tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Soto <asot...@gmail.com>
Subject CDI proxy and instance of
Date Sat, 19 Sep 2015 07:33:00 GMT
Hello, I am developing a very simple Java EE application that generates a
JWT token. Currently I am using JJWT library to generate it. To generate a
token I need the claims and a key. For generating the key I am using next
code:

public class SecretKeyProducer {

  @Produces
  @ApplicationScoped
  public Key generateJwtSignKey() {
    return MacProvider.generateKey();
  }

}


Then I inject the key in the service responsible to create the token:

@Inject
Key keyForSigning;

public String generateToken(String login) {
  System.out.println(keyForSigning);
  final String token =
Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256,
keyForSigning).compact();
  return token;
}


The problem is that next exception is thrown:

java.lang.IllegalArgumentException: MAC signatures must be computed and
verified using a SecretKey.  The specified key of type
org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a
SecretKey.

The problem is that JJWT do an instanceof:

public MacSigner(SignatureAlgorithm alg, Key key) {
    super(alg, key);
    Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC
signature algorithms.");
    if (!(key instanceof SecretKey)) {
        String msg = "MAC signatures must be computed and verified
using a SecretKey.  The specified key of " +
                     "type " + key.getClass().getName() + " is not a
SecretKey.";
        throw new IllegalArgumentException(msg);
    }
}


So is there a way from CDI point of view to fix this?

Thank you very much.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message