Creating a Spring Security Key for Signing a JWT Token

Author: Michaelin007

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java

@@ -6,6 +6,7 @@
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
 import org.slf4j.Logger;
@@ -14,6 +15,7 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
+import javax.crypto.SecretKey;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.Date;
@@ -28,15 +30,17 @@ public class JwtUtils {
     @Value("${baeldung.app.jwtExpirationMs}")
     private int jwtExpirationMs;
 
+    SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtSecret));
+
     public String generateJwtToken(Authentication authentication) {
 
         UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
 
         return Jwts.builder()
-          .subject((userPrincipal.getUsername()))
-          .issuedAt(new Date())
-          .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
-            .signWith(getSigningKey())
+            .subject((userPrincipal.getUsername()))
+            .issuedAt(new Date())
+            .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
+            .signWith(key)
             .compact();
 
     }
@@ -48,18 +52,18 @@ private Key getSigningKey() {
 
     public String getUserNameFromJwtToken(String token) {
         return Jwts.parser()
-          .setSigningKey(getSigningKey())
-          .build()
-          .parseSignedClaims(token)
-          .getPayload()
+            .verifyWith(key)
+            .build()
+            .parseSignedClaims(token)
+            .getPayload()
             .getSubject();
 
     }
 
     public boolean validateJwtToken(String authToken) {
         try {
             Jwts.parser()
-                .setSigningKey(getSigningKey())
+                . verifyWith(key)
                 .build()
                 .parseSignedClaims(authToken);
             return true;

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/response/JwtResponse.java

@@ -27,22 +27,6 @@ public void setTokenType(String tokenType) {
         this.type = tokenType;
     }
 
-    public String getToken() {
-        return token;
-    }
-
-    public void setToken(String token) {
-        this.token = token;
-    }
-
-    public String getType() {
-        return type;
-    }
-
-    public void setType(String type) {
-        this.type = type;
-    }
-
     public String getUsername() {
         return username;
     }

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/securityconfig/SecurityConfiguration.java

@@ -33,7 +33,7 @@ public class SecurityConfiguration {
     @Autowired
     private AuthEntryPointJwt unauthorizedHandler;
 
-    private static final String[] WHITE_LIST_URL = { "/h2-console/**","/signin", "/signup", "/user-dashboard" };
+    private static final String[] WHITE_LIST_URL = { "/h2-console/**", "/signin", "/signup", "/user-dashboard" };
 
     @Bean
     public AuthTokenFilter authenticationJwtTokenFilter() {