From 2b527171e0a8c7b2200190e19e5be11ef494af1e Mon Sep 17 00:00:00 2001 From: wangjianhong <546732225seven@gmail.com> Date: Thu, 7 Aug 2025 15:29:45 +0800 Subject: [PATCH] no message --- .../AuthorizationServerAutoConfigurer.java | 12 ++++- .../authorization/config/JwkConfig.java | 53 +++++++++++++++++++ 2 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/arrokoth/standalone/authorization/config/JwkConfig.java diff --git a/src/main/java/com/arrokoth/standalone/authorization/config/AuthorizationServerAutoConfigurer.java b/src/main/java/com/arrokoth/standalone/authorization/config/AuthorizationServerAutoConfigurer.java index bc62348..de1cf2f 100644 --- a/src/main/java/com/arrokoth/standalone/authorization/config/AuthorizationServerAutoConfigurer.java +++ b/src/main/java/com/arrokoth/standalone/authorization/config/AuthorizationServerAutoConfigurer.java @@ -43,11 +43,19 @@ public class AuthorizationServerAutoConfigurer { authorizationServerConfigurer.authorizationEndpoint( authorizationEndpoint -> authorizationEndpoint.consentPage(authorizationServerProperties.getConsentPage())); + http + .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) + // 仅匹配 OAuth2 授权服务器端点(如 /oauth2/authorize, /token 等) + .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) + .with(authorizationServerConfigurer, (authorizationServer) -> + authorizationServer + .oidc(Customizer.withDefaults()) // Initialize `OidcConfigurer` + ); + // 开始构建 HTTP 安全配置 http .csrf(AbstractHttpConfigurer::disable) // 暂时禁用 CSRF 保护(可根据需要启用) - // 仅匹配 OAuth2 授权服务器端点(如 /oauth2/authorize, /token 等) - .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher()) + // 请求授权规则:所有匹配该过滤链的请求都必须经过身份验证 .authorizeHttpRequests((authorize) -> authorize .anyRequest().authenticated() diff --git a/src/main/java/com/arrokoth/standalone/authorization/config/JwkConfig.java b/src/main/java/com/arrokoth/standalone/authorization/config/JwkConfig.java new file mode 100644 index 0000000..676c013 --- /dev/null +++ b/src/main/java/com/arrokoth/standalone/authorization/config/JwkConfig.java @@ -0,0 +1,53 @@ +package com.arrokoth.standalone.authorization.config; + +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.source.ImmutableJWKSet; +import com.nimbusds.jose.jwk.source.JWKSource; +import com.nimbusds.jose.proc.SecurityContext; +import lombok.extern.slf4j.Slf4j; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.UUID; + +@Slf4j // 使用 Lombok 提供的日志记录器 +@Configuration // 标记为 Spring 配置类 +public class JwkConfig { + private static KeyPair generateRsaKey() { + KeyPair keyPair; + try { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + keyPairGenerator.initialize(2048); + keyPair = keyPairGenerator.generateKeyPair(); + } catch (Exception ex) { + throw new IllegalStateException(ex); + } + return keyPair; + } + + @Bean + public JWKSource jwkSource() { + KeyPair keyPair = generateRsaKey(); + RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); + RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); + RSAKey rsaKey = new RSAKey.Builder(publicKey) + .privateKey(privateKey) + .keyID(UUID.randomUUID().toString()) + .build(); + JWKSet jwkSet = new JWKSet(rsaKey); + return new ImmutableJWKSet<>(jwkSet); + } + + @Bean + public JwtDecoder jwtDecoder(JWKSource jwkSource) { + return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource); + } + +}