From 6a057f33b1e8cc2d717997cf82979eeb57a6f491 Mon Sep 17 00:00:00 2001
From: Micah Silverman <micah@afitnerd.com>
Date: Mon, 27 Jun 2016 09:21:42 -0400
Subject: [PATCH] Set configurable secret for parsing.

---
 .../jjwtfun/controller/StaticJWTController.java        | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java
index 960ac46043..9bf4ab2e45 100644
--- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java
+++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java
@@ -5,6 +5,7 @@ import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.jjwtfun.model.JwtResponse;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
@@ -18,6 +19,9 @@ import static org.springframework.web.bind.annotation.RequestMethod.GET;
 @RestController
 public class StaticJWTController extends BaseController {
 
+    @Value("#{ @environment['jjwtfun.secret'] ?: 'secret' }")
+    String secret;
+
     @RequestMapping(value = "/static-builder", method = GET)
     public JwtResponse fixedBuilder() throws UnsupportedEncodingException {
 
@@ -38,10 +42,10 @@ public class StaticJWTController extends BaseController {
     }
 
     @RequestMapping(value = "/parser", method = GET)
-    public JwtResponse fixedParser(@RequestParam String jws) throws UnsupportedEncodingException {
+    public JwtResponse parser(@RequestParam String jwt) throws UnsupportedEncodingException {
         Jws<Claims> claims = Jwts.parser()
-            .setSigningKey("secret".getBytes("UTF-8"))
-            .parseClaimsJws(jws);
+            .setSigningKey(secret.getBytes("UTF-8"))
+            .parseClaimsJws(jwt);
 
         return new JwtResponse(claims);
     }