This is an automated email from the ASF dual-hosted git repository. mabin pushed a commit to branch houserush-sample in repository https://gitbox.apache.org/repos/asf/servicecomb-samples.git
commit 2ed65addee6f3c0e4382dd2da96b3fe1b0ce8f34 Author: liubao <[email protected]> AuthorDate: Fri May 24 14:30:42 2019 +0800 支持refresh流程 --- authentication/README.md | 18 ++++ .../server/PasswordTokenGranter.java | 100 +++++++++++++++++++++ .../server/RefreshTokenTokenGranter.java | 95 ++++++++++++++++++++ .../authentication/server/TokenEndpoint.java | 54 ++--------- .../authentication/server/TokenGranter.java} | 24 +++-- .../authentication/server/TokenConst.java | 8 +- .../authentication/edge/AuthHandler.java | 2 +- .../resource/ResourceAuthHandler.java | 2 +- .../AuthenticationConfiguration.java | 6 ++ .../authentication/AuthenticationTestCase.java | 54 +++++++++++ .../gateway/AuthenticationConfiguration.java | 6 +- .../resource/AuthenticationConfiguration.java | 6 +- 12 files changed, 313 insertions(+), 62 deletions(-) diff --git a/authentication/README.md b/authentication/README.md index 6d477bb..c91d67e 100644 --- a/authentication/README.md +++ b/authentication/README.md @@ -90,3 +90,21 @@ http://localhost:9093/v1/test/start # TODO LIST 1. provide TLS for authentication server & edge service 2. grant scope for INTERNAL access & EXTERNAL access +3. access token support: a. use access token to get optional scope or roles token. 这个可以解决角色过多的时候, token过大的一些问题 +4. 实现注销逻辑(会话管理) +5. 支持分层的角色机制 + + ROLE_LEVEL1 + / \ + ROLE_LEVEL2 ROLE_LEVEL2 + + TOKEN里面只返回ROLE_LEVEL1,设置为ROLE_LEVEL2访问的操作,也可以访问。 + +6. REFRESH_TOKEN可以用来实现申请不同SCOPE的TOKEN。 +7. 设计目标:无状态。认证服务器和资源服务器均可以多实例部署,每个实例之间不共享状态。在实现很多功能的时候,都遵循这个约束。包括通过refresh token获取新的access token的时候。遵循这个约束,意味着请求需要同时传递refresh token和access token。 +8, 重新设计TOKEN(代码重构、支持会话管理),支持OpenID Connect。 + +OAUTH的不好的地方:TOKEN在有效期内,容易被利用,无法注销;TOKEN过期后,必须重新认证,和用户是否在一直操作无关,体验不好,虽然可以通过refresh_token获取新的token提升体验,但是refresh_token有效期如果设置的太长,会降低安全性。Token在有效期内,如果修改了权限等信息,无法及时感知,需要重新登录。 +OAUTH的好的地方:TOKEN签发、认证都可以由微服务实例独自完成,不需要共用的数据存储,比如数据库、Redis等,效率更高,弹性扩容。 + + diff --git a/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java new file mode 100644 index 0000000..7d16268 --- /dev/null +++ b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/PasswordTokenGranter.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.authentication.server; + +import java.util.Map; +import java.util.UUID; + +import org.apache.servicecomb.authentication.jwt.JWTClaims; +import org.apache.servicecomb.authentication.jwt.JsonParser; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.jwt.Jwt; +import org.springframework.security.jwt.JwtHelper; +import org.springframework.security.jwt.crypto.sign.Signer; +import org.springframework.stereotype.Component; + +import com.netflix.config.DynamicPropertyFactory; + +@Component(value = "passwordTokenGranter") +public class PasswordTokenGranter implements TokenGranter { + @Autowired + @Qualifier("authUserDetailsService") + private UserDetailsService userDetailsService; + + @Autowired + @Qualifier("authPasswordEncoder") + private PasswordEncoder passwordEncoder; + + @Autowired + @Qualifier("authSigner") + private Signer signer; + + @Override + public Token grant(Map<String, String> parameters) { + String username = parameters.get(TokenConst.PARAM_USERNAME); + String password = parameters.get(TokenConst.PARAM_PASSWORD); + + UserDetails userDetails = userDetailsService.loadUserByUsername(username); + if (passwordEncoder.matches(password, userDetails.getPassword())) { + JWTClaims claims = new JWTClaims(); + if (userDetails.getAuthorities() != null) { + userDetails.getAuthorities().forEach(authority -> claims.addAuthority(authority.getAuthority())); + } + claims.setJti(UUID.randomUUID().toString()); + claims.setIat(System.currentTimeMillis()); + claims.setExp(5 * 60); + + String content = JsonParser.unparse(claims); + Jwt accessToken = JwtHelper.encode(content, signer); + + Token token = new Token(); + token.setScope(claims.getScope()); + token.setExpires_in(10 * 60); + token.setToken_type("bearer"); + token.setAccess_token(accessToken.getEncoded()); + + JWTClaims accessTokenClaims = new JWTClaims(); + accessTokenClaims.setJti(UUID.randomUUID().toString()); + accessTokenClaims.setIat(System.currentTimeMillis()); + accessTokenClaims.setExp(60 * 60); + Jwt refreshToken = JwtHelper.encode(JsonParser.unparse(claims), signer); + token.setRefresh_token(refreshToken.getEncoded()); + + return token; + } else { + return null; + } + } + + @Override + public String grantType() { + return TokenConst.GRANT_TYPE_PASSWORD; + } + + @Override + public boolean enabled() { + return DynamicPropertyFactory.getInstance() + .getBooleanProperty("servicecomb.authentication.granter.password.enabled", true) + .get(); + } + +} diff --git a/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java new file mode 100644 index 0000000..ffbf9c5 --- /dev/null +++ b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/RefreshTokenTokenGranter.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.authentication.server; + +import java.util.Map; + +import org.apache.servicecomb.authentication.jwt.JWTClaims; +import org.apache.servicecomb.authentication.jwt.JsonParser; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.security.jwt.Jwt; +import org.springframework.security.jwt.JwtHelper; +import org.springframework.security.jwt.crypto.sign.Signer; +import org.springframework.security.jwt.crypto.sign.SignerVerifier; +import org.springframework.stereotype.Component; + +import com.netflix.config.DynamicPropertyFactory; + +@Component(value = "fefreshTokenTokenGranter") +public class RefreshTokenTokenGranter implements TokenGranter { + @Autowired + @Qualifier("authSignerVerifier") + private SignerVerifier signerVerifier; + + @Autowired + @Qualifier("authSigner") + private Signer signer; + + @Override + public boolean enabled() { + return DynamicPropertyFactory.getInstance() + .getBooleanProperty("servicecomb.authentication.granter.refreshToken.enabled", true) + .get(); + } + + @Override + public String grantType() { + return TokenConst.GRANT_TYPE_REFRESH_TOKEN; + } + + @Override + public Token grant(Map<String, String> parameters) { + String refreshToken = parameters.get(TokenConst.PARAM_REFRESH_TOKEN); + String accessToken = parameters.get(TokenConst.PARAM_ACCESS_TOKEN); + + // verify refresh tokens + Jwt jwt = JwtHelper.decode(refreshToken); + JWTClaims claims; + try { + jwt.verifySignature(signerVerifier); + claims = JsonParser.parse(jwt.getClaims(), JWTClaims.class); + // TODO: verify claims. + } catch (Exception e) { + return null; + } + + // verify access tokens + jwt = JwtHelper.decode(accessToken); + claims = null; + try { + jwt.verifySignature(signerVerifier); + claims = JsonParser.parse(jwt.getClaims(), JWTClaims.class); + // TODO: verify claims. + } catch (Exception e) { + return null; + } + + claims.setIat(System.currentTimeMillis()); + String content = JsonParser.unparse(claims); + Jwt newAccessToken = JwtHelper.encode(content, signer); + + Token token = new Token(); + token.setScope(claims.getScope()); + token.setExpires_in(10 * 60); + token.setToken_type("bearer"); + token.setAccess_token(newAccessToken.getEncoded()); + return token; + } + +} diff --git a/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java index 67c7ba4..775d332 100644 --- a/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java +++ b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenEndpoint.java @@ -17,23 +17,13 @@ package org.apache.servicecomb.authentication.server; +import java.util.List; import java.util.Map; import javax.ws.rs.core.MediaType; -import org.apache.servicecomb.authentication.jwt.JWTClaims; -import org.apache.servicecomb.authentication.jwt.JsonParser; import org.apache.servicecomb.provider.rest.common.RestSchema; -import org.apache.servicecomb.swagger.invocation.exception.InvocationException; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.jwt.Jwt; -import org.springframework.security.jwt.JwtHelper; -import org.springframework.security.jwt.crypto.sign.Signer; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -42,53 +32,23 @@ import org.springframework.web.bind.annotation.RequestMapping; @RequestMapping(path = "/v1/oauth/token") public class TokenEndpoint implements TokenService { @Autowired - @Qualifier("authUserDetailsService") - private UserDetailsService userDetailsService; - - @Autowired - @Qualifier("authPasswordEncoder") - private PasswordEncoder passwordEncoder; - - @Autowired - @Qualifier("authSigner") - private Signer signer; + private List<TokenGranter> granters; @Override @PostMapping(path = "/", consumes = MediaType.APPLICATION_FORM_URLENCODED) public Token getAccessToken(@RequestBody Map<String, String> parameters) { String grantType = parameters.get(TokenConst.PARAM_GRANT_TYPE); - if (TokenConst.GRANT_TYPE_PASSWORD.equals(grantType)) { - - String username = parameters.get(TokenConst.PARAM_USERNAME); - String password = parameters.get(TokenConst.PARAM_PASSWORD); - - try { - UserDetails userDetails = userDetailsService.loadUserByUsername(username); - if (passwordEncoder.matches(password, userDetails.getPassword())) { - JWTClaims claims = new JWTClaims(); - if (userDetails.getAuthorities() != null) { - userDetails.getAuthorities().forEach(authority -> claims.addAuthority(authority.getAuthority())); - } - String content = JsonParser.unparse(claims); - Jwt accessToken = JwtHelper.encode(content, signer); - - Token token = new Token(); - token.setScope(claims.getScope()); - token.setExpires_in(10 * 60); - token.setToken_type("bearer"); - token.setAccess_token(accessToken.getEncoded()); + for (TokenGranter granter : granters) { + if (granter.enabled()) { + Token token = granter.grant(grantType, parameters); + if (token != null) { return token; - } else { - return null; } - } catch (UsernameNotFoundException e) { - throw new InvocationException(403, "", "forbidden"); } - } else { - return null; } + return null; } } diff --git a/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java similarity index 67% copy from authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java copy to authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java index a46a7b9..9ba0861 100644 --- a/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java +++ b/authentication/api/authentication-server/endpoint/src/main/java/org/apache/servicecomb/authentication/server/TokenGranter.java @@ -17,12 +17,24 @@ package org.apache.servicecomb.authentication.server; -public class TokenConst { - public static final String PARAM_GRANT_TYPE = "grant_type"; +import java.util.Map; - public static final String PARAM_USERNAME = "username"; +/** + * Token granter is used to grant access tokens. + * @author Administrator + * + */ +public interface TokenGranter { + boolean enabled(); + + String grantType(); + + default Token grant(String grantType, Map<String, String> parameters) { + if (grantType().equals(grantType)) { + return grant(parameters); + } + return null; + } - public static final String PARAM_PASSWORD = "password"; - - public static final String GRANT_TYPE_PASSWORD = "password"; + Token grant(Map<String, String> parameters); } diff --git a/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java b/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java index a46a7b9..915a515 100644 --- a/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java +++ b/authentication/api/authentication-server/service/src/main/java/org/apache/servicecomb/authentication/server/TokenConst.java @@ -23,6 +23,12 @@ public class TokenConst { public static final String PARAM_USERNAME = "username"; public static final String PARAM_PASSWORD = "password"; - + + public static final String PARAM_REFRESH_TOKEN = "refresh_token"; + + public static final String PARAM_ACCESS_TOKEN = "access_token"; + public static final String GRANT_TYPE_PASSWORD = "password"; + + public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token"; } diff --git a/authentication/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java b/authentication/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java index 2c8d63c..40ef32d 100644 --- a/authentication/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java +++ b/authentication/api/edge-service/service/src/main/java/org/apache/servicecomb/authentication/edge/AuthHandler.java @@ -38,7 +38,7 @@ public class AuthHandler implements Handler { } Jwt jwt = JwtHelper.decode(token); try { - jwt.verifySignature(BeanUtils.getBean("authSigner")); + jwt.verifySignature(BeanUtils.getBean("authSignerVerifier")); } catch (InvalidSignatureException e) { asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated")); return; diff --git a/authentication/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java b/authentication/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java index 37de72d..1d8e32b 100644 --- a/authentication/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java +++ b/authentication/api/resource-server/service/src/main/java/org/apache/servicecomb/authentication/resource/ResourceAuthHandler.java @@ -59,7 +59,7 @@ public class ResourceAuthHandler implements Handler { Jwt jwt = JwtHelper.decode(token); JWTClaims claims; try { - jwt.verifySignature(BeanUtils.getBean("authSigner")); + jwt.verifySignature(BeanUtils.getBean("authSignerVerifier")); claims = JsonParser.parse(jwt.getClaims(), JWTClaims.class); // TODO: verify claims. } catch (Exception e) { diff --git a/authentication/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java b/authentication/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java index 7d9d076..2fdbd4c 100644 --- a/authentication/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java +++ b/authentication/samples/AuthenticationServer/src/main/java/org/apache/servicecomb/authentication/AuthenticationConfiguration.java @@ -31,6 +31,7 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; import org.springframework.security.jwt.crypto.sign.MacSigner; import org.springframework.security.jwt.crypto.sign.Signer; +import org.springframework.security.jwt.crypto.sign.SignerVerifier; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @Configuration @@ -46,6 +47,11 @@ public class AuthenticationConfiguration { @Bean(name = "authSigner") public Signer authSigner() { + return authSignerVerifier(); + } + + @Bean(name = "authSignerVerifier") + public SignerVerifier authSignerVerifier() { return new MacSigner("Please change this key."); } diff --git a/authentication/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java b/authentication/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java index 50a4519..13bfaba 100644 --- a/authentication/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java +++ b/authentication/samples/Client/src/main/java/org/apache/servicecomb/authentication/AuthenticationTestCase.java @@ -17,10 +17,13 @@ package org.apache.servicecomb.authentication; +import org.apache.servicecomb.authentication.jwt.JWTClaims; +import org.apache.servicecomb.authentication.jwt.JsonParser; import org.apache.servicecomb.authentication.server.Token; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; +import org.springframework.security.jwt.JwtHelper; import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -80,6 +83,56 @@ public class AuthenticationTestCase implements TestCase { TestMgr.check(403, e.getStatusCode().value()); } TestMgr.check(null, name); + + // refresh token + // get token + map = new LinkedMultiValueMap<>(); + map.add("grant_type", "refresh_token"); + map.add("refresh_token", token.getRefresh_token()); + map.add("access_token", token.getAccess_token()); + headers = new HttpHeaders(); + headers.setContentType(MediaType.MULTIPART_FORM_DATA); + + Token tokenNew = + BootEventListener.authenticationServerTokenEndpoint.postForObject("/", + new HttpEntity<>(map, headers), + Token.class); + TestMgr.check(token.getToken_type(), tokenNew.getToken_type()); + + JWTClaims claims = JsonParser.parse(JwtHelper.decode(token.getAccess_token()).getClaims(), JWTClaims.class); + JWTClaims newClaims = JsonParser.parse(JwtHelper.decode(tokenNew.getAccess_token()).getClaims(), JWTClaims.class); + TestMgr.check(claims.getJti(), newClaims.getJti()); + TestMgr.check(claims.getIat() < newClaims.getIat(), true); + + // get resources + headers = new HttpHeaders(); + headers.add("Authorization", "Bearer " + tokenNew.getAccess_token()); + headers.setContentType(MediaType.APPLICATION_JSON); + + name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/everyoneSayHello?name=Hi", + new HttpEntity<>(headers), + String.class); + TestMgr.check("Hi", name); + + name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/adminSayHello?name=Hi", + new HttpEntity<>(headers), + String.class); + TestMgr.check("Hi", name); + + name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/guestOrAdminSayHello?name=Hi", + new HttpEntity<>(headers), + String.class); + TestMgr.check("Hi", name); + + name = null; + try { + name = BootEventListener.resouceServerHandlerAuthEndpoint.postForObject("/guestSayHello?name=Hi", + new HttpEntity<>(headers), + String.class); + } catch (HttpClientErrorException e) { + TestMgr.check(403, e.getStatusCode().value()); + } + TestMgr.check(null, name); } @@ -98,6 +151,7 @@ public class AuthenticationTestCase implements TestCase { Token.class); TestMgr.check("bearer", token.getToken_type()); TestMgr.check(true, token.getAccess_token().length() > 10); + TestMgr.check(true, token.getRefresh_token().length() > 10); // get resources headers = new HttpHeaders(); diff --git a/authentication/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java b/authentication/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java index 87837eb..1e913fb 100644 --- a/authentication/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java +++ b/authentication/samples/EdgeService/src/main/java/org/apache/servicecomb/authentication/gateway/AuthenticationConfiguration.java @@ -20,12 +20,12 @@ package org.apache.servicecomb.authentication.gateway; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.jwt.crypto.sign.MacSigner; -import org.springframework.security.jwt.crypto.sign.Signer; +import org.springframework.security.jwt.crypto.sign.SignerVerifier; @Configuration public class AuthenticationConfiguration { - @Bean(name = "authSigner") - public Signer authSigner() { + @Bean(name = "authSignerVerifier") + public SignerVerifier authSignerVerifier() { return new MacSigner("Please change this key."); } } diff --git a/authentication/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java b/authentication/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java index 0e58c30..712030d 100644 --- a/authentication/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java +++ b/authentication/samples/ResourceServer/src/main/java/org/apache/servicecomb/authentication/resource/AuthenticationConfiguration.java @@ -20,12 +20,12 @@ package org.apache.servicecomb.authentication.resource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.jwt.crypto.sign.MacSigner; -import org.springframework.security.jwt.crypto.sign.Signer; +import org.springframework.security.jwt.crypto.sign.SignerVerifier; @Configuration public class AuthenticationConfiguration { - @Bean(name = "authSigner") - public Signer authSigner() { + @Bean(name = "authSignerVerifier") + public SignerVerifier authSignerVerifier() { return new MacSigner("Please change this key."); } }
