[ISSUE #3600] Replace the deprecated api of jwt (#3616)

* replace the deprecated api of jwt * transfer secretKey to byte array just using String encode with utf-8
2020-08-18 09:23:04 +08:00 · 2020-08-18 09:23:04 +08:00 · a041c8ef58
commit a041c8ef58
parent c7251a144a
2 changed files with 16 additions and 7 deletions
--- a/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
+++ b/auth/src/main/java/com/alibaba/nacos/auth/common/AuthConfigs.java
@ -48,6 +48,11 @@ public class AuthConfigs {
    @Value("${nacos.core.auth.default.token.secret.key:}")
    private String secretKey;
    
+    /**
+     * secret key byte array.
+     */
+    private byte[] secretKeyBytes;
+    
    /**
     * Token validity time(seconds).
     */
@ -60,8 +65,11 @@ public class AuthConfigs {
    @Value("${nacos.core.auth.system.type:}")
    private String nacosAuthSystemType;
    
-    public String getSecretKey() {
-        return secretKey;
+    public byte[] getSecretKeyBytes() {
+        if (secretKeyBytes == null) {
+            secretKeyBytes = secretKey.getBytes();
+        }
+        return secretKeyBytes;
    }
    
    public long getTokenValidityInSeconds() {
--- a/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java
+++ b/console/src/main/java/com/alibaba/nacos/console/security/nacos/JwtTokenManager.java
@ -20,6 +20,7 @@ import com.alibaba.nacos.auth.common.AuthConfigs;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@ -69,9 +70,8 @@ public class JwtTokenManager {
        validity = new Date(now + authConfigs.getTokenValidityInSeconds() * 1000L);
        
        Claims claims = Jwts.claims().setSubject(userName);
-        
        return Jwts.builder().setClaims(claims).setExpiration(validity)
-                .signWith(SignatureAlgorithm.HS256, authConfigs.getSecretKey()).compact();
+                .signWith(Keys.hmacShaKeyFor(authConfigs.getSecretKeyBytes()), SignatureAlgorithm.HS256).compact();
    }
    
    /**
@ -81,8 +81,8 @@ public class JwtTokenManager {
     * @return auth info
     */
    public Authentication getAuthentication(String token) {
-
-        Claims claims = Jwts.parser().setSigningKey(authConfigs.getSecretKey()).parseClaimsJws(token).getBody();
+        Claims claims = Jwts.parserBuilder().setSigningKey(authConfigs.getSecretKeyBytes()).build()
+                .parseClaimsJws(token).getBody();
        
        List<GrantedAuthority> authorities = AuthorityUtils
                .commaSeparatedStringToAuthorityList((String) claims.get(AUTHORITIES_KEY));
@ -97,6 +97,7 @@ public class JwtTokenManager {
     * @param token token
     */
    public void validateToken(String token) {
-        Jwts.parser().setSigningKey(authConfigs.getSecretKey()).parseClaimsJws(token);
+        Jwts.parserBuilder().setSigningKey(authConfigs.getSecretKeyBytes()).build().parseClaimsJws(token);
    }
+    
 }