New JWT implementation

71097e5d · Manuel Spuhler · 009b96b5 · 71097e5d · 71097e5d
Commit 71097e5d authored 5 years ago by Manuel Spuhler
--- a/pom.xml
+++ b/pom.xml
@@ -294,9 +294,9 @@
            <scope>compile</scope>
        </dependency>
        <dependency>
-            <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt</artifactId>
-            <version>0.9.1</version>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.8.3</version>
        </dependency>
    </dependencies>


--- a/src/main/java/eu/hbp/mip/controllers/JWTApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/JWTApi.java
 package eu.hbp.mip.controllers;

 import static org.springframework.http.MediaType.TEXT_PLAIN_VALUE;
-import java.security.Key;
-import java.util.Date;
-import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.DatatypeConverter;
-import eu.hbp.mip.model.UserInfo;
 import org.slf4j.Logger;
-import eu.hbp.mip.model.User;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import io.jsonwebtoken.*;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.JWT;
+
 import org.springframework.web.bind.annotation.*;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -24,35 +19,17 @@ public class JWTApi {

    private static final Logger LOGGER = LoggerFactory.getLogger(JWTApi.class);

-    @Autowired
-    private UserInfo userInfo;
-
    @ApiOperation(value = "Create a JSON Web Token", response = String.class)
    @RequestMapping(method = RequestMethod.POST)
    public ResponseEntity<String> createJWT() {

        LOGGER.info("Create a JSON Web Token");

-        // SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
-        // String apiKey = "6v2oxpJMzU14U-dqVireln5AUKTtx5fBPSEgaBZiI983d98cfa6";
-        // byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(apiKey);
-        // Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
-
-        long nowMillis = System.currentTimeMillis();
-        Date now = new Date(nowMillis);
-
-        User user = userInfo.getUser();
-
-        // Set the JWT Claims
-        JwtBuilder builder = Jwts.builder().setIssuedAt(now).setIssuer("mip.humanbrainproject.eu")
-                .setSubject(user.getEmail()).signWith(SignatureAlgorithm.HS512,
-                        "hbpSecret");
-
-        String token = builder.compact();
-        LOGGER.info(token);
-        // long expMillis = nowMillis + 86400 * 24;
-        // Date exp = new Date(expMillis);
-        // builder.setExpiration(exp);
+        Algorithm algorithm = Algorithm.HMAC512("secret");
+        String token = JWT.create()
+        .withIssuer("mip.humanbrainproject.eu")
+        .withSubject("subj")
+        .sign(algorithm);

        return ResponseEntity.status(HttpStatus.CREATED).body(token);
    }