Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to carry out asymmetric encryption in OAuth2.0 in SpringBootSecurity. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

JWT converter

In the previous example, a simple jwt converter is configured in the authorization service configuration class, as follows:

You can see that we only configure a secret key with the setSigningKey method. Here, we use a simple symmetric encryption method to encrypt jwt content, and the same secret key is used in the resource server to configure the jwt converter:

In addition to symmetric encryption, production environments use a lot of more secure asymmetric encryption to encrypt jwt.

Generate public and private keys

Public and private key pairs can be generated using jdk's command keytool. First, let's take a look at the parameters under this command:

The Chinese parameter description is very clear, we need to use the-genkeypair parameter to generate a secret key pair. Let's take a look at what other parameters are under keytool-genkeypair:

These are the property parameters that set the key pair. Let's use the keytool command to generate the JKS (Java KeyStore) file, which is as follows:

Keytool-genkeypair-alias oauth3-keyalg RSA-keypass oauth3-keystore oauth3.jks-storepass oauth3

As can be seen from the parameter description, the alias is oauth3, the key algorithm is RSA, the secret key password is oauth3, the name of the KeyStore (file) is oauth3.jks, and the KeyStore password is oauth3. After entering the command, enter, there are seven more questions to answer, which are (the content in parentheses after the question is my answer):

What is your first and last name? (oauth3)

What is the name of your organizational unit? (oauth3)

What is the name of your organization? (oauth3)

What is the name of your city or region? (bj)

What is the name of your province? (bj)

What is the two-letter country code for this unit? (cn)

Is CN=oauth3, OU=oauth3, O=oauth3, L=bj, ST=bj, C=cn correct? (yes)

The last answer is that after entering enter, the jks file is generated as follows:

The generated KeyStore file is as follows:

After the generation is complete, copy the jks file to the resources folder.

Modify the authorization service configuration class

Here, you only need to modify the jwt converter:

Where "oauth3" .toCharArray () is configured with a password, and getKeyPair ("oauth3") is configured with an alias.

Obtain the public key from the jks file

Enter the command:

Keytool-list-rfc-keystore oauth3.jks-storepass oauth3

The public key is printed:

Under the resources folder of the resource service, create a new pub.txt file and copy the public key into it:

What is copied here is between the two lines of the equal sign.

Modify resource service configuration class

The resource service configuration class only needs to modify the jwt converter configuration:

The setSigningKey method supports both symmetric and asymmetric encryption. It judges the secret key and takes a look at the source code:

test

The encryption method of the jwt converter has been modified, and the test process obtains the token as before, and you can access the protected resources:

Access interface:

Code address: https://gitee.com/blueses/spring-boot-security 26 27

So much for sharing the asymmetric encryption of OAuth2.0 in SpringBootSecurity. I hope the above content can be of some help and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.