diff --git a/server/build.gradle b/server/build.gradle index 1a0f7640..dd5ed9c9 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -60,6 +60,7 @@ spotless { task createKeys(type: JavaExec) { main = 'dev.findfirst.security.util.KeyGenerator' // Replace with the fully qualified class name of your utility classpath = sourceSets.main.runtimeClasspath + executable = javaToolchains.launcherFor(java.toolchain).get().executablePath } tasks.named("build") { @@ -97,11 +98,11 @@ dependencies { runtimeOnly 'org.flywaydb:flyway-database-postgresql:11.8.1' runtimeOnly 'org.postgresql:postgresql:42.7.5' - runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.11.5' - //implementation 'io.jsonwebtoken:jjwt-api:0.12.6' - //runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6' - runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5' - implementation 'io.jsonwebtoken:jjwt-api:0.11.5' + runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6' + implementation 'io.jsonwebtoken:jjwt-api:0.12.6' + runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6' + //runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5' + //implementation 'io.jsonwebtoken:jjwt-api:0.11.5' annotationProcessor 'org.projectlombok:lombok' diff --git a/server/src/main/java/dev/findfirst/security/jwt/JwtService.java b/server/src/main/java/dev/findfirst/security/jwt/JwtService.java index 77bc0cd1..a501b15d 100644 --- a/server/src/main/java/dev/findfirst/security/jwt/JwtService.java +++ b/server/src/main/java/dev/findfirst/security/jwt/JwtService.java @@ -1,6 +1,7 @@ package dev.findfirst.security.jwt; import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; import java.util.Map; import jakarta.annotation.PostConstruct; @@ -27,6 +28,8 @@ public class JwtService { @Value("${jwt.private.key}") private RSAPrivateKey priv; + @Value("${jwt.public.key}") + private RSAPublicKey pubKey; @Value("${findfirst.app.jwtCookieName}") private String jwtCookie; @@ -37,7 +40,7 @@ public class JwtService { @PostConstruct private void init() { - jwtParser = Jwts.parserBuilder().setSigningKey(priv).build(); + jwtParser = Jwts.parser().verifyWith(pubKey).build(); } public String getJwtFromCookies(HttpServletRequest request) { @@ -47,7 +50,7 @@ public String getJwtFromCookies(HttpServletRequest request) { public Jws parseJwt(String jwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException { - return jwtParser.parseClaimsJws(jwt); + return jwtParser.parseSignedClaims(jwt); } public String getUserNameFromJwtToken(String token) {