Update jjwt.version to v0.12.3 (#237)

* Update jjwt.version to v0.12.3

* chore: update jjwt apis

* chore: update jjwt apis

* chore: update jjwt apis

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: hantsy <[email protected]>

pom.xml

@@ -22,7 +22,7 @@
     <properties>
         <java.version>17</java.version>
         <spring-javaformat.version>0.0.39</spring-javaformat.version>
-        <jjwt.version>0.11.5</jjwt.version>
+        <jjwt.version>0.12.3</jjwt.version>
         <maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
         <sonar-maven-plugin.version>3.10.0.2594</sonar-maven-plugin.version>
         <maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>

src/main/java/com/example/demo/security/jwt/JwtTokenProvider.java

@@ -4,8 +4,8 @@
 import io.jsonwebtoken.Jws;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -19,9 +19,9 @@
 import java.util.Base64;
 import java.util.Collection;
 import java.util.Date;
-import jakarta.annotation.PostConstruct;
 import javax.crypto.SecretKey;
 
+import static java.util.stream.Collectors.collectingAndThen;
 import static java.util.stream.Collectors.joining;
 
 @Component
@@ -47,30 +47,32 @@ public String createToken(Authentication authentication) {
         String username = authentication.getName();
         Collection<? extends GrantedAuthority> authorities = authentication
                 .getAuthorities();
-        Claims claims = Jwts.claims().setSubject(username);
+        var  claimsBuilder = Jwts.claims().subject(username);
         if (!authorities.isEmpty()) {
-            claims.put(AUTHORITIES_KEY, authorities.stream()
+            claimsBuilder.add(AUTHORITIES_KEY, authorities.stream()
                     .map(GrantedAuthority::getAuthority).collect(joining(",")));
         }
 
+        var claims = claimsBuilder.build();
+
         Date now = new Date();
         Date validity = new Date(now.getTime() + this.jwtProperties.getValidityInMs());
 
-        return Jwts.builder().setClaims(claims).setIssuedAt(now).setExpiration(validity)
-                .signWith(this.secretKey, SignatureAlgorithm.HS256).compact();
+        return Jwts.builder().claims(claims).issuedAt(now).expiration(validity)
+                .signWith(this.secretKey, Jwts.SIG.HS256).compact();
 
     }
 
     public Authentication getAuthentication(String token) {
-        Claims claims = Jwts.parserBuilder().setSigningKey(this.secretKey).build()
-                .parseClaimsJws(token).getBody();
+        Claims claims = Jwts.parser().verifyWith(this.secretKey).build()
+                .parseSignedClaims(token).getPayload();
 
         Object authoritiesClaim = claims.get(AUTHORITIES_KEY);
 
         Collection<? extends GrantedAuthority> authorities = authoritiesClaim == null
                 ? AuthorityUtils.NO_AUTHORITIES
                 : AuthorityUtils
-                        .commaSeparatedStringToAuthorityList(authoritiesClaim.toString());
+                .commaSeparatedStringToAuthorityList(authoritiesClaim.toString());
 
         User principal = new User(claims.getSubject(), "", authorities);
 
@@ -79,13 +81,12 @@ public Authentication getAuthentication(String token) {
 
     public boolean validateToken(String token) {
         try {
-            Jws<Claims> claims = Jwts.parserBuilder().setSigningKey(this.secretKey)
-                    .build().parseClaimsJws(token);
+            Jws<Claims> claims = Jwts.parser().verifyWith(this.secretKey)
+                    .build().parseSignedClaims(token);
             // parseClaimsJws will check expiration date. No need do here.
-            log.info("expiration date: {}", claims.getBody().getExpiration());
+            log.info("expiration date: {}", claims.getPayload().getExpiration());
             return true;
-        }
-        catch (JwtException | IllegalArgumentException e) {
+        } catch (JwtException | IllegalArgumentException e) {
             log.info("Invalid JWT token: {}", e.getMessage());
             log.trace("Invalid JWT token trace.", e);
         }

src/test/java/com/example/demo/JwtTokenProviderTest.java

@@ -5,7 +5,6 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
 import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.BeforeEach;
@@ -35,7 +34,7 @@ class JwtTokenProviderTest {
     private static final String TEST_ROLE_NAME = "ROLE_USER";
 
     private JwtTokenProvider jwtTokenProvider;
-    private  JwtProperties properties;
+    private JwtProperties properties;
 
     @BeforeEach
     void setup() {
@@ -89,15 +88,15 @@ void testValidateExpirationDate() {
         var secret = Base64.getEncoder().encodeToString(this.properties.getSecretKey().getBytes());
         var secretKey = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
 
-        Claims claims = Jwts.claims().setSubject(TEST_USER);
+        Claims claims = Jwts.claims().subject(TEST_USER).build();
         Date now = new Date();
-        Date validity = new Date(now.getTime() -1);
+        Date validity = new Date(now.getTime() - 1);
 
         var expiredToken = Jwts.builder()
-                .setClaims(claims)
-                .setIssuedAt(now)
-                .setExpiration(validity)
-                .signWith(secretKey, SignatureAlgorithm.HS256)
+                .claims(claims)
+                .issuedAt(now)
+                .expiration(validity)
+                .signWith(secretKey, Jwts.SIG.HS256)
                 .compact();
 
         assertThat(this.jwtTokenProvider.validateToken(expiredToken)).isFalse();