Creating a Spring Security Key for Signing a JWT Token

Author: Michaelin007

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java

@@ -16,8 +16,6 @@
 import org.springframework.stereotype.Component;
 
 import javax.crypto.SecretKey;
-import java.nio.charset.StandardCharsets;
-import java.security.Key;
 import java.util.Date;
 
 @Component
@@ -30,8 +28,6 @@ public class JwtUtils {
     @Value("${baeldung.app.jwtExpirationMs}")
     private int jwtExpirationMs;
 
-    SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtSecret));
-
     public String generateJwtToken(Authentication authentication) {
 
         UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
@@ -40,19 +36,19 @@ public String generateJwtToken(Authentication authentication) {
             .subject((userPrincipal.getUsername()))
             .issuedAt(new Date())
             .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
-            .signWith(key)
+            .signWith(getSigningKey())
             .compact();
 
     }
 
-    private Key getSigningKey() {
-        byte[] keyBytes = this.jwtSecret.getBytes(StandardCharsets.UTF_8);
+    private SecretKey getSigningKey() {
+        byte[] keyBytes = Decoders.BASE64.decode(jwtSecret);
         return Keys.hmacShaKeyFor(keyBytes);
     }
 
     public String getUserNameFromJwtToken(String token) {
         return Jwts.parser()
-            .verifyWith(key)
+            .verifyWith(getSigningKey())
             .build()
             .parseSignedClaims(token)
             .getPayload()
@@ -63,7 +59,7 @@ public String getUserNameFromJwtToken(String token) {
     public boolean validateJwtToken(String authToken) {
         try {
             Jwts.parser()
-                . verifyWith(key)
+                .verifyWith(getSigningKey())
                 .build()
                 .parseSignedClaims(authToken);
             return true;