Hello, I am developing a very simple Java EE application that generates a
JWT token. Currently I am using JJWT library to generate it. To generate a
token I need the claims and a key. For generating the key I am using next
code:
public class SecretKeyProducer {
@Produces
@ApplicationScoped
public Key generateJwtSignKey() {
return MacProvider.generateKey();
}
}
Then I inject the key in the service responsible to create the token:
@Inject
Key keyForSigning;
public String generateToken(String login) {
System.out.println(keyForSigning);
final String token =
Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256,
keyForSigning).compact();
return token;
}
The problem is that next exception is thrown:
java.lang.IllegalArgumentException: MAC signatures must be computed and
verified using a SecretKey. The specified key of type
org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a
SecretKey.
The problem is that JJWT do an instanceof:
public MacSigner(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC
signature algorithms.");
if (!(key instanceof SecretKey)) {
String msg = "MAC signatures must be computed and verified
using a SecretKey. The specified key of " +
"type " + key.getClass().getName() + " is not a
SecretKey.";
throw new IllegalArgumentException(msg);
}
}
So is there a way from CDI point of view to fix this?
Thank you very much.
