JWT token with spring, for user authentication

Question

JWT token with spring, for user authentication

Navigation

#1 by (0 votes)

2

When trying to validate this method: Jws<Claims> parseClaimsJws = setSigningKey.parseClaimsJws(token); , it shows this exception on the screen

JWT signature does not match locally computed signature. 
JWT validity cannot be asserted and should not be trusted.

I need to validate the user's token.

Debugging.

When logged in, it generates this token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIwMjY3OTUwMDYzNiIsImV4cCI6MTUyMjI3NjMxOX0.XBLiwl94He0ffVkf5TpcBKUob6PotuleSni5Hc9y8anPsES6WSO6f8Ki441UU_HGicyRAXmZKLBXsfQ2okFAqw

When he searches for a country he uses this token, Query made seconds later.

Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIwMjY3OTUwMDYzNiIsImV4cCI6MTUyMjI3NjMxOX0.
XBLiwl94He0ffVkf5TpcBKUob6PotuleSni5Hc9y8anPsES6WSO6f8Ki441UU_HGicyRAXmZKLBXsfQ2okFAqw

Whendebugginginjwtclasses,itgiveserrorinthislineintheDefaultJwtSignatureValidatormethod:

Thenjwthasaclassandmethodstoadjustandvalidatethetoken.

Theproblemisthatitisstoppinginthismethodonthisline:

@OverridepublicbooleanisValid(StringjwtWithoutSignature,Stringbase64UrlEncodedSignature){byte[]data=jwtWithoutSignature.getBytes(US_ASCII);byte[]signature=TextCodec.BASE64URL.decode(base64UrlEncodedSignature);returnthis.signatureValidator.isValid(data,signature);}

ThedataandsignatureValidatorvariablesaredifferent.

Images:

ThevariablejwtWithoutSignature,whicharrivesinthejwtmethod,isnotthegeneratedtoken,onlyapart.

Validationerror link

java spring spring-security

asked by anonymous 29.03.2018 / 00:34

1 answer

Creating folder of ASP.NET Core files Persist data in related tables (1 x N)

score 0 · Answer 1

Resolved.

I did.

Creating this:

 private String token(UsuarioEntity usuario) {
     String token = Jwts.builder().setSubject(usuario.getLogin()).signWith(SignatureAlgorithm.HS512, "usuarioLogado").setExpiration(new Date(System.currentTimeMillis() + 5 * 60 * 1000)).compact();
 }

Finding the token like this:

 Claims body = null;
 try {
    body = Jwts.parser().setSigningKey("usuarioLogado").parseClaimsJws(token).getBody();
 } catch (Exception e) {
    e.printStackTrace();
 }
 return body;

From what I saw it was generating from one type and trying to fetch from another.

Thanks for your help

I do not know where the mark was resolved