Thanks Andy, well my idea was to add some CDIsh in jwt. I thought about wrapping too but I would prefer a more native approach :D but well I am going to try Uday approach and if not works to wrap
Thank you so much El ds, 19 set 2015 a les 12:22 Andy Gumbrecht [email protected]> va escriure: That should work, but what is the use case for injection? To have the > option to swap out MacProvider.generateKey() with a different impl later? > > Another option would be to wrap the generated key payload (algorithm, > bytes) in your own produced object and create a new SecretKeySpec(bytes, > algname); in generateToken. > > Andy. > > On 19/09/2015 10:16, Uday Gire wrote: > > Hi Alex > > > > Try to produce SecretKEy not Key > > > > @Produces > > @ApplicationScoped > > public SecretKEy generate(){ > > } > > > > @Inject > > SecretKey keyforsigning; > > > > Best > > > > Uday > > ManageCat, http://www.managecat.com <http://www.managecat.com/> > > > >> On 19 Sep 2015, at 10:33, Alex Soto <[email protected]> wrote: > >> > >> Hello, I am developing a very simple Java EE application that generates > a > >> JWT token. Currently I am using JJWT library to generate it. To > generate a > >> token I need the claims and a key. For generating the key I am using > next > >> code: > >> > >> public class SecretKeyProducer { > >> > >> @Produces > >> @ApplicationScoped > >> public Key generateJwtSignKey() { > >> return MacProvider.generateKey(); > >> } > >> > >> } > >> > >> > >> Then I inject the key in the service responsible to create the token: > >> > >> @Inject > >> Key keyForSigning; > >> > >> public String generateToken(String login) { > >> System.out.println(keyForSigning); > >> final String token = > >> Jwts.builder().setSubject(login).signWith(SignatureAlgorithm.HS256, > >> keyForSigning).compact(); > >> return token; > >> } > >> > >> > >> The problem is that next exception is thrown: > >> > >> java.lang.IllegalArgumentException: MAC signatures must be computed and > >> verified using a SecretKey. The specified key of type > >> org.apache.webbeans.custom.security.Key$$OwbNormalScopeProxy0 is not a > >> SecretKey. > >> > >> The problem is that JJWT do an instanceof: > >> > >> public MacSigner(SignatureAlgorithm alg, Key key) { > >> super(alg, key); > >> Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC > >> signature algorithms."); > >> if (!(key instanceof SecretKey)) { > >> String msg = "MAC signatures must be computed and verified > >> using a SecretKey. The specified key of " + > >> "type " + key.getClass().getName() + " is not a > >> SecretKey."; > >> throw new IllegalArgumentException(msg); > >> } > >> } > >> > >> > >> So is there a way from CDI point of view to fix this? > >> > >> Thank you very much. > > > > > > > > -- > Andy Gumbrecht > https://twitter.com/AndyGeeDe > http://www.tomitribe.com > >
