From e8d187fec0049692e0beb241008ba9211a32fbd2 Mon Sep 17 00:00:00 2001 From: h_sharifi Date: Wed, 17 Jan 2024 18:52:26 +0330 Subject: [PATCH] #BAEL-7434: refactor jwt --- .../security/AuthenticationService.java | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/persistence-modules/spring-jpa-2/src/main/java/com/baeldung/multitenant/security/AuthenticationService.java b/persistence-modules/spring-jpa-2/src/main/java/com/baeldung/multitenant/security/AuthenticationService.java index 42eab1d6de..c547640b4d 100644 --- a/persistence-modules/spring-jpa-2/src/main/java/com/baeldung/multitenant/security/AuthenticationService.java +++ b/persistence-modules/spring-jpa-2/src/main/java/com/baeldung/multitenant/security/AuthenticationService.java @@ -1,26 +1,31 @@ package com.baeldung.multitenant.security; import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.security.Keys; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; +import javax.crypto.SecretKey; +import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Date; public class AuthenticationService { private static final long EXPIRATIONTIME = 864_000_00; // 1 day in milliseconds - private static final String SIGNINGKEY = "SecretKey"; + private static final String SECRETKEY = "q3t6w9zCFJNcQfTjWnq3t6w9zCFJNcQfTjWnZr4u7xADGKaPd"; + private static final SecretKey SIGNINGKEY = Keys.hmacShaKeyFor(SECRETKEY.getBytes(StandardCharsets.UTF_8)); private static final String PREFIX = "Bearer"; public static void addToken(HttpServletResponse res, String username, String tenant) { - String JwtToken = Jwts.builder().setSubject(username) - .setAudience(tenant) - .setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) - .signWith(SignatureAlgorithm.HS512, SIGNINGKEY) + String JwtToken = Jwts.builder() + .subject(username) + .audience().add(tenant).and() + .issuedAt(new Date(System.currentTimeMillis())) + .expiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) + .signWith(SIGNINGKEY) .compact(); res.addHeader("Authorization", PREFIX + " " + JwtToken); } @@ -29,9 +34,8 @@ public class AuthenticationService { String token = req.getHeader("Authorization"); if (token != null) { String user = Jwts.parser() - .setSigningKey(SIGNINGKEY) - .build().parseClaimsJws(token.replace(PREFIX, "")) - .getBody() + .verifyWith(SIGNINGKEY) + .build().parseClaimsJws(token.replace(PREFIX, "").trim()).getPayload() .getSubject(); if (user != null) { return new UsernamePasswordAuthenticationToken(user, null, Collections.emptyList()); @@ -48,7 +52,7 @@ public class AuthenticationService { } String tenant = Jwts.parser() .setSigningKey(SIGNINGKEY) - .build().parseClaimsJws(token.replace(PREFIX, "")) + .build().parseClaimsJws(token.replace(PREFIX, "").trim()) .getBody() .getAudience() .iterator()