此版本仍在开发中,尚未被视为稳定版本。如需最新稳定版本,请使用 Spring Security 7.0.4spring-doc.cadn.net.cn

OAuth 2.0 迁移

验证typ带有JwtTypeValidator

如果在执行第 6.5 节的准备步骤时,您将 validateTypes 设置为 false,那么现在可以将其移除。 您也可以移除显式地将 JwtTypeValidator 添加到默认列表中的操作。spring-doc.cadn.net.cn

例如,将此内容修改为:spring-doc.cadn.net.cn

@Bean
JwtDecoder jwtDecoder() {
	NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
        .validateTypes(false) (1)
        // ... your remaining configuration
        .build();
	jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
		new JwtIssuerValidator(location), JwtTypeValidator.jwt())); (2)
	return jwtDecoder;
}
@Bean
fun jwtDecoder(): JwtDecoder {
    val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
        .validateTypes(false) (1)
        // ... your remaining configuration
        .build()
    jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithValidators(
        JwtIssuerValidator(location), JwtTypeValidator.jwt())) (2)
    return jwtDecoder
}
1 - 关闭 Nimbus 对 typ 的验证
2 - 添加默认的 typ 验证器

变为:spring-doc.cadn.net.cn

@Bean
JwtDecoder jwtDecoder() {
	NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
        // ... your remaining configuration (1)
        .build();
	jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)); (2)
	return jwtDecoder;
}
@Bean
fun jwtDecoder(): JwtDecoder {
    val jwtDecoder = NimbusJwtDecoder.withIssuerLocation(location)
        // ... your remaining configuration
        .build()
    jwtDecoder.setJwtValidator(JwtValidators.createDefaultWithIssuer(location)) (2)
    return jwtDecoder
}
1 - validateTypes 现在默认为 false
2 - 所有 JwtTypeValidator#jwt 方法都会添加 createDefaultXXX

为 BearerTokenAuthenticationFilter 提供 AuthenticationConverter

在 Spring Security 7 中,BearerTokenAuthenticationFilter#setBearerTokenResolver#setAuthenticaionDetailsSource 已被弃用,建议改在 BearerTokenAuthenticationConverter 上进行配置。spring-doc.cadn.net.cn

oauth2ResourceServer DSL 可满足大多数使用场景,您无需进行任何额外操作。spring-doc.cadn.net.cn

如果你直接在 BearerTokenResolver 上设置 AuthenticationDetailsSourceBearerTokenAuthenticationFilter,类似于以下方式:spring-doc.cadn.net.cn

BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager);
filter.setBearerTokenResolver(myBearerTokenResolver);
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
val filter = BearerTokenAuthenticationFilter(authenticationManager)
filter.setBearerTokenResolver(myBearerTokenResolver)
filter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)

建议您使用 BearerTokenAuthenticationConverter 来同时指定以下两项:spring-doc.cadn.net.cn

BearerTokenAuthenticationConverter authenticationConverter =
    new BearerTokenAuthenticationConverter();
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver);
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource);
BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager, authenicationConverter);
val authenticationConverter = BearerTokenAuthenticationConverter()
authenticationConverter.setBearerTokenResolver(myBearerTokenResolver)
authenticationConverter.setAuthenticationDetailsSource(myAuthenticationDetailsSource)
val filter = BearerTokenAuthenticationFilter(authenticationManager, authenticationConverter)