英文:
Validating JWT claims using nimbus jose-jwt (java)
问题
我正在使用nimbus jost+jwt版本8.19在一个普通的Java项目中(不使用Spring)。我有一些声明,如iss、aud和sub,并且想要对它们进行验证(我希望iss、aud和sub是特定的值)。当声明不匹配时,我希望解析器抛出异常。
之前的版本(8.3版)中,我使用以下代码进行验证:
JWKSet jwkSet = new JWKSet(utils.rsakey);
JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet);
ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("jwt")));
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWTClaimsSet validClaims= new JWTClaimsSet.Builder()
.issuer(InetAddress.getLocalHost().getHostName())
.subject("matchvalue")
.audience("matchvalue")
.build();
JWSKeySelector<SecurityContext> keySelector =
new JWSVerificationKeySelector<>(expectedJWSAlg, jwkSource);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
//exact match claims
validClaims,
//Required claims
new HashSet<>(Arrays.asList("exp", "sub","iss"))));
jwtProcessor.setJWSKeySelector(keySelector);
// Process the token
SecurityContext ctx = null; // optional context parameter, not required here
JWTClaimsSet tokenClaims= jwtProcessor.process(token, ctx);
但现在(版本8.19),DefaultJWTClaimsVerifier似乎不再接受exact match claims和Required claims参数。是否有任何方法实现精确匹配和必需的声明?
我所有的导入以供参考:
// 导入部分省略
英文:
I am using nimbus jost+jwt version 8.19 in a normal java project (not using spring). I have some claims such as iss, aud and sub and want to validate them. (I want iss, aud and sub to be a specific value). I want the parser to throw an exception when the claims dont match.
The example provided here worked fine in earlier versions , But it seems like it was changed in later versions.
Earlier (version 8.3) I used to validate using the following code
JWKSet jwkSet = new JWKSet(utils.rsakey);
JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet);
ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("jwt")));
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWTClaimsSet validClaims= new JWTClaimsSet.Builder()
.issuer(InetAddress.getLocalHost().getHostName()
.subject("matchvalue")
.audience("matchvalue")
.build();
JWSKeySelector<SecurityContext> keySelector =
new JWSVerificationKeySelector<>(expectedJWSAlg, jwkSource);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
//exact match claims
validClaims,
//Required claims
new HashSet<>(Arrays.asList("exp", "sub","iss"))));
jwtProcessor.setJWSKeySelector(keySelector);
// Process the token
SecurityContext ctx = null; // optional context parameter, not required here
JWTClaimsSet tokenClaims= jwtProcessor.process(token, ctx);
but now (version 8.19) the DefaultJWTClaimsVerifier does not seem to be accepting exact match claims and Required claims parameters. Is there any way to implement the exact match and required claims?
All of my imports for refrence
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.Response;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
专注分享java语言的经验与见解,让所有开发者获益!
评论