From 929f05a5cb441714234f1033f20ad72cff7bb859 Mon Sep 17 00:00:00 2001 From: Alexander Dudkin Date: Thu, 26 Sep 2024 00:25:41 +0300 Subject: [PATCH] fix: switch to verifyWith instead of deprecated setSigningKey method --- .../dev/earlspilner/books/security/JwtTokenProvider.java | 5 +++-- .../dev/earlspilner/library/security/JwtTokenProvider.java | 5 +++-- .../dev/earlspilner/loans/security/JwtTokenProvider.java | 5 +++-- .../dev/earlspilner/users/security/JwtTokenProvider.java | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java b/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java index a937145..b3fafb4 100644 --- a/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java +++ b/library-api-books-service/src/main/java/dev/earlspilner/books/security/JwtTokenProvider.java @@ -15,6 +15,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; +import javax.crypto.SecretKey; import java.security.Key; import java.util.Base64; @@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) { } public String getUsername(String token) { - return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject(); + return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject(); } public String resolveToken(HttpServletRequest req) { @@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) { public boolean validateToken(String token) { try { - Jwts.parser().setSigningKey(key).build().parseSignedClaims(token); + Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token); return true; } catch (JwtException | IllegalArgumentException e) { throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED); diff --git a/library-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java b/library-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java index 9e162fc..a301c1b 100644 --- a/library-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java +++ b/library-api-library-service/src/main/java/dev/earlspilner/library/security/JwtTokenProvider.java @@ -15,6 +15,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; +import javax.crypto.SecretKey; import java.security.Key; import java.util.Base64; @@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) { } public String getUsername(String token) { - return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject(); + return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject(); } public String resolveToken(HttpServletRequest req) { @@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) { public boolean validateToken(String token) { try { - Jwts.parser().setSigningKey(key).build().parseSignedClaims(token); + Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token); return true; } catch (JwtException | IllegalArgumentException e) { throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED); diff --git a/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java b/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java index 182e770..c61d3a5 100644 --- a/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java +++ b/library-api-loan-service/src/main/java/dev/earlspilner/loans/security/JwtTokenProvider.java @@ -15,6 +15,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; +import javax.crypto.SecretKey; import java.security.Key; import java.util.Base64; @@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) { } public String getUsername(String token) { - return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject(); + return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject(); } public String resolveToken(HttpServletRequest req) { @@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) { public boolean validateToken(String token) { try { - Jwts.parser().setSigningKey(key).build().parseSignedClaims(token); + Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token); return true; } catch (JwtException | IllegalArgumentException e) { throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED); diff --git a/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java b/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java index 47c6bc1..bf72567 100644 --- a/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java +++ b/library-api-users-service/src/main/java/dev/earlspilner/users/security/JwtTokenProvider.java @@ -15,6 +15,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Service; +import javax.crypto.SecretKey; import java.security.Key; import java.util.Base64; @@ -44,7 +45,7 @@ public Authentication getAuthentication(String token) { } public String getUsername(String token) { - return Jwts.parser().setSigningKey(key).build().parseSignedClaims(token).getPayload().getSubject(); + return Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token).getPayload().getSubject(); } public String resolveToken(HttpServletRequest req) { @@ -57,7 +58,7 @@ public String resolveToken(HttpServletRequest req) { public boolean validateToken(String token) { try { - Jwts.parser().setSigningKey(key).build().parseSignedClaims(token); + Jwts.parser().verifyWith((SecretKey) key).build().parseSignedClaims(token); return true; } catch (JwtException | IllegalArgumentException e) { throw new CustomJwtException("Expired or invalid JWT token", HttpStatus.UNAUTHORIZED);