我在一个普通的java项目中使用nimbus jost+jwt 8.19版(不使用spring)。我有一些声明,例如 iss、aud 和 sub,并想验证它们。(我希望 iss、aud 和 sub 是一个特定的值)。我希望解析器在声明不匹配时抛出异常。此处提供的示例在早期版本中运行良好,但似乎在以后的版本中有所更改。
早期(8.3版)我曾经使用以下代码进行验证
JWKSet jwkSet = new JWKSet(utils.rsakey);
JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet);
ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
jwtProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("jwt")));
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWTClaimsSet validClaims= new JWTClaimsSet.Builder()
.issuer(InetAddress.getLocalHost().getHostName()
.subject("matchvalue")
.audience("matchvalue")
.build();
JWSKeySelector<SecurityContext> keySelector =
new JWSVerificationKeySelector<>(expectedJWSAlg, jwkSource);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
//exact match claims
validClaims,
//Required claims
new HashSet<>(Arrays.asList("exp", "sub","iss"))));
jwtProcessor.setJWSKeySelector(keySelector);
// Process the token
SecurityContext ctx = null; // optional context parameter, not required here
JWTClaimsSet tokenClaims= jwtProcessor.process(token, ctx);
但现在(8.19 版) DefaultJWTClaimsVerifier 似乎不接受完全匹配声明和必需声明参数。有没有办法实现完全匹配和要求的声明?
我所有的进口商品供参考
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.ws.rs.FormParam;
import javax.ws.rs.core.Response;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;