0

MongooseIM规定使用 JWT 代替用户名和密码进行授权。

在服务器端,文档建议修改mongooseim.toml文件(可以在 找到/etc/mongooseim/mongooseim.toml

[auth]
  methods = ["jwt"]

  [auth.jwt]
    secret.value = "top-secret123"
    algorithm = "HS256"
    username_key = "user"

但是,如何从 Gajim 或 Java 代码进行身份验证?

4

1 回答 1

0

让我们首先了解幕后发生的事情。

而不是传递用户名-密码对。我们创建一个 JWT 令牌并发送它。JWT 令牌是无状态的,这意味着如果一个人拥有密钥,则可以将令牌解码和编码到/来自原始消息。

这是Java中的工作代码。我们生成 JWT 令牌并发送该令牌而不是密码。为了生成 JWT 令牌,我们使用了 Auth0(您需要在类路径中添加它)。链接到 Maven项目


import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import org.jivesoftware.smack.AbstractXMPPConnection;
import org.jivesoftware.smack.ConnectionConfiguration;
import org.jivesoftware.smack.chat2.Chat;
import org.jivesoftware.smack.chat2.ChatManager;
import org.jivesoftware.smack.tcp.XMPPTCPConnection;
import org.jivesoftware.smack.tcp.XMPPTCPConnectionConfiguration;
import org.jxmpp.jid.Jid;
import org.jxmpp.jid.impl.JidCreate;

import javax.net.ssl.X509TrustManager;
import java.net.InetAddress;
import java.util.Date;

public class JWTMain {
    private final static String senderUsername = "jatin";
    private final static String senderPassword = "abcd";

    private final static String sendTo = "dad";

    public static void main(String[] args) throws Exception {

        Algorithm algorithm = Algorithm.HMAC256("top-secret123");
        String token = JWT.create()
                .withClaim("user", senderUsername) // they key needs to match with `username_key` in mongooseim.toml file
                .withClaim(senderUsername, senderPassword)
                .sign(algorithm);

        System.out.println("Token generated: " + token);

        XMPPTCPConnectionConfiguration config = XMPPTCPConnectionConfiguration.builder()
                .setSecurityMode(ConnectionConfiguration.SecurityMode.required)
                .setUsernameAndPassword("jatin", token)
                .setXmppDomain(JidCreate.domainBareFrom("localhost"))
                .setHostAddress(InetAddress.getByName("localhost"))
                .setPort(5222)
                .setCustomX509TrustManager(new TrustAllManager())
                .addEnabledSaslMechanism("PLAIN")
                .build();

        AbstractXMPPConnection connection = new XMPPTCPConnection(config);
        AbstractXMPPConnection connect = connection.connect();
        connection.login();
        sendMessage("This message is being sent programmatically? " + new Date(), sendTo + "@localhost", connect);
    }

    private static void sendMessage(String body, String toJid, AbstractXMPPConnection mConnection) throws Exception {
        Jid jid = JidCreate.from(toJid);
        Chat chat = ChatManager.getInstanceFor(mConnection)
                .chatWith(jid.asEntityBareJidIfPossible());
        chat.send(body);
        System.out.println("Message sent to : " + toJid);
    }
}


class TrustAllManager implements X509TrustManager {
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }

    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
    }
}

如果您想使用 JWT 令牌登录 Gajim:

上述程序输出 JWT 令牌。您可以使用该令牌并在密码字段中提供该令牌。

在此处输入图像描述

于 2021-04-12T13:57:09.383 回答