mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-08-29 03:06:45 +08:00
Document JWK property
Closes gh-10022
This commit is contained in:
parent
8d7d044bef
commit
64ffcfc83f
@ -29,7 +29,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.autoconfigure.condition.NoneNestedConditions;
|
||||
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration.OAuth2ClientIdCondition;
|
||||
import org.springframework.boot.bind.RelaxedPropertyResolver;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
|
@ -473,6 +473,7 @@ content into your application; rather pick only the properties that you need.
|
||||
security.oauth2.resource.id= # Identifier of the resource.
|
||||
security.oauth2.resource.jwt.key-uri= # The URI of the JWT token. Can be set if the value is not available and the key is public.
|
||||
security.oauth2.resource.jwt.key-value= # The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
|
||||
security.oauth2.resource.jwk.key-set-uri= # The URI for getting the set of keys that can be used to validate the token.
|
||||
security.oauth2.resource.prefer-token-info=true # Use the token info, can be set to false to use the user info.
|
||||
security.oauth2.resource.service-id=resource #
|
||||
security.oauth2.resource.token-info-uri= # URI of the token decoding endpoint.
|
||||
|
@ -2582,7 +2582,7 @@ to decode tokens, so there is nothing else to do. If your app is a standalone se
|
||||
need to give it some more configuration, one of the following options:
|
||||
|
||||
* `security.oauth2.resource.user-info-uri` to use the `/me` resource (e.g.
|
||||
`\https://uaa.run.pivotal.io/userinfo` on PWS)
|
||||
`\https://uaa.run.pivotal.io/userinfo` on Pivotal Web Services (PWS))
|
||||
|
||||
* `security.oauth2.resource.token-info-uri` to use the token decoding endpoint (e.g.
|
||||
`\https://uaa.run.pivotal.io/check_token` on PWS).
|
||||
@ -2603,8 +2603,20 @@ URI where it can be downloaded (as a JSON object with a "`value`" field) with
|
||||
{"alg":"SHA256withRSA","value":"-----BEGIN PUBLIC KEY-----\nMIIBI...\n-----END PUBLIC KEY-----\n"}
|
||||
----
|
||||
|
||||
WARNING: If you use the `security.oauth2.resource.jwt.key-uri` the authorization server
|
||||
needs to be running when your application starts up. It will log a warning if it can't
|
||||
Additionally, if your authorization server has an endpoint that returns a set of JSON Web Keys(JWKs),
|
||||
you can configure `security.oauth2.resource.jwk.key-set-uri`. E.g. on PWS:
|
||||
|
||||
[indent=0]
|
||||
----
|
||||
$ curl https://uaa.run.pivotal.io/token_keys
|
||||
{"keys":[{"kid":"key-1","alg":"RS256","value":"-----BEGIN PUBLIC KEY-----\nMIIBI...\n-----END PUBLIC KEY-----\n"]}
|
||||
----
|
||||
|
||||
NOTE: Configuring both JWT and JWK properties will cause an error. Only one of `security.oauth2.resource.jwt.key-uri`
|
||||
(or `security.oauth2.resource.jwt.key-value`) and `security.oauth2.resource.jwk.key-set-uri` should be configured.
|
||||
|
||||
WARNING: If you use the `security.oauth2.resource.jwt.key-uri` or `security.oauth2.resource.jwk.key-set-uri,
|
||||
` the authorization server needs to be running when your application starts up. It will log a warning if it can't
|
||||
find the key, and tell you what to do to fix it.
|
||||
|
||||
OAuth2 resources are protected by a filter chain with order
|
||||
|
Loading…
Reference in New Issue
Block a user