我正在使用Nimbus-JOSE-JWT库(4.39版本)。 使用这个库,我试图做本地JWT令牌验证,从OAuth授权服务器中提取JWK集。
当我在JSE应用程序中运行时,我的代码工作得非常好,但是,当我在WebLogic 12.1.3中运行完全相同的代码(作为JEE应用程序的一部分)时,它却因以下异常而无法运行。
com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Hostname verification failed: HostnameVerifier=weblogic.security.utils.SSLWLSHostnameVerifier, hostname=corpZ.oktapreview.com.
at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:141)
at com.nimbusds.jose.jwk.source.RemoteJWKSet.get(RemoteJWKSet.java:219)
at com.nimbusds.jose.proc.JWSVerificationKeySelector.selectJWSKeys(JWSVerificationKeySelector.java:129)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:323)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:284)
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:275)
at org.corpZ.sec.okta.OktaClient.getAccessTokenInfoLocally(Unknown Source)
at org.corpZ.sec.okta.OktaClient.validateAccessTokenLocally(Unknown Source)
at org.corpZ.sec.okta.TokenValidator.isTokenValid(Unknown Source)
at org.corpZ.eis.ws.interceptor.WSInterceptor.handleRequest(WSInterceptor.java:126)
at org.springframework.ws.server.endpoint.interceptor.DelegatingSmartEndpointInterceptor.handleRequest(DelegatingSmartEndpointInterceptor.java:78)
at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:224)
at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:173)
at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:59)
at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:292)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServ
以下是我的代码中的Maven依赖关系。
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>4.39</version>
</dependency>
如果能得到帮助,我将非常感激。
谢谢你的帮助。
迟到总比没有好,这是由于WebLogic服务器的配置。你必须进入SSL属性选项卡,将 "Hostname Verification "改为 "none"。