This is an automated email from the ASF dual-hosted git repository.
xiaoyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shenyu.git
The following commit(s) were added to refs/heads/master by this push:
new 1aeeef33fa [type:refactor] jwt dependency updated (#5480)
1aeeef33fa is described below
commit 1aeeef33fa027b94e6874b994bfa9690d67caae4
Author: Sinsy <[email protected]>
AuthorDate: Thu Mar 14 20:34:16 2024 +0800
[type:refactor] jwt dependency updated (#5480)
* upgrade: jwt dependency updated
* docs: update LICENSE
* fix: fix ci
* fix: ci error
* fix: ci error
---------
Co-authored-by: moremind <[email protected]>
---
shenyu-dist/shenyu-bootstrap-dist/src/main/release-docs/LICENSE | 6 +++---
shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/pom.xml | 2 +-
.../src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java | 6 +++---
.../test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java | 9 ++++-----
4 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/shenyu-dist/shenyu-bootstrap-dist/src/main/release-docs/LICENSE
b/shenyu-dist/shenyu-bootstrap-dist/src/main/release-docs/LICENSE
index 30e3c069bf..44fd3fd788 100644
--- a/shenyu-dist/shenyu-bootstrap-dist/src/main/release-docs/LICENSE
+++ b/shenyu-dist/shenyu-bootstrap-dist/src/main/release-docs/LICENSE
@@ -322,9 +322,9 @@ The text of each license is the standard Apache 2.0 license.
jetcd-grpc 0.7.3: https://github.com/etcd-io/jetcd, Apache 2.0
jettison 1.4.0: https://github.com/jettison-json/jettison, Apache 2.0
jcommander 1.78:
https://mvnrepository.com/artifact/com.beust/jcommander, Apache 2.0
- jjwt-api 0.11.5: https://jwt.io, Apache 2.0
- jjwt-impl 0.11.5: https://jwt.io, Apache 2.0
- jjwt-jackson 0.11.5: https://jwt.io, Apache 2.0
+ jjwt-api 0.12.3: https://jwt.io, Apache 2.0
+ jjwt-impl 0.12.3: https://jwt.io, Apache 2.0
+ jjwt-jackson 0.12.3: https://jwt.io, Apache 2.0
json-patch 1.9: https://github.com/fge/json-patch, Apache 2.0 and LGPL
json-path 2.7.0: https://github.com/jayway/JsonPath, Apache 2.0
json-smart 2.4.11: https://www.minidev.net/, Apache 2.0
diff --git a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/pom.xml
b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/pom.xml
index 1da79de1d9..188b87ed25 100644
--- a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/pom.xml
+++ b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/pom.xml
@@ -26,7 +26,7 @@
<artifactId>shenyu-plugin-jwt</artifactId>
<properties>
- <jjwt.version>0.11.5</jjwt.version>
+ <jjwt.version>0.12.3</jjwt.version>
</properties>
<dependencies>
diff --git
a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
index 6e95cbdaf8..1977be828f 100644
---
a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
+++
b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/main/java/org/apache/shenyu/plugin/jwt/JwtPlugin.java
@@ -21,6 +21,7 @@ import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
import org.apache.commons.lang3.StringUtils;
import org.apache.shenyu.common.dto.RuleData;
import org.apache.shenyu.common.dto.SelectorData;
@@ -42,7 +43,6 @@ import org.springframework.http.HttpHeaders;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
-import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Objects;
@@ -130,10 +130,10 @@ public class JwtPlugin extends AbstractShenyuPlugin {
if (StringUtils.isEmpty(authorization)) {
return null;
}
- JwtParserBuilder jwtParserBuilder = Jwts.parserBuilder();
+ JwtParserBuilder jwtParserBuilder = Jwts.parser();
JwtParser jwtParser = jwtParserBuilder.build();
if (jwtParser.isSigned(authorization)) {
-
jwtParserBuilder.setSigningKey(secretKey.getBytes(StandardCharsets.UTF_8));
+
jwtParserBuilder.verifyWith(Keys.hmacShaKeyFor(secretKey.getBytes()));
JwtParser jwtParserExec = jwtParserBuilder.build();
Jwt jwt = ThrowingFunction.wrap(() ->
jwtParserExec.parse(authorization));
if (jwt == null) {
diff --git
a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
index 910657d6ba..3c2daf4261 100644
---
a/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
+++
b/shenyu-plugin/shenyu-plugin-security/shenyu-plugin-jwt/src/test/java/org/apache/shenyu/plugin/jwt/JwtPluginTest.java
@@ -19,7 +19,6 @@ package org.apache.shenyu.plugin.jwt;
import com.google.common.collect.ImmutableMap;
import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import org.apache.shenyu.common.dto.PluginData;
import org.apache.shenyu.common.dto.RuleData;
@@ -152,10 +151,10 @@ public final class JwtPluginTest {
Map<String, Object> map = ImmutableMap.<String,
Object>builder().put("userId", 1).build();
String token = Jwts.builder()
- .setIssuedAt(new Date(1636371125000L))
- .setExpiration(new Date())
- .setClaims(map)
-
.signWith(Keys.hmacShaKeyFor(secreteKey.getBytes(StandardCharsets.UTF_8)),
SignatureAlgorithm.HS256)
+ .claims(map)
+ .issuedAt(new Date(1636371125000L))
+ .expiration(new Date(new Date().getTime() + 10000L))
+
.signWith(Keys.hmacShaKeyFor(secreteKey.getBytes(StandardCharsets.UTF_8)))
.compact();
return MockServerWebExchange.from(MockServerHttpRequest
