fix: switch to verifyWith instead of deprecated setSigningKey method

thisdudkin · Sep 25, 2024 · 929f05a · 929f05a
1 parent 99b0fa6
commit 929f05a
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java b/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java
@@ -15,6 +15,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
+import javax.crypto.SecretKey;
 import java.security.Key;
 import java.util.Base64;
 
@@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) {
     }
 
     public String getUsername(String token) {
-        return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject();
+        return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject();
     }
 
     public String resolveToken(HttpServletRequest req) {
@@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) {
 
     public boolean validateToken(String token) {
         try {
-            Jwts.parser().setSigningKey(key).build().parseSignedClaims(token);
+            Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token);
             return true;
         } catch (JwtException | IllegalArgumentException e) {
             throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED);

diff --git a/...-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java b/...-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java
@@ -15,6 +15,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
+import javax.crypto.SecretKey;
 import java.security.Key;
 import java.util.Base64;
 
@@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) {
     }
 
     public String getUsername(String token) {
-        return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject();
+        return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject();
     }
 
     public String resolveToken(HttpServletRequest req) {
@@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) {
 
     public boolean validateToken(String token) {
         try {
-            Jwts.parser().setSigningKey(key).build().parseSignedClaims(token);
+            Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token);
             return true;
         } catch (JwtException | IllegalArgumentException e) {
             throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED);

diff --git a/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java b/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java
@@ -15,6 +15,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
+import javax.crypto.SecretKey;
 import java.security.Key;
 import java.util.Base64;
 
@@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) {
     }
 
     public String getUsername(String token) {
-        return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject();
+        return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject();
     }
 
     public String resolveToken(HttpServletRequest req) {
@@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) {
 
     public boolean validateToken(String token) {
         try {
-            Jwts.parser().setSigningKey(key).build().parseSignedClaims(token);
+            Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token);
             return true;
         } catch (JwtException | IllegalArgumentException e) {
             throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED);

diff --git a/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java b/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java
@@ -15,6 +15,7 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
 
+import javax.crypto.SecretKey;
 import java.security.Key;
 import java.util.Base64;
 
@@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) {
     }
 
     public String getUsername(String token) {
-        return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject();
+        return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject();
     }
 
     public String resolveToken(HttpServletRequest req) {
@@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) {
 
     public boolean validateToken(String token) {
         try {
-            Jwts.parser().setSigningKey(key).build().parseSignedClaims(token);
+            Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token);
             return true;
         } catch (JwtException | IllegalArgumentException e) {
             throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED);