tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Soto <asot...@gmail.com>
Subject Re: CDI proxy and instance of
Date Sat, 19 Sep 2015 14:35:50 GMT
Thanks Andy, well my idea was to add some CDIsh in jwt. I thought about
wrapping too but I would prefer a more native approach :D but well I am
going to try Uday approach and if not works to wrap

Thank you so much

El ds, 19 set 2015 a les 12:22 Andy Gumbrecht
agumbrecht@tomitribe.com> va escriure:

That should work, but what is the use case for injection? To have the
> option to swap out MacProvider.generateKey() with a different impl later?
>
> Another option would be to wrap the generated key payload (algorithm,
> bytes) in your own produced object and create a new SecretKeySpec(bytes,
> algname); in generateToken.
>
> Andy.
>
> On 19/09/2015 10:16, Uday Gire wrote:
> > Hi Alex
> >
> > Try to produce SecretKEy not Key
> >
> > @Produces
> > @ApplicationScoped
> > public SecretKEy generate(){
> > }
> >
> > @Inject
> > SecretKey keyforsigning;
> >
> > Best
> >
> > Uday
> > ManageCat, http://www.managecat.com <http://www.managecat.com/>
> >
> >> On 19 Sep 2015, at 10:33, Alex Soto <asotobu@gmail.com> wrote:
> >>
> >> Hello, I am developing a very simple Java EE application that generates
> a
> >> JWT token. Currently I am using JJWT library to generate it. To
> generate a
> >> token I need the claims and a key. For generating the key I am using
> next
> >> code:
> >>
> >> public class SecretKeyProducer {
> >>
> >>   @Produces
> >>   @ApplicationScoped
> >>   public Key generateJwtSignKey() {
> >>     return MacProvider.generateKey();
> >>   }
> >>
> >> }
> >>
> >>
> >> Then I inject the key in the service responsible to create the token:
> >>
> >> @Inject
> >> Key keyForSigning;
> >>
> >> public String generateToken(String login) {
> >>   System.out.println(keyForSigning);
> >>   final String token =
> >> Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256,
> >> keyForSigning).compact();
> >>   return token;
> >> }
> >>
> >>
> >> The problem is that next exception is thrown:
> >>
> >> java.lang.IllegalArgumentException: MAC signatures must be computed and
> >> verified using a SecretKey.  The specified key of type
> >> org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a
> >> SecretKey.
> >>
> >> The problem is that JJWT do an instanceof:
> >>
> >> public MacSigner(SignatureAlgorithm alg, Key key) {
> >>     super(alg, key);
> >>     Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC
> >> signature algorithms.");
> >>     if (!(key instanceof SecretKey)) {
> >>         String msg = "MAC signatures must be computed and verified
> >> using a SecretKey.  The specified key of " +
> >>                      "type " + key.getClass().getName() + " is not a
> >> SecretKey.";
> >>         throw new IllegalArgumentException(msg);
> >>     }
> >> }
> >>
> >>
> >> So is there a way from CDI point of view to fix this?
> >>
> >> Thank you very much.
> >
> >
> >
>
> --
>    Andy Gumbrecht
>    https://twitter.com/AndyGeeDe
>    http://www.tomitribe.com
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message