Last active
May 5, 2023 07:19
-
-
Save AutMaple/5724b819875133b38435a98324052436 to your computer and use it in GitHub Desktop.
[Spring Cloud Gateway 作为 OAuth2 Resource Server 整合 Keycloak] #Keycloak #SpringCloudGateway #OAuth2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.autmaple.config; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.config.web.server.ServerHttpSecurity; | |
| import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; | |
| import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder; | |
| import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; | |
| import org.springframework.security.web.server.SecurityWebFilterChain; | |
| @Configuration | |
| public class SecurityConfig { | |
| @Bean | |
| public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) { | |
| httpSecurity | |
| .authorizeExchange() | |
| .anyExchange().authenticated() | |
| .and() | |
| .oauth2ResourceServer() | |
| .jwt(); | |
| return httpSecurity.build(); | |
| } | |
| @Bean | |
| ReactiveJwtDecoder reactiveJwtDecoder() { | |
| // 默认提供的 SupplierReactiveJwtDecoder 不支持 ES256 加密算法 | |
| // 而 Keycloak 提供的 jwt 使用的是 ES256 加密算法进行加密 | |
| // 因此需要为 Keycloak 配置一个 ReactiveJwtDecoder. | |
| return NimbusReactiveJwtDecoder.withJwkSetUri("http://localhost:10000/realms/ostock/protocol/openid-connect/certs") | |
| .jwsAlgorithm(SignatureAlgorithm.ES256) | |
| .build(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment