admin/apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update JwtTokenProvider to use secret key from application properties

Browse Source
This commit is contained in:
andrea.terzani
2024-08-13 16:45:04 +02:00
parent ae444eced5
commit 9c7d85b84b
1 changed files with 35 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/com/olympus/apollo/security/utility/JwtTokenProvider.java
View File

@@ -3,13 +3,13 @@ package com.olympus.apollo.security.utility;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import io.jsonwebtoken.*; import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException; import io.jsonwebtoken.security.SignatureException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import java.security.Key; import java.security.Key;
import java.util.Date; import java.util.Date;
@@ -20,6 +20,16 @@ public class JwtTokenProvider {
Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512); Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
public static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A713474375367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";
private Key getSignKey() {
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
return Keys.hmacShaKeyFor(keyBytes);
}
public String createToken(Authentication authentication) { public String createToken(Authentication authentication) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal(); UserDetails userDetails = (UserDetails) authentication.getPrincipal();
@@ -30,7 +40,8 @@ public class JwtTokenProvider {
.setSubject(userDetails.getUsername()) .setSubject(userDetails.getUsername())
.setIssuedAt(new Date()) .setIssuedAt(new Date())
.setExpiration(expiryDate) .setExpiration(expiryDate)
.signWith(SignatureAlgorithm.HS512, key) .signWith(getSignKey(), SignatureAlgorithm.HS512)
//.signWith(SignatureAlgorithm.HS512, SECRET)
.compact(); .compact();
} }
@@ -48,7 +59,7 @@ public class JwtTokenProvider {
public boolean validateToken(String token) { public boolean validateToken(String token) {
try { try {
Jwts.parser().setSigningKey(key).parseClaimsJws(token); Jwts.parser().setSigningKey(getSignKey()).parseClaimsJws(token);
return true; return true;
} catch (MalformedJwtException ex) { } catch (MalformedJwtException ex) {
log.error("Invalid JWT token"); log.error("Invalid JWT token");
@@ -68,9 +79,10 @@ public class JwtTokenProvider {
public String getUsername(String token) { public String getUsername(String token) {
return Jwts.parser() return Jwts.parser()
.setSigningKey(key) .setSigningKey(getSignKey())
.parseClaimsJws(token) .parseClaimsJws(token)
.getBody() .getBody()
.getSubject(); .getSubject();
} }
} }