我遵循以下指南,使用Amazon Cognito设置了JHipster生成的网关:https://blog.ippon.tech/aws-cognito-and-jhipster-for-the-love-of-oauth-2-0/
我使网关正常工作,并且可以使用Cognito登录到管理模块,但是我无法调用任何微服务。任何尝试都会遇到以下错误:
java.lang.NullPointerException:为nullcom.test.security.oauth2.AudienceValidator.validate(AudienceValidator.java:26)在com.test.security.oauth2.AudienceValidator.validate(AudienceValidator.java:13)在org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator.validate(DelegatingOAuth2TokenValidator.java:67)在org.springframework.security.oauth2.jwt.NimbusJwtDecoder.validateJwt(NimbusJwtDecoder.java:165)在org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:126)在org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(
调试显示以下代码中的受众变量为空:
public OAuth2TokenValidatorResult validate(Jwt jwt) {
List<String> audience = jwt.getAudience();
if (audience.stream().anyMatch(allowedAudience::contains)) {
return OAuth2TokenValidatorResult.success();
} else {
log.warn("Invalid audience: {}", audience);
return OAuth2TokenValidatorResult.failure(error);
}
}
我已经使用以下命令配置了微服务的application.xml:
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://cognito-idp.us-east-1.amazonaws.com/[secret]
registration:
oidc:
client-id: [secret]
client-secret: [secret]
有人能够通过Amazon Cognito成功运行jHipster生成的微服务平台吗?任何帮助将不胜感激。
AWS Cognito在访问令牌中未包括访问者,因此必须更新validate
方法。
更多详细信息可以在这里找到:https://github.com/Falydoor/cognito-jhipster/issues/1#issuecomment-594753033