Hi Alex
Try to produce SecretKEy not Key
@Produces
@ApplicationScoped
public SecretKEy generate(){
}
@Inject
SecretKey keyforsigning;
Best
Uday
ManageCat, http://www.managecat.com <http://www.managecat.com/>
> On 19 Sep 2015, at 10:33, Alex Soto <[email protected]> wrote:
>
> Hello, I am developing a very simple Java EE application that generates a
> JWT token. Currently I am using JJWT library to generate it. To generate a
> token I need the claims and a key. For generating the key I am using next
> code:
>
> public class SecretKeyProducer {
>
> @Produces
> @ApplicationScoped
> public Key generateJwtSignKey() {
> return MacProvider.generateKey();
> }
>
> }
>
>
> Then I inject the key in the service responsible to create the token:
>
> @Inject
> Key keyForSigning;
>
> public String generateToken(String login) {
> System.out.println(keyForSigning);
> final String token =
> Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256,
> keyForSigning).compact();
> return token;
> }
>
>
> The problem is that next exception is thrown:
>
> java.lang.IllegalArgumentException: MAC signatures must be computed and
> verified using a SecretKey. The specified key of type
> org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a
> SecretKey.
>
> The problem is that JJWT do an instanceof:
>
> public MacSigner(SignatureAlgorithm alg, Key key) {
> super(alg, key);
> Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC
> signature algorithms.");
> if (!(key instanceof SecretKey)) {
> String msg = "MAC signatures must be computed and verified
> using a SecretKey. The specified key of " +
> "type " + key.getClass().getName() + " is not a
> SecretKey.";
> throw new IllegalArgumentException(msg);
> }
> }
>
>
> So is there a way from CDI point of view to fix this?
>
> Thank you very much.
