admin/apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update JwtTokenProvider to use secret key from application properties

Browse Source
This commit is contained in:
andrea.terzani
2024-08-13 16:45:04 +02:00
parent ae444eced5
commit 9c7d85b84b
1 changed files with 35 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/main/java/com/olympus/apollo/security/utility/JwtTokenProvider.java
View File

@@ -3,13 +3,13 @@ package com.olympus.apollo.security.utility;
import org.springframework.stereotype.Component;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import java.security.Key;
import java.util.Date;
@@ -19,19 +19,30 @@ import java.util.Date;
public class JwtTokenProvider {
Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
public static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A713474375367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";
private Key getSignKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
return Keys.hmacShaKeyFor(keyBytes);
}
public String createToken(Authentication authentication) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
Date now = new Date();
Date expiryDate = new Date(now.getTime() + 3600000);
return Jwts.builder()
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date())
.setExpiration(expiryDate)
.signWith(SignatureAlgorithm.HS512, key)
.compact();
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date())
.setExpiration(expiryDate)
.signWith(getSignKey(), SignatureAlgorithm.HS512)
//.signWith(SignatureAlgorithm.HS512, SECRET)
.compact();
}
@@ -39,38 +50,39 @@ public class JwtTokenProvider {
String bearerToken = request.getHeader("Authorization");
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7);
return bearerToken.substring(7);
}
return null;
}
// Check if the token is valid and not expired
public boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(key).parseClaimsJws(token);
return true;
Jwts.parser().setSigningKey(getSignKey()).parseClaimsJws(token);
return true;
} catch (MalformedJwtException ex) {
log.error("Invalid JWT token");
log.error("Invalid JWT token");
} catch (ExpiredJwtException ex) {
log.error("Expired JWT token");
log.error("Expired JWT token");
} catch (UnsupportedJwtException ex) {
log.error("Unsupported JWT token");
log.error("Unsupported JWT token");
} catch (IllegalArgumentException ex) {
log.error("JWT claims string is empty");
log.error("JWT claims string is empty");
} catch (SignatureException e) {
log.error("there is an error with the signature of you token ");
log.error("there is an error with the signature of you token ");
}
return false;
}
// Extract the username from the JWT token
// Extract the username from the JWT token
public String getUsername(String token) {
return Jwts.parser()
.setSigningKey(key)
.parseClaimsJws(token)
.getBody()
.getSubject();
.setSigningKey(getSignKey())
.parseClaimsJws(token)
.getBody()
.getSubject();
}
}
}