spingboot 集成identityserver4身份验证

一、新建项目：com.saas.swaggerdemo

详情见：spring-boot2.7.8添加swagger-CSDN博客

在之前项目基础上添加如下依赖

       <dependency><groupId>com.nimbusds</groupId><artifactId>nimbus-jose-jwt</artifactId><version>7.9</version></dependency><dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpcore</artifactId><version>4.4.10</version></dependency><dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.6</version></dependency><dependency><groupId>commons-codec</groupId><artifactId>commons-codec</artifactId><version>1.11</version></dependency><dependency><groupId>org.json</groupId><artifactId>json</artifactId><version>20180813</version></dependency>

二、添加过滤器JwkFilter

package com.saas.swaggerdemo;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.SecurityContext;
import org.json.JSONObject;import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import java.io.IOException;
import java.net.URL;
import java.text.ParseException;import com.nimbusds.jose.*;
import com.nimbusds.jose.jwk.source.*;
import com.nimbusds.jwt.*;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jwt.proc.*;@WebFilter(urlPatterns = "/*", filterName="jwkTokenFilter")
public class JwkFilter implements Filter {@Overridepublic void init(FilterConfig filterConfig) throws ServletException {System.out.println("jwk公钥解析验证授权...");}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException{boolean authenticated = false;HttpServletRequest req = (HttpServletRequest) servletRequest;HttpServletResponse rep = (HttpServletResponse) servletResponse;boolean authorizationHeaderExist = req.getHeader("Authorization") != null;if (!authorizationHeaderExist) {rep.setStatus(HttpServletResponse.SC_BAD_REQUEST);return;}String jwkEndpoint = "http://192.168.31.132:7000/.well-known/openid-configuration/jwks";String token = cutToken(req.getHeader("Authorization"));ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor();JWKSource keySource = new RemoteJWKSet(new URL(jwkEndpoint));JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;JWSKeySelector keySelector = new JWSVerificationKeySelector(expectedJWSAlg, keySource);if(keySelector==null){rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);System.out.println("无法获取公钥");return;}jwtProcessor.setJWSKeySelector(keySelector);SecurityContext ctx = null;JWTClaimsSet claimsSet = null;try {claimsSet = jwtProcessor.process(token, ctx);authenticated = true;} catch (ParseException e) {rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);e.printStackTrace();return;} catch (BadJOSEException e) {rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);e.printStackTrace();return;} catch (JOSEException e) {rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);e.printStackTrace();return;}System.out.println(claimsSet.toJSONObject());if(claimsSet==null) {rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);return;}JSONObject jo = new JSONObject(claimsSet.toJSONObject());String userid = jo.getString("userid");if (authenticated){filterChain.doFilter(servletRequest, servletResponse);} else {rep.setStatus(HttpServletResponse.SC_UNAUTHORIZED);return;}}//帮助类public String cutToken(String originToken){String[] temp = originToken.split(" ");return temp[1];}@Overridepublic void destroy() {}
}

添加 @ServletComponentScan