2

我在一个普通的java项目中使用nimbus jost+jwt 8.19版(不使用spring)。我有一些声明,例如 iss、aud 和 sub,并想验证它们。(我希望 iss、aud 和 sub 是一个特定的值)。我希望解析器在声明不匹配时抛出异常。此处提供的示例在早期版本中运行良好,但似乎在以后的版本中有所更改。

早期(8.3版)我曾经使用以下代码进行验证

    JWKSet jwkSet = new JWKSet(utils.rsakey);
    JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet);

    ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
    jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("jwt")));

    JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;

    JWTClaimsSet validClaims= new JWTClaimsSet.Builder()
            .issuer(InetAddress.getLocalHost().getHostName()
            .subject("matchvalue")
            .audience("matchvalue")
            .build();

    JWSKeySelector<SecurityContext> keySelector =
            new JWSVerificationKeySelector<>(expectedJWSAlg, jwkSource);

    jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
            //exact match claims
            validClaims,
            //Required claims
            new HashSet<>(Arrays.asList("exp", "sub","iss")))); 
    jwtProcessor.setJWSKeySelector(keySelector);

    // Process the token
    SecurityContext ctx = null; // optional context parameter, not required here
    JWTClaimsSet tokenClaims= jwtProcessor.process(token, ctx);

但现在(8.19 版) DefaultJWTClaimsVerifier 似乎不接受完全匹配声明和必需声明参数。有没有办法实现完全匹配和要求的声明?

我所有的进口商品供参考

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.Response;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
4

0 回答 0