Ronaldo Lanhellas
Reputation: 3356
Spring Security 5 and jwk-set-uri with Authentication
Well, I have a URL to get public-keys but this URL require a Bearer Token, so I have the following in my application.properties:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://myauth-server.com/keys.jwt
And my Security Configuration Class:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests ->
authorizeRequests
.antMatchers("/customers/**").authenticated()
.anyRequest().anonymous()
).oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
But when I try to make a request I got the following error:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
And my pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>7.3</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
I really don't know if this error is because my "keys.jwt" URI require some authentication or another reason.
Upvotes: 1
Views: 6257
Answers (2)
halil baydar
Reputation: 21
In addition to lanhelles answer:
you should inject http servlet request
private final HttpServletRequest httpServletRequest;
private final RestTemplate restTemplate;
@Bean
public NimbusJwtDecoder nimbusJwtDecoder() {
restTemplate.getInterceptors().add((request, body, execution) -> {
request.getHeaders().setBearerAuth(httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION).split(" ")[1]);
return execution.execute(request, body);
});
return NimbusJwtDecoder.withJwkSetUri("domain/realms/realm_name/protocol/openid-connect/certs")
.restOperations(restTemplate).build();
}
Extract auth token that clients sent in header and then put it into NimbusJwtDecoder
Upvotes: 0
Ronaldo Lanhellas
Reputation: 3356
The problem was solved with the following:
@Bean
public NimbusJwtDecoder nimbusJwtDecoder(){
RestTemplate rest = new RestTemplate();
rest.getInterceptors().add((request, body, execution) -> {
request.getHeaders().setBearerAuth(myJwt);
return execution.execute(request, body);
});
return NimbusJwtDecoder.withJwkSetUri(jwkUri)
.restOperations(rest).build();
}
Upvotes: 3
Related Questions
- How do I use multiple 'JWK Set Uri' values in the same Spring Boot app?
- How to configure Spring Security URL authorisation?
- Spring security with oauth2 adding additional parameters to authorization URL?
- How fix unsecured jwt-set-uri in spring security oauth?
- spring oauth2 resourceserver jwt.jwk-set-uri from eureka server
- Spring Security 5.2.2 + Spring Boot 2.2 + Oauth Autoconfiguration : Permit some uri and secure only few : 403 Error
- spring security 5.1 oauth 2, how to add additional parameters to user authentication uri
- What is the expected behavior when setting `security.oauth2.resource.jwk.key-set-uri` in spring boot
- Spring Security Java Config
- How to apply spring security oauth 1.0 to sepcific URLs