如何配置 Ktor 以启用 JWT 身份验证?
How do you configure Ktor to enable JWT Authentication?
对于上下文,我是 Java、Kotlin 和 Ktor(来自 C# 背景)的新手。
我从我的构建中收到以下错误:
Exception in thread "main" io.ktor.server.application.MissingApplicationPluginException: Application plugin Authentication is not installed
代码中有问题的部分是:
authenticate("auth-jwt") {
get("/hello") {
val principal = call.principal<JWTPrincipal>()
val username = principal!!.payload.getClaim("username").asString()
val expiresAt = principal.expiresAt?.time?.minus(System.currentTimeMillis())
call.respondText("Hello, $username! Token is expired at $expiresAt ms.")
}
}
在 authenticate
行失败
根据文档,我在 build.gradle.kts 文件中添加了所需的插件:
dependencies {
implementation("io.ktor:ktor-server-core-jvm:$ktor_version")
implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version")
implementation("io.ktor:ktor-server-content-negotiation-jvm:$ktor_version")
implementation("io.ktor:ktor-serialization-kotlinx-json-jvm:$ktor_version")
implementation("io.ktor:ktor-serialization-gson-jvm:$ktor_version")
implementation("io.ktor:ktor-server-netty-jvm:$ktor_version")
implementation("io.ktor:ktor-server-auth:$ktor_version")
implementation("io.ktor:ktor-server-auth-jwt:$ktor_version")
implementation("ch.qos.logback:logback-classic:$logback_version")
testImplementation("io.ktor:ktor-server-test-host:$ktor_version")
testImplementation("org.jetbrains.kotlin:kotlin-test:$kotlin_version")
}
这是我的configureSecurity方法(取自在线示例):
fun Application.configureSecurity() {
val secret = System.getenv("JWT_SECRET")
val issuer = environment.config.property("jwt.issuer").getString()
val audience = environment.config.property("jwt.audience").getString()
val myRealm = environment.config.property("jwt.realm").getString()
authentication {
jwt("auth-jwt") {
verifier(
JWT
.require(Algorithm.HMAC256(secret))
.withAudience(audience)
.withIssuer(issuer)
.build()
)
validate { credential ->
if (credential.payload.getClaim("username").asString() != "") {
JWTPrincipal(credential.payload)
} else {
null
}
}
}
}
}
在过去的九个小时里,我一直在努力解决这个问题,在网上进行了详尽的搜索,这是我最后的选择。
我正在使用从 IntelliJ IDEA 中的项目创建向导创建的 Beta 2.0 示例代码。
如何在 ktor 服务器上正确配置 JWT 身份验证?
问题是路由配置在 Authentication 插件安装之前进行。要修复它交换 configureRouting() 和 configureSecurity() 调用所以它看起来像这样:
embeddedServer(Netty, port = 8080, host = "0.0.0.0") {
configureSecurity()
configureRouting()
}.start(wait = true)
对于上下文,我是 Java、Kotlin 和 Ktor(来自 C# 背景)的新手。
我从我的构建中收到以下错误:
Exception in thread "main" io.ktor.server.application.MissingApplicationPluginException: Application plugin Authentication is not installed
代码中有问题的部分是:
authenticate("auth-jwt") {
get("/hello") {
val principal = call.principal<JWTPrincipal>()
val username = principal!!.payload.getClaim("username").asString()
val expiresAt = principal.expiresAt?.time?.minus(System.currentTimeMillis())
call.respondText("Hello, $username! Token is expired at $expiresAt ms.")
}
}
在 authenticate
根据文档,我在 build.gradle.kts 文件中添加了所需的插件:
dependencies {
implementation("io.ktor:ktor-server-core-jvm:$ktor_version")
implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version")
implementation("io.ktor:ktor-server-content-negotiation-jvm:$ktor_version")
implementation("io.ktor:ktor-serialization-kotlinx-json-jvm:$ktor_version")
implementation("io.ktor:ktor-serialization-gson-jvm:$ktor_version")
implementation("io.ktor:ktor-server-netty-jvm:$ktor_version")
implementation("io.ktor:ktor-server-auth:$ktor_version")
implementation("io.ktor:ktor-server-auth-jwt:$ktor_version")
implementation("ch.qos.logback:logback-classic:$logback_version")
testImplementation("io.ktor:ktor-server-test-host:$ktor_version")
testImplementation("org.jetbrains.kotlin:kotlin-test:$kotlin_version")
}
这是我的configureSecurity方法(取自在线示例):
fun Application.configureSecurity() {
val secret = System.getenv("JWT_SECRET")
val issuer = environment.config.property("jwt.issuer").getString()
val audience = environment.config.property("jwt.audience").getString()
val myRealm = environment.config.property("jwt.realm").getString()
authentication {
jwt("auth-jwt") {
verifier(
JWT
.require(Algorithm.HMAC256(secret))
.withAudience(audience)
.withIssuer(issuer)
.build()
)
validate { credential ->
if (credential.payload.getClaim("username").asString() != "") {
JWTPrincipal(credential.payload)
} else {
null
}
}
}
}
}
在过去的九个小时里,我一直在努力解决这个问题,在网上进行了详尽的搜索,这是我最后的选择。
我正在使用从 IntelliJ IDEA 中的项目创建向导创建的 Beta 2.0 示例代码。
如何在 ktor 服务器上正确配置 JWT 身份验证?
问题是路由配置在 Authentication 插件安装之前进行。要修复它交换 configureRouting() 和 configureSecurity() 调用所以它看起来像这样:
embeddedServer(Netty, port = 8080, host = "0.0.0.0") {
configureSecurity()
configureRouting()
}.start(wait = true)