From 4afb97e34c0c2faeb3cc6b271b7dbe0690096ab1 Mon Sep 17 00:00:00 2001 From: Kudzai P Matizirofa Date: Mon, 3 Jul 2023 00:15:48 +0200 Subject: [PATCH] Updated jjwt 0.11 --- pom.xml | 31 ++++---- .../springjwtauth/config/JwtAuthFilter.java | 4 +- .../intela/springjwtauth/util/JwtUtil.java | 74 ++++++++++--------- 3 files changed, 54 insertions(+), 55 deletions(-) diff --git a/pom.xml b/pom.xml index 4ff8a9d..19657e3 100644 --- a/pom.xml +++ b/pom.xml @@ -11,8 +11,8 @@ com.intela dpring-jwt-auth 0.0.1-SNAPSHOT - dpring-jwt-auth - dpring-jwt-auth + spring-jwt-auth + spring-jwt-auth 20 @@ -40,15 +40,24 @@ io.jsonwebtoken - jjwt - 0.9.1 + jjwt-api + 0.11.5 + + + io.jsonwebtoken + jjwt-impl + 0.11.5 + + + io.jsonwebtoken + jjwt-jackson + 0.11.5 org.hibernate hibernate-validator 8.0.0.Final - org.springframework.boot spring-boot-devtools @@ -85,18 +94,6 @@ spring-security-test test - - org.jetbrains - annotations - RELEASE - compile - - - org.jetbrains - annotations - RELEASE - compile - diff --git a/src/main/java/com/intela/springjwtauth/config/JwtAuthFilter.java b/src/main/java/com/intela/springjwtauth/config/JwtAuthFilter.java index 2beed67..fdc9977 100644 --- a/src/main/java/com/intela/springjwtauth/config/JwtAuthFilter.java +++ b/src/main/java/com/intela/springjwtauth/config/JwtAuthFilter.java @@ -36,12 +36,12 @@ protected void doFilterInternal(@NonNull HttpServletRequest request, filterChain.doFilter(request, response); return; } - jwt = authHeader.substring(7); + jwt = authHeader.split(" ")[1].trim(); userEmail = jwtUtil.extractUsername(jwt); if(userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null){ UserDetails userDetails = this.userDetailsService.loadUserByUsername(userEmail); - if(jwtUtil.validateToken(jwt, userDetails)){ + if(jwtUtil.isTokenValid(jwt, userDetails)){ UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( userDetails, null, diff --git a/src/main/java/com/intela/springjwtauth/util/JwtUtil.java b/src/main/java/com/intela/springjwtauth/util/JwtUtil.java index d2c25a6..f65ecc5 100644 --- a/src/main/java/com/intela/springjwtauth/util/JwtUtil.java +++ b/src/main/java/com/intela/springjwtauth/util/JwtUtil.java @@ -3,71 +3,73 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; -import org.springframework.lang.NonNull; +import io.jsonwebtoken.security.Keys; +import jakarta.validation.constraints.NotNull; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; + +import java.security.Key; +import java.util.Base64; import java.util.Date; import java.util.HashMap; import java.util.Map; -import java.util.concurrent.TimeUnit; import java.util.function.Function; + @Service public class JwtUtil { - private final String jwtSigningKey = "secret"; + private final String SECRET_KEY = "8d4fed75477d160c393db8a22edce23a5ae7971b4533077d89ac0016dd92c879d21791073310294924cb896443a8214cfdc129baa42af8b3030a397382a93532"; public String extractUsername(String token){ return extractClaim(token, Claims::getSubject); } - public Date extractExpiration(String token){ - - return extractClaim(token, Claims::getExpiration); - } - - public T extractClaim(String token, Function claimsResolver){ + public T extractClaim(String token, @NotNull Function claimsResolver){ final Claims claims = extractAllClaims(token); return claimsResolver.apply(claims); } - public boolean hasClaim(String token, String claimName){ - final Claims claims = extractAllClaims(token); - return claims.get(claimName) != null; + public String generateToken(UserDetails userDetails){ + return generateToken(new HashMap<>(), userDetails); } - - public T getClaimFromToken(String token, @NonNull Function claimsResolver) { - final Claims claims = extractAllClaims(token); - return claimsResolver.apply(claims); + public String generateToken( + Map extractClaims, + UserDetails userDetails + ){ + return Jwts + .builder() + .setClaims(extractClaims) + .setSubject(userDetails.getUsername()) + .setIssuedAt(new Date(System.currentTimeMillis())) + .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 24)) + .signWith(getSigningKey(), SignatureAlgorithm.HS256) + .compact(); } - private Claims extractAllClaims(String token){ - return Jwts.parser().setSigningKey(jwtSigningKey).parseClaimsJws(token).getBody(); + public boolean isTokenValid(String token, UserDetails userDetails){ + final String username = extractUsername(token); + return(username.equals(userDetails.getUsername())) && !isTokenExpired(token); } - @NonNull - private Boolean isTokenExpired(@NonNull String token){ - final Date expiration = extractExpiration(token); - return expiration.before(new Date()); + private boolean isTokenExpired(String token) { + return extractExpiration(token).before(new Date()); } - public String generateToken(@NonNull UserDetails user){ - Map claims = new HashMap<>(); - return createToken(claims, user); + private Date extractExpiration(String token) { + return extractClaim(token, Claims::getExpiration); } - private String createToken(Map claims, UserDetails user){ - return Jwts.builder() - .setClaims(claims) - .setSubject(user.getUsername()) - .claim("authorities", user.getAuthorities()) - .setIssuedAt(new Date(System.currentTimeMillis())) - .setExpiration(new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(24))) - .signWith(SignatureAlgorithm.HS256, jwtSigningKey).compact(); + private Claims extractAllClaims(String token){ + return Jwts.parserBuilder() + .setSigningKey(getSigningKey()) + .build() + .parseClaimsJws(token) + .getBody(); } - public Boolean validateToken(@NonNull String token, UserDetails user){ - final String username = extractUsername(token); - return(username.equals(user.getUsername()) && !isTokenExpired(token)); + private Key getSigningKey() { + byte[] keyBytes = Base64.getDecoder().decode(SECRET_KEY); + return Keys.hmacShaKeyFor(keyBytes); } }