2

我使用以下命令创建了一个新的 Quarkus 应用程序:

mvn io.quarkus:quarkus-maven-plugin:1.13.7.Final:create \
    -DprojectGroupId=com.okta.rest \
    -DprojectArtifactId=quarkus \
    -DclassName="com.okta.rest.quarkus.HelloResource" \
    -Dpath="/hello" \
    -Dextensions="smallrye-jwt"

然后,我修改了生成HelloResource的以打印出用户名。

package com.okta.rest.quarkus;

import io.quarkus.security.Authenticated;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.SecurityContext;
import java.security.Principal;

@Path("/hello")
public class HelloResource {

    @GET
    @Path("/")
    @Authenticated
    @Produces(MediaType.TEXT_PLAIN)
    public String hello(@Context SecurityContext context) {
        Principal userPrincipal = context.getUserPrincipal();
        return "Hello, " + userPrincipal.getName() + "!";
    }

}

为了与 Okta 一起工作,我添加了几个属性application.properties

mp.jwt.verify.publickey.location=https://dev-1309757.okta.com/oauth2/default/v1/keys
mp.jwt.verify.issuer=https://dev-1309757.okta.com/oauth2/default

我修复了它,HelloResourceTest所以它现在需要一个 401。

package com.okta.rest.quarkus;

import io.quarkus.test.junit.QuarkusTest;
import org.junit.jupiter.api.Test;

import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.is;

@QuarkusTest
public class HelloResourceTest {

    @Test
    public void testHelloEndpoint() {
        given()
          .when().get("/hello")
          .then()
             .statusCode(401);
    }

}

然后,我跑了./mvnw quarkus:dev。我能够使用 OIDC 调试器生成有效的访问令牌并使用HTTPie访问此 API。

http :8080/hello Authorization:"Bearer $TOKEN"

回应是:

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain;charset=UTF-8

Hello, matt.raible@okta.com!

但是,如果我将其构建为本机映像./mvnw package -Pnative并尝试运行它,我将无法访问 API。

我不确定Unable to get GraalVM version构建时是否需要担心错误。

[INFO] --- quarkus-maven-plugin:1.13.7.Final:build (default) @ quarkus ---
[INFO] [org.jboss.threads] JBoss Threads version 3.2.0.Final
[INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building native image source jar: /Users/mraible/graalvm-java/quarkus/target/quarkus-1.0.0-SNAPSHOT-native-image-source-jar/quarkus-1.0.0-SNAPSHOT-runner.jar
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Building native image from /Users/mraible/graalvm-java/quarkus/target/quarkus-1.0.0-SNAPSHOT-native-image-source-jar/quarkus-1.0.0-SNAPSHOT-runner.jar
[ERROR] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Unable to get GraalVM version from the native-image binary.
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] /Users/mraible/.sdkman/candidates/java/21.1.0.r11-grl/bin/native-image ...

跑步./target/quarkus-1.0.0-SNAPSHOT-runner开始一切都很好。

2021-06-14 16:19:10,616 INFO  [io.quarkus] (main) quarkus 1.0.0-SNAPSHOT native (powered by Quarkus 1.13.7.Final) started in 0.020s. Listening on: http://0.0.0.0:8080
2021-06-14 16:19:10,617 INFO  [io.quarkus] (main) Profile prod activated.
2021-06-14 16:19:10,617 INFO  [io.quarkus] (main) Installed features: [cdi, mutiny, resteasy, security, smallrye-context-propagation, smallrye-jwt, vertx, vertx-web]

但是,我无法使用/hello有效的访问令牌访问端点。

$ http :8080/hello Authorization:"Bearer $TOKEN"
HTTP/1.1 401 Unauthorized
content-length: 0
www-authenticate: Bearer {token}

如果我停止本机应用程序并运行./mvnw quarkus:dev,则相同的命令有效。

$ http :8080/hello Authorization:"Bearer $TOKEN"
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain;charset=UTF-8

Hello, matt.raible@okta.com!
4

1 回答 1

1

请启用quarkus-smallrye-jwt TRACE 日志记录以查看令牌被拒绝的原因。实际上,正如您还发现的那样,https需要在本机映像中启用协议,这可以通过添加<quarkus.native.additional-build-args>--enable-url-protocols=https</quarkus.native.additional-build-args>pom.xml.

此 PR将确保不需要手动添加它。

谢谢

于 2021-06-15T15:18:38.743 回答