我在使用在 Payara 5.183 上运行的 MicroProfile 2.0.1 后端解码/使用/验证传递给我的 Java EE 8 的 JWT 时遇到问题。React 前端应用程序将从 Keycloak 获得的 JWT 令牌传递到后端,因为后端配置为验证 MicroProfile JWT Auth Spec 1.1中Authorization: Bearer eyXJS...定义的 JWT 令牌,其中包含以下内容:microprofile-config.propertiessrc/main/resources/META-INF
mp.jwt.verify.publickey.location=/META-INF/orange.pem
mp.jwt.verify.issuer=http://localhost:8282/auth/realms/MicroProfile
Keycloak 的公钥存储在orange.pem文件中。JAX-RS 配置如下所示:
@LoginConfig(authMethod = "MP-JWT")
@ApplicationPath("resources")
public class JAXRSConfiguration extends Application {
}
我正在尝试在其中一个端点中使用 JWT:
@Path("secure")
@Stateless
public class VerySecureResource {
@Inject
@ConfigProperty(name = "message")
private String message;
@Inject
private JsonWebToken callerPrincipal;
@GET
public Response message() {
System.out.println(callerPrincipal.getIssuer());
System.out.println(callerPrincipal.getRawToken());
System.out.println(callerPrincipal.getTokenID());
return Response.ok(callerPrincipal.getName() + " is allowed to read message: " + message).build();
}
}
该应用程序部署没有任何错误,我没有在server.logPayara 中获得任何有关 JWT 验证失败的日志信息。我什至打开了fish.payara.microprofile.jwtauth.
[2018-12-26T17:06:20.835+0100] [Payara 5.183] [INFORMATION] [] [org.glassfish.soteria.servlet.SamRegistrationInstaller] [tid: _ThreadID=196 _ThreadName=admin-thread-pool::admin-listener(6)] [timeMillis: 1545840380835] [levelValue: 800] [[
Initializing Soteria 1.1-b01 for context '/microprofile-jwt-keycloak-auth']]
[2018-12-26T17:06:20.841+0100] [Payara 5.183] [INFORMATION] [] [fish.payara.microprofile.jwtauth.servlet.RolesDeclarationInitializer] [tid: _ThreadID=196 _ThreadName=admin-thread-pool::admin-listener(6)] [timeMillis: 1545840380841] [levelValue: 800] [[
Initializing MP-JWT 5.183 for context '/microprofile-jwt-keycloak-auth']]
[2018-12-26T17:06:20.933+0100] [Payara 5.183] [INFORMATION] [AS-WEB-GLUE-00172] [javax.enterprise.web] [tid: _ThreadID=196 _ThreadName=admin-thread-pool::admin-listener(6)] [timeMillis: 1545840380933] [levelValue: 800] [[
Loading application [microprofile-jwt-keycloak-auth] at [/microprofile-jwt-keycloak-auth]]]
[2018-12-26T17:06:20.949+0100] [Payara 5.183] [INFORMATION] [] [javax.enterprise.system.core] [tid: _ThreadID=196 _ThreadName=admin-thread-pool::admin-listener(6)] [timeMillis: 1545840380949] [levelValue: 800] [[
microprofile-jwt-keycloak-auth was successfully deployed in 954 milliseconds.]]
[2018-12-26T17:06:26.428+0100] [Payara 5.183] [INFORMATION] [] [] [tid: _ThreadID=42 _ThreadName=http-thread-pool::http-listener-1(3)] [timeMillis: 1545840386428] [levelValue: 800] [[
null]]
[2018-12-26T17:06:26.428+0100] [Payara 5.183] [INFORMATION] [] [] [tid: _ThreadID=42 _ThreadName=http-thread-pool::http-listener-1(3)] [timeMillis: 1545840386428] [levelValue: 800] [[
null]]
[2018-12-26T17:06:26.428+0100] [Payara 5.183] [INFORMATION] [] [] [tid: _ThreadID=42 _ThreadName=http-thread-pool::http-listener-1(3)] [timeMillis: 1545840386428] [levelValue: 800] [[
null]]
解码后的 JWT 如下所示:
{
"jti": "5a3c600e-95ea-41cb-8e65-8342a3b867bc",
"exp": 1545840603,
"nbf": 0,
"iat": 1545840303,
"iss": "http://localhost:8282/auth/realms/MicroProfile",
"aud": "account",
"sub": "f2a492cb-cf9f-46ac-8f04-941601c6574b",
"typ": "Bearer",
"azp": "react-webapp",
"nonce": "f650eb68-611f-4bd9-97a7-d07f1b3e29de",
"auth_time": 1545840302,
"session_state": "f6627b25-b089-4234-b25c-bffa67a9a8f7",
"acr": "1",
"allowed-origins": [
"http://localhost:3000"
],
"realm_access": {
"roles": [
"offline_access",
"uma_authorization",
"USER"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid profile email",
"email_verified": false,
"name": "duke duke",
"groups": [
"/USER"
],
"preferred_username": "duke",
"given_name": "duke",
"family_name": "duke",
"email": "duke@jakarta.ee"
}
整个代码库在GitHub上可用