I am trying to learn the Spring Security part and use a JWT token with Spring using the 'Jwts' library 0.12.5.
I was following a tutorial which presented this way:
private Claims extractAllClaims(String token){
return Jwts.parser()
.setSigningKey(getSignInKey())
.build()
.parseSignedClaims(token)
.getBody();
}
private Key getSignInKey(){
byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
return Keys.hmacShaKeyFor(keyBytes);
}
I saw the fact that 'getBody', 'parseSignedClaims' and 'setSigningKey' were deprecated, and I have tried to adapt to this:
private Claims extractAllClaims(String token){
return Jwts.parser()
.setSigningKey(getSignInKey())
.build()
.parseSignedClaims(token)
.getPayload();
}
private Key getSignInKey(){
byte[] keyBytes = Decoders.BASE64.decode(SECRET_KEY);
return Keys.hmacShaKeyFor(keyBytes);
}
But I still use the 'setSigningKey'. I saw some old questions from the stack, but all of them contain deprecated parts. What is a better way to do it?
Thank you for your time!
to get claims
private Claims extractAllClaims(String token){
return Jwts.parser()
.verifyWith(getSignInKey())
.build()
.parseSignedClaims(token)
.getPayload();
}
to generate token
public String generateToken(UserDetails userDetails) {
return Jwts.builder()
.subject(userDetails.getUsername())
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + TOKEN_VALIDITY))
.signWith(getSignInKey())
.compact();
}
getSignInKey
private SecretKey getSignInKey() {
byte[] bytes = Base64.getDecoder()
.decode(SECRET_KEY.getBytes(StandardCharsets.UTF_8));
return new SecretKeySpec(bytes, "HmacSHA256"); }