JWT token with spring, for user authentication

Question

JWT token with spring, for user authentication

Asked 6 years, 3 months ago

Viewed 349 times

3

When trying to validate this method: Jws<Claims> parseClaimsJws = setSigningKey.parseClaimsJws(token);, it shows this exception on the screen

JWT signature does not match locally computed signature. 
JWT validity cannot be asserted and should not be trusted.

I need to validate the user token.

Threshing.

When logging in it generates this token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIwMjY3OTUwMDYzNiIsImV4cCI6MTUyMjI3NjMxOX0.XBLiwl94He0ffVkf5TpcBKUob6PotuleSni5Hc9y8anPsES6WSO6f8Ki441UU_HGicyRAXmZKLBXsfQ2okFAqw

When he searches for a country he uses this token, Query made seconds later.

Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIwMjY3OTUwMDYzNiIsImV4cCI6MTUyMjI3NjMxOX0.
XBLiwl94He0ffVkf5TpcBKUob6PotuleSni5Hc9y8anPsES6WSO6f8Ki441UU_HGicyRAXmZKLBXsfQ2okFAqw

When debugging in jwt classes, it gives error in this line in method Defaultjwtsignaturevalidator:

Then jwt has a class and methods to adjust and validate the token.

The problem is he’s stopping this method on this line:

@Override
    public boolean isValid(String jwtWithoutSignature, String base64UrlEncodedSignature) {

        byte[] data = jwtWithoutSignature.getBytes(US_ASCII);

        byte[] signature = TextCodec.BASE64URL.decode(base64UrlEncodedSignature);

        return this.signatureValidator.isValid(data, signature);
    }

The variables date and signatureValidator are different.

Imagery:

The variable jwtWithoutSignature, that arrives in the jwt method, it is not the generated token, only a part.

Error in site validation https://jwt.io/

I changed the description with a debug values where I think the problem is occurring.

– Guilherme

2018/03/29 at 12:35
One more description after debugging more code.

– Guilherme

2018/03/29 at 13:33

1 answer

Browser other questions tagged java spring spring-security

You are not signed in. Login or sign up in order to post.

by Guilherme • **147** points · Answer 1 · 2018-03-29T16:43:51+00:00

Solved.

I did manage.

Thus creating:

 private String token(UsuarioEntity usuario) {
     String token = Jwts.builder().setSubject(usuario.getLogin()).signWith(SignatureAlgorithm.HS512, "usuarioLogado").setExpiration(new Date(System.currentTimeMillis() + 5 * 60 * 1000)).compact();
 }

Searching for the token like this:

 Claims body = null;
 try {
    body = Jwts.parser().setSigningKey("usuarioLogado").parseClaimsJws(token).getBody();
 } catch (Exception e) {
    e.printStackTrace();
 }
 return body;

From what I saw I was generating from one guy and trying to get from another.

Thanks a lot

I don’t know where it’s been solved