2017-11-22 31 views
0

응용 프로그램이 KeyCloak을 통해 인증하는 프런트 엔드 응용 프로그램에서 JWT 토큰을 받으면 지속적으로 오류가 발생합니다. 내가 얻는 오류는 "충분하지 않거나 너무 많은 세그먼트"가 아닙니다. 내가 알 수있는 한, 토큰은 유효한 토큰이며 검증 할 수 있어야하지만,이 매우 일반적인 오류를 지나칠 수는 없습니다. 누군가 내가 뭘 잘못하고 있는지 볼 수있게 도와 주시겠습니까?Vert.x JWT 세그먼트가 충분하지 않거나 너무 많습니다.

여기는 실패한 코드 스 니펫입니다.

: 실패를 보여주는 로그의 샘플은 여기

JWTAuth authProvider = JWTAuth.create(vertx, new JWTAuthOptions(new JsonObject() 
    .put("permissionsClaimKey", "realm_access/roles") 
    .put("pubSecKeys", new JsonObject() 
      .put("publicKey", "vcVtWG5Qcz9gTMrDPfJSWNAiXsyCyBmNIzjtfHhBDX-l60KHyFaGBGBjRNkzDysV6pr6drQR8zRD8ePo8q73KDbXlZohXkR_J-gXer8H5EyWGl7KAATmKvuiYYv89f_C6f3NYUgfyKn6wzUtlsZN1CYpGmbnfLZYUcGzwvWWkddqQUroRrsf305Z17Pioegd_JMhcdprC1caOCuJHe46bYlu4_9m_MSPvBUCqjqAUIDZpB8HT9xrwxlwKG_Er6l-7TvQ32jp0wPxitLpEUg9noAt5w2NXIX44PCSkOdtGxGpj7fhyfivi_HQEfTq3Y4N2BRWAQxXYRaHlgl08CIsLb5rgJXmh8O7506V0THyLcJZ3pTn0u_4KxedOTsEbM_07W8kNCXVQrTIn4Zkyz42geRfblAzjvScP962DzEqu28WVZXWUyJIeQA_z3UM0l-MpQFtFDHsb0inQdeBfA6IN_eRp-JZaoMKLfswUEXjEj6nytKnwOEaqdqq56uPPK1j7QorIjMyn9VztH1WbbWM_JNPNc5CDAjFxo54tvrzqKkxLNbR1lP8g5GbIBeGSRc36IXQEp2hV42i3Pu-7bPJ_E0m9vr5dePjeRotthDUR7osmhOlzqHrLq1uzUYYneK37j7lLMx7N67rkWWMBa3v0h57pVD9ufAd-BxHiQzZL2U") 
      .put("type", "RS256")))); 

... 

versionOneAPI.route().handler(ctx -> { 
    String authHeader = ctx.request().getHeader("Authorization"); 
    String encodedToken = authHeader.substring(authHeader.indexOf(' ')+1); 
    LOGGER.debug("Got the token {}", encodedToken); 
    authProvider.authenticate(new JsonObject().put("jwt", encodedToken), res -> { 
     LOGGER.debug("Request received for: {}", ctx.request().path()); 
     if (res.succeeded()) { 
      LOGGER.debug("Got the user {} from the token", res.result().principal().getString("name")); 
      ctx.setUser(res.result()); 
      ctx.response().putHeader(CONTENT_TYPE, APPLICATION_JSON.toString()); 
      ctx.next(); 
     } 
     else { 
      LOGGER.error("Failed to parse token with {} segments", encodedToken.split("\\.").length, res.cause()); 
      ctx.response().setStatusCode(UNAUTHORIZED.code()).setStatusMessage(UNAUTHORIZED.reasonPhrase()).end(); 
     } 
    }); 
}); 

: 토큰을 생성하는 vert.x의 JWTAuth 공급자를 사용하여 내 테스트 케이스를 실행할 때 동일한 코드가 잘 작동합니다 15 : 22 : 14.930 [main] DEBUG groovyx.net.http.RESTClient - POST http://localhost:8080/rest/v1/referrals 15 : 22 : 15.069 [vert.x-eventloop-thread-0] DEBUG com.redhat.rhambassador.MainVerticle - 토큰을 받았습니다. 예 : YmU4NS0zY2JkZDA0YTg2ZmQiLCJleHAiOjE1MTEzNjk0NTAsIm5iZiI6MCwiaWF0IjoxNTExMzY5MTUwLCJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2F1dGgvcmVhbG1zL0VtcGxveWVlSURQIiwiYXVkIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsInN1YiI6ImUwYzc4MTY5LTMyYWUtNDQ1Yy05YWYxLWUwYmVlYjI2YTgxNCIsInR5cCI6IkJlYXJlciIsImF6cCI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJub25jZSI6ImY4MjYzNDU5LWJlYTgtNGQzMi04ODBjLTcxNGNhMjdiMGM2NSIsImF1dGhfdGltZSI6MTUxMTM2NjY0Niwic2Vzc2lvbl9zdGF0ZSI6IjVlYTgyMTA3LTI0MWMtNGViMy04MWY3LWU4ZmMxM2E3MWQ5MSIsImFjciI6IjAiLCJjbGllbnRfc2Vzc2lvbiI6IjA1MzUxYjU4LTcyODItNDgxZS1iMjk2LTFjNDExYjUzMmI2NCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2V4YW1wbGUuY29tIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJFbXBsb3llZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJsYXN0TmFtZSI6IkRvZSIsImZpcnN0TmFtZSI6IkpvaG4iLCJlbXBsb3llZVR5cGUiOiJFbXBsb3llZSIsIm5hbWUiOiJKb2huIERvZSIsInJoYXRVVUlEIjoiMTc5YmY0MTYtY2ZhNy0xMWU3LTkxNGUtNTRlZTc1OTMyOTU1IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamRvZSIsImdpdmVuX25hbWUiOiJKb2hu . IiwiZmFtaWx5X25hbWUiOiJEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifQ == ZWmsuIRsXeSdE_xefG_o-vYUZR4os_87jgd-7s9BC_-w1bHJ4K3tAIH3r_SxFS1hOYRxO3wsKniePkhcgfyHKDPpvSNc-HLsx3guARDGsdRiqEgszSoJTYvU_XRVcR8FEPPDs0vIov540A9mPPqpH4MPVK-dgZHH5IaSWpceeA91wmL5dh3Z-0nK5wIeFxDw-8PfzSzrF0crTG8Mr9KwaTr9iCTYta13kxIW3WU8xHe6qSYaQEJmKpj4y6YNtwdGvmVn9B9TngSBRliz-4nDj-WcVuWahkppSnuRgEEDsxFZ5DXvnKhK5j1aaU4HSamz7qd2UsgPya7DxpBHHIhcOp0fOzVcDJl4vm_zxnX7cO5Ulm4Vsn-Q5iFMHunXwtNkmxGxQrqWz24CYWF_CxMvcHgjK9pqGeJ6S43v2jQvTPA5dL6dcEhNOd6RH3dD7PJjhXN5b0MP-McjoJXoktnvNRLim_n2Dnsn-t3ceJhJVMqoYPvRd_F51Is1Rcuy3qzNRYtoeiHAkacHIzR5UxPheYtzyo0dtxz9dtHgd-WlWFFL4GyxRb5Ex6153JAZSK4neT4gAXldnSQqqDGHt1XZaeBR4G3l5bffozPuYCR9wDwtkNMI5VK5Q9o81mXdQen0DPt4XZgtSkQOoudNduZFhOy6GIzJAbiNifqJpOyud64 15 : 22 : 15.070 [vert.x-eventloop - 스레드 0] DEBUG com.redhat.rhambassador.MainVerticle - 요청 접수 : /rest/v1/referral 15 : 22 : 15.072 [vert.x-eve ntloop-thread-0] 오류 com.redhat.rhambassador.MainVerticle - 3 세그먼트의 토큰을 구문 분석하지 못했습니다. java.lang.RuntimeException : 세그먼트가 충분하지 않거나 너무 많습니다. at io.vertx.ext.jwt.JWT.decode com.redhat.rhambassador.MainVerticle.lambda $ buildRoutes $ (7)에서 io.vertx.ext.auth.jwt.impl.JWTAuthProviderImpl.authenticate (JWTAuthProviderImpl.java:114) (MainVerticle.java에서 JWT.java:321) : 에서 io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext (RoutingContextImplBase.java:101에서 io.vertx.ext.web.impl.RouteImpl.handleContext (RouteImpl.java:223) )에서 197) io.vertx.ext.web.impl.RoutingContextWrapper.next (RoutingContextWrapper.java:149) io.vertx.ext.web.handler.impl.BodyHandlerImpl $ BHandler.end에서 io.vertx.ext.web.handler.impl.BodyHandlerImpl $ BHandler.doEnd (BodyHandlerImpl.java:209) (BodyHandlerImpl에서.자바 : 187) io.vertx.ext.web.handler.impl.BodyHandlerImpl.lambda $에서이 io.vertx.core.http.impl.HttpServerRequestImpl.handleEnd (HttpServerRequestImpl에서 $ 0 (0 BodyHandlerImpl.java:68) 처리 된 .java : 418) io.vertx.core.http.impl.ServerConnection.handleLastHttpContent (ServerConnection.java:475 AT) io.vertx.core.http.impl.ServerConnection.handleContent에서 (ServerConnection.java:469 io.vertx.core.http.impl.ServerConnection.handleMessage (ServerConnection.java:156에서 io.vertx.core.http.impl.ServerConnection.processMessage (ServerConnection.java:449 AT) ) )에서 io .vertx.core.http.impl.HttpServerImpl $ ServerHandlerWithWebSockets.handleMessage (HttpServerImpl.java:705) IO에서 io.vertx.core.http.impl.HttpServerImpl $ ServerHandlerWithWebSockets.handleMessage (HttpServerImpl.java:614) 에서 .vertx.core.net.impl.VertxHandler.lambda $ channelRead $ 1 (VertxHandler.java:150) at io.vertx.core.impl.ContextImpl.lambda $ wrapTask $ 2 (ContextImpl.java:342) at io. vertx.core.impl.ContextImpl.executeFromIO io.netty.channel.AbstractChannelHandlerContext에서 io.vertx.core.net.impl.VertxHandler.channelRead (VertxHandler.java:148)에서 (ContextImpl.java:200) . invokeChannelRead (AbstractChannelHandlerContext.java:362) io.netty.handler.codec.ByteToMessageDecoder에서 io.netty.channel.AbstractChannelHandlerContext.fireChannelRead (AbstractChannelHandlerContext.java:340)에서 io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead (AbstractChannelHandlerContext.java:348) 에서 53,691,363,210 io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead (AbstractChannelHandlerContext.java:362)에서 .fireChannelRead io.netty.handler.codec.ByteToMessageDecoder.channelRead (ByteToMessageDecoder.java:284)에서 (ByteToMessageDecoder.java:310) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead (AbstractChannelHandlerContext.java:348) 에서 io.netty.channel.DefaultChannelPipeline $ HeadContext.channelRead (DefaultChannelPipeline.java:1359) 에서 io.netty.channel.AbstractChannelHandlerContext.fireChannelRead (AbstractChannelHandlerContext.java:340) io.netty.channel.AbstractChannelHandlerContext에서 에서 .invokeChannelRead io.netty.channel.DefaultChannelPipeline.fireChannelRead (DefaultChannelPipeline.java:935)에서 io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead (AbstractChannelHandlerContext.java:348)에서 (AbstractChannelHandlerContext.java:362) io.netty.channel.nio.AbstractNioByteChannel $ NioByteUnsafe.read (AbstractNioByteChannel.java:134) io.netty.channel에서 io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized (NioEventLoop.java:580)에서 io.netty.channel.nio.NioEventLoop.processSelectedKey (NioEventLoop.java:645) 에서 7백45경1천5백15조5백36억9천1백36만3천2백10 .nio.NioEventLoop.processSelectedKeys (NioEventLoop.java:497) at io.netty.channel.nio.NioEventLoop.run (NioEventLoop.java:459) at io.netty.util.concurrent.SingleThreadEventExecutor $ 5.run (SingleThreadEventExecutor. java : 858) at java.lang.Thread.run (Thread.자바 : 748)

+0

사용하는 vertx의 어떤 버전에 대한 인증을 수행, vertx의 JWT 처리기를 사용하려고? –

+0

3.5.0 – Brandon

답변

0

문제는 JSON 정확하지되는 구성이 될 것이있다 :

JWTAuth authProvider = JWTAuth.create(vertx, new JWTAuthOptions(new JsonObject() 
.put("permissionsClaimKey", "realm_access/roles") 
.put("pubSecKeys", new JsonArray() 
    .add(new JsonObject() 
     .put("publicKey", "...") 
     .put("type", "RS256"))))); 

pubSecKeys 객체들의 어레이이다. 더 안전하려면 아마 JSON 설정을 사용하지 말고 입력 된 것을 사용하십시오.

+0

사용하고 있습니다. "java.lang.RuntimeException : RS256이 지원되지 않습니다."라는 RS256이 실제로 지원되지 않는 알고리즘입니다. – Brandon

+0

제공된 키를 디코딩 할 수 없기 때문에 해당 메시지가 버블 링되고 있습니다. –

0

는 컨텍스트를 라우팅에 대한 사용자를 설정하고

JWTAuth jwtAuth = JWTAuth.create(vertx, new JWTAuthOptions() 
     .setPermissionsClaimKey("realm_access/roles") 
     .addPubSecKey(new PubSecKeyOptions() 
      .setType("RS256") 
      .setPublicKey("....your key")); 

router.route("/api/rest/a/*").handler(JWTAuthHandler.create(jwtAuth));