置选项定义的证书
spring.security.oauth2.resourceserver.jwt.issuer通过Keycloak的领域配置定义的cert端点。
当您为Keycloak和Resource使用不同的停靠容器时,您应该确保一个容器可以在网络级别上与另一个容器交互。您可以找到许多详细描述如何在容器之间实现网络可用性的教程,只需选择一个您可以使用名称而不是IP地址的教程。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74242690
复制相关文章
相似问题
腾讯云开发者
