feat: Update JwtTokenProvider to use secret key from application properties

2024-08-13 16:45:04 +02:00
parent ae444eced5
commit 9c7d85b84b
1 changed files with 35 additions and 23 deletions
--- a/src/main/java/com/olympus/apollo/security/utility/JwtTokenProvider.java
+++ b/src/main/java/com/olympus/apollo/security/utility/JwtTokenProvider.java
@@ -3,13 +3,13 @@ package com.olympus.apollo.security.utility;
 import org.springframework.stereotype.Component;

 import io.jsonwebtoken.*;
+import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import java.security.Key;
 import java.util.Date;
@@ -20,6 +20,16 @@ public class JwtTokenProvider {

    Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
    
+
+    public static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A713474375367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";
+
+
+    private Key getSignKey() {
+            byte[] keyBytes = Decoders.BASE64.decode(SECRET);
+            return Keys.hmacShaKeyFor(keyBytes);
+        }
+
+
    public String createToken(Authentication authentication) {
    
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
@@ -30,7 +40,8 @@ public class JwtTokenProvider {
            .setSubject(userDetails.getUsername())
            .setIssuedAt(new Date())
            .setExpiration(expiryDate)
-                .signWith(SignatureAlgorithm.HS512, key)
+            .signWith(getSignKey(), SignatureAlgorithm.HS512)
+            //.signWith(SignatureAlgorithm.HS512, SECRET)
            .compact();
    }

@@ -48,7 +59,7 @@ public class JwtTokenProvider {
    public boolean validateToken(String token) {
        
        try {
-            Jwts.parser().setSigningKey(key).parseClaimsJws(token);
+        Jwts.parser().setSigningKey(getSignKey()).parseClaimsJws(token);
        return true;
        } catch (MalformedJwtException ex) {
        log.error("Invalid JWT token");
@@ -68,9 +79,10 @@ public class JwtTokenProvider {
    public String getUsername(String token) {
        
        return Jwts.parser()
-                .setSigningKey(key)
+            .setSigningKey(getSignKey())
            .parseClaimsJws(token)
            .getBody()
            .getSubject();
    }
 }
+