1 minute read

기존의 JWT 라이브러리 버전을 0.11.5 → 0.12.6 로 업그레이드 했더니 기존에 소스중에 deprecated 된 것이 있어 수정한다.

// jwt
implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
runtimeOnly  'io.jsonwebtoken:jjwt-impl:0.12.6'
runtimeOnly  'io.jsonwebtoken:jjwt-jackson:0.12.6'

기존 0.11.5 버전 소스에 setClaims, setIssuedAt, setExpiration 은 모두 deprecated 됨

public String createToken(Map<String, Object> claims) {
    String secretKeyEncodeBase64 = Encoders.BASE64.encode(jwtSecretKey.getBytes());
    byte[] keyBytes = Decoders.BASE64.decode(secretKeyEncodeBase64);
    Key key = Keys.hmacShaKeyFor(keyBytes);
    return Jwts.builder()
            .signWith(key)
            .setClaims(claims)
            .setIssuedAt(new Date(System.currentTimeMillis()))
            .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * (accessTokenExpiredMin)))
            .compact();
}

0.12.6 소스에서 (claim, issusedAt, expiration 으로 변경)

public String createToken(Map<String, Object> claims) {
    String secretKeyEncodeBase64 = Encoders.BASE64.encode(jwtSecretKey.getBytes());
    byte[] keyBytes = Decoders.BASE64.decode(secretKeyEncodeBase64);
    Key key = Keys.hmacShaKeyFor(keyBytes);
    return Jwts.builder()
            .signWith(key)
            .claims(claims)
            .issuedAt(new Date(System.currentTimeMillis()))
            .expiration(new Date(System.currentTimeMillis() + 1000 * 60 * (accessTokenExpiredMin))
            .compact();
}

기존 0.11.5 버전 소스 (SignatureAlgorithm, parserBuilder, setSigningKey, parseClaimsJws, getBody) 처리 부분

public JwtResult extractAllClaims(String token) {
    if (StringUtils.isNullOrEmpty(token)) return null;
    SignatureAlgorithm sa = SignatureAlgorithm.HS256;
    SecretKeySpec secretKeySpec = new SecretKeySpec(jwtSecretKey.getBytes(), sa.getJcaName());
    Claims claims;
    JwtResult jwtResult = new JwtResult();
    try {
        claims = Jwts.parserBuilder().setSigningKey(secretKeySpec).build()
                .parseClaimsJws(token).getBody();
        jwtResult.setJwtResultType(JwtResultType.TOKEN_SUCCESS);
        jwtResult.setClaims(claims);
    } catch (ExpiredJwtException e) {
        jwtResult.setJwtResultType(JwtResultType.TOKEN_EXPIRED);
        jwtResult.setClaims(null);
    } catch (JwtException e) {
        jwtResult.setJwtResultType(JwtResultType.TOKEN_INVALID);
        jwtResult.setClaims(null);
    }
    return jwtResult;
}

0.12.6 소스 (parser, verifyWith, parseSignedClaims, getPayload) 로 수정

public JwtResult extractAllClaims(String token) {
    if (StringUtils.isNullOrEmpty(token)) return null;
    byte[] keyBytes = jwtSecretKey.getBytes();
    SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "HmacSHA256");
    Claims claims;
    JwtResult jwtResult = new JwtResult();
    try {
        claims = Jwts.parser().verifyWith(secretKeySpec).build()
                .parseSignedClaims(token).getPayload();
        jwtResult.setJwtResultType(JwtResultType.TOKEN_SUCCESS);
        jwtResult.setClaims(claims);
    } catch (ExpiredJwtException e) {
        jwtResult.setJwtResultType(JwtResultType.TOKEN_EXPIRED);
        jwtResult.setClaims(null);
    } catch (JwtException e) {
        jwtResult.setJwtResultType(JwtResultType.TOKEN_INVALID);
        jwtResult.setClaims(null);
    }
    return jwtResult;
}

Tags:

Categories:

Updated: