完成 - Spring Security JWT Token_Key

Posted 2023-02-27

【中文标题】完成 - Spring Security JWT Token_Key

【英文标题】：Done - Spring Security JWT Token_Key

【发布时间】：2015-10-11 23:48:06

【问题描述】：

我对 Spring Security / Boot (1.2.5) 和 JWT 有疑问。

首先，我有一个使用 JWT 的正在运行的 Auth-Server。我已经可以对其进行测试并启用 /oauth/token_key 资源。

# curl -u client_id:client_secret http://localhost:8080/oauth/token_key
"alg":"SHA256withRSA","value":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiGB\n-----END PUBLIC KEY-----"

在spring boot“28.1.2 Resource Server”（http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/boot-features-security.html）的文档中有一个配置条目叫做：“security.oauth2.resource.jwt.key-uri”。这样就可以从给定的uri加载公钥。与我在那里输入的内容无关，结果始终是以下异常：

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [javax.servlet.Filter]: : Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setAuthenticationConfiguration(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.setGlobalAuthenticationConfigurers(java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springBootAuthenticationConfigurerAdapter' defined in class path resource [org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.springframework.boot.autoconfigure.security.SecurityProperties]: : Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setAuthenticationConfiguration(org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.setGlobalAuthenticationConfigurers(java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springBootAuthenticationConfigurerAdapter' defined in class path resource [org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.springframework.boot.autoconfigure.security.SecurityProperties]: : Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityProperties': Could not bind properties to [unknown] (target=security, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Cannot access indexed value in property referenced in indexed property path 'oauth2[client][accessTokenUri]'; nested exception is org.springframework.beans.NotReadablePropertyException: Invalid property 'oauth2[client][accessTokenUri]' of bean class [org.springframework.boot.autoconfigure.security.SecurityProperties]: Bean property 'oauth2[client][accessTokenUri]' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
    at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:464)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1119)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1014)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
    at org.springframework.boot.context.embedded.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:209)
    at org.springframework.boot.context.embedded.ServletContextInitializerBeans.addServletContextInitializerBeans(ServletContextInitializerBeans.java:85)
    at org.springframework.boot.context.embedded.ServletContextInitializerBeans.<init>(ServletContextInitializerBeans.java:73)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.getServletContextInitializerBeans(EmbeddedWebApplicationContext.java:234)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.selfInitialize(EmbeddedWebApplicationContext.java:221)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.access$000(EmbeddedWebApplicationContext.java:84)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext$1.onStartup(EmbeddedWebApplicationContext.java:206)
    at org.springframework.boot.context.embedded.tomcat.TomcatStarter.onStartup(TomcatStarter.java:54)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5156)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

有什么想法吗？

最好的问候， 堆栈

【问题讨论】：

适用于 Spring Boot 1.3 而不是 1.2... Oath2 自动配置支持已在 1.3 中添加。要么更新，要么另谋出路。

哦，你完全正确。我会用M2。对不起这个愚蠢的问题。完全错过了..

【参考方案1】：

正如用户 M. Deinum 已经在他的回答中所说，OAuth2 自动配置支持仅在 version 1.3 of Spring Boot 中添加，因此您需要对其进行更新才能使用它。