tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Gumbrecht <agumbre...@tomitribe.com>
Subject Re: CDI proxy and instance of
Date Sat, 19 Sep 2015 10:22:32 GMT
That should work, but what is the use case for injection? To have the 
option to swap out MacProvider.generateKey() with a different impl later?

Another option would be to wrap the generated key payload (algorithm, 
bytes) in your own produced object and create a new SecretKeySpec(bytes, 
algname); in generateToken.

Andy.

On 19/09/2015 10:16, Uday Gire wrote:
> Hi Alex
>
> Try to produce SecretKEy not Key
>
> @Produces
> @ApplicationScoped
> public SecretKEy generate(){
> }
>
> @Inject
> SecretKey keyforsigning;
>
> Best
>
> Uday
> ManageCat, http://www.managecat.com <http://www.managecat.com/>
>
>> On 19 Sep 2015, at 10:33, Alex Soto <asotobu@gmail.com> wrote:
>>
>> Hello, I am developing a very simple Java EE application that generates a
>> JWT token. Currently I am using JJWT library to generate it. To generate a
>> token I need the claims and a key. For generating the key I am using next
>> code:
>>
>> public class SecretKeyProducer {
>>
>>   @Produces
>>   @ApplicationScoped
>>   public Key generateJwtSignKey() {
>>     return MacProvider.generateKey();
>>   }
>>
>> }
>>
>>
>> Then I inject the key in the service responsible to create the token:
>>
>> @Inject
>> Key keyForSigning;
>>
>> public String generateToken(String login) {
>>   System.out.println(keyForSigning);
>>   final String token =
>> Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256,
>> keyForSigning).compact();
>>   return token;
>> }
>>
>>
>> The problem is that next exception is thrown:
>>
>> java.lang.IllegalArgumentException: MAC signatures must be computed and
>> verified using a SecretKey.  The specified key of type
>> org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a
>> SecretKey.
>>
>> The problem is that JJWT do an instanceof:
>>
>> public MacSigner(SignatureAlgorithm alg, Key key) {
>>     super(alg, key);
>>     Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC
>> signature algorithms.");
>>     if (!(key instanceof SecretKey)) {
>>         String msg = "MAC signatures must be computed and verified
>> using a SecretKey.  The specified key of " +
>>                      "type " + key.getClass().getName() + " is not a
>> SecretKey.";
>>         throw new IllegalArgumentException(msg);
>>     }
>> }
>>
>>
>> So is there a way from CDI point of view to fix this?
>>
>> Thank you very much.
>
>
>

-- 
   Andy Gumbrecht
   https://twitter.com/AndyGeeDe
   http://www.tomitribe.com


Mime
View raw message