From 2f53a4d01e87ad41b5813358f9750cba8da69eea Mon Sep 17 00:00:00 2001 From: liyexin Date: Thu, 23 Jan 2025 16:05:12 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Djwk.json=E6=97=A0?= =?UTF-8?q?=E6=B3=95=E8=AF=BB=E5=8F=96=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C?= =?UTF-8?q?=E5=90=8C=E6=97=B6=E5=A2=9E=E5=8A=A0jwkFile=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/genersoft/iot/vmp/conf/UserSetting.java | 5 +++++ .../genersoft/iot/vmp/conf/security/JwtUtils.java | 12 ++++++++---- src/main/resources/配置详情.yml | 2 ++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java b/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java index c64b4ba8..194bfd3a 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java @@ -175,4 +175,9 @@ public class UserSetting { */ private long loginTimeout = 30; + /** + * jwk文件路径,若不指定则使用resources目录下的jwk.json + */ + private String jwkFile = "classpath:jwk.json"; + } diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java index 61e019c6..d9da7767 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java @@ -7,6 +7,7 @@ import com.genersoft.iot.vmp.service.IUserService; import com.genersoft.iot.vmp.storager.dao.dto.User; import com.genersoft.iot.vmp.storager.dao.dto.UserApiKey; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.io.FileUtils; import org.jose4j.jwk.JsonWebKey; import org.jose4j.jwk.JsonWebKeySet; import org.jose4j.jwk.RsaJsonWebKey; @@ -22,10 +23,10 @@ import org.jose4j.jwt.consumer.JwtConsumerBuilder; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.InitializingBean; import org.springframework.stereotype.Component; +import org.springframework.util.ResourceUtils; import javax.annotation.Resource; -import java.io.BufferedReader; -import java.io.InputStreamReader; +import java.io.File; import java.nio.charset.StandardCharsets; import java.time.LocalDateTime; import java.time.ZoneOffset; @@ -92,8 +93,10 @@ public class JwtUtils implements InitializingBean { */ private RsaJsonWebKey generateRsaJsonWebKey() throws JoseException { RsaJsonWebKey rsaJsonWebKey = null; - try (BufferedReader reader = new BufferedReader(new InputStreamReader(getClass().getClassLoader().getResourceAsStream("/jwk.json"), StandardCharsets.UTF_8))) { - String jwkJson = reader.readLine(); + try { + String jwkFile = userSetting.getJwkFile(); + File file = ResourceUtils.getFile(jwkFile); + String jwkJson = FileUtils.readFileToString(file, StandardCharsets.UTF_8); JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jwkJson); List jsonWebKeys = jsonWebKeySet.getJsonWebKeys(); if (!jsonWebKeys.isEmpty()) { @@ -106,6 +109,7 @@ public class JwtUtils implements InitializingBean { // ignored } if (rsaJsonWebKey == null) { + log.warn("[API AUTH] 读取jwk.json失败,将使用新生成的随机RSA密钥对"); // 生成一个RSA密钥对,该密钥对将用于JWT的签名和验证,包装在JWK中 rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048); // 给JWK一个密钥ID diff --git a/src/main/resources/配置详情.yml b/src/main/resources/配置详情.yml index e35f9771..aa3c54c9 100644 --- a/src/main/resources/配置详情.yml +++ b/src/main/resources/配置详情.yml @@ -253,6 +253,8 @@ user-settings: gb-device-online: 0 # 登录超时时间(分钟), login-timeout: 30 + # jwk文件路径,若不指定则使用resources目录下的jwk.json + jwk-file: classpath:jwk.json # 关闭在线文档(生产环境建议关闭) springdoc: