[ISSUE #3600] Replace the deprecated api of jwt (#3616)

* replace the deprecated api of jwt * transfer secretKey to byte array just using String encode with utf-8
alibaba · Aug 18, 2020 · a041c8e · a041c8e
1 parent c7251a1
commit a041c8e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
@@ -48,6 +48,11 @@ public class AuthConfigs {
     @Value("${nacos.core.auth.default.token.secret.key:}")
     private String secretKey;
 
+    /**
+     * secret key byte array.
+     */
+    private byte[] secretKeyBytes;
+
     /**
      * Token validity time(seconds).
      */
@@ -60,8 +65,11 @@ public class AuthConfigs {
     @Value("${nacos.core.auth.system.type:}")
     private String nacosAuthSystemType;
 
-    public String getSecretKey() {
-        return secretKey;
+    public byte[] getSecretKeyBytes() {
+        if (secretKeyBytes == null) {
+            secretKeyBytes = secretKey.getBytes();
+        }
+        return secretKeyBytes;
     }
 
     public long getTokenValidityInSeconds() {

diff --git a/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java b/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java
@@ -20,6 +20,7 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -69,9 +70,8 @@ public String createToken(String userName) {
         validity = new Date(now + authConfigs.getTokenValidityInSeconds() * 1000L);
 
         Claims claims = Jwts.claims().setSubject(userName);
-
         return Jwts.builder().setClaims(claims).setExpiration(validity)
-                .signWith(SignatureAlgorithm.HS256, authConfigs.getSecretKey()).compact();
+                .signWith(Keys.hmacShaKeyFor(authConfigs.getSecretKeyBytes()), SignatureAlgorithm.HS256).compact();
     }
 
     /**
@@ -81,8 +81,8 @@ public String createToken(String userName) {
      * @return auth info
      */
     public Authentication getAuthentication(String token) {
-
-        Claims claims = Jwts.parser().setSigningKey(authConfigs.getSecretKey()).parseClaimsJws(token).getBody();
+        Claims claims = Jwts.parserBuilder().setSigningKey(authConfigs.getSecretKeyBytes()).build()
+                .parseClaimsJws(token).getBody();
 
         List<GrantedAuthority> authorities = AuthorityUtils
                 .commaSeparatedStringToAuthorityList((String) claims.get(AUTHORITIES_KEY));
@@ -97,6 +97,7 @@ public Authentication getAuthentication(String token) {
      * @param token token
      */
     public void validateToken(String token) {
-        Jwts.parser().setSigningKey(authConfigs.getSecretKey()).parseClaimsJws(token);
+        Jwts.parserBuilder().setSigningKey(authConfigs.getSecretKeyBytes()).build().parseClaimsJws(token);
     }
+
 }