From 0eb812c19beab8f1d6ade974534c896e7d037bb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=91=A8=E7=AB=9E=E7=94=B1?= <1193626695@qq.com> Date: Tue, 9 Dec 2025 16:19:52 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AF=86=E9=92=A5=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../water/security/JwtTokenProvider.java | 35 ++++++++++++++++--- src/main/resources/application.yml | 5 ++- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/campus/water/security/JwtTokenProvider.java b/src/main/java/com/campus/water/security/JwtTokenProvider.java index 8da2229..5f930c3 100644 --- a/src/main/java/com/campus/water/security/JwtTokenProvider.java +++ b/src/main/java/com/campus/water/security/JwtTokenProvider.java @@ -2,6 +2,7 @@ package com.campus.water.security; import io.jsonwebtoken.*; +import io.jsonwebtoken.security.Keys; import jakarta.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.Authentication; @@ -9,6 +10,8 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; +import javax.crypto.SecretKey; +import java.nio.charset.StandardCharsets; import java.util.Date; /** @@ -23,6 +26,16 @@ public class JwtTokenProvider { @Value("${jwt.expiration}") private long jwtExpirationMs; + // 生成符合HS512要求的密钥(512位以上) + private SecretKey getSigningKey() { + // 确保密钥长度至少64字节(512位) + byte[] keyBytes = jwtSecret.getBytes(StandardCharsets.UTF_8); + if (keyBytes.length < 64) { + throw new IllegalArgumentException("JWT密钥长度不足,HS512算法需要至少64字节的密钥"); + } + return Keys.hmacShaKeyFor(keyBytes); + } + /** * 生成JWT令牌 */ @@ -33,7 +46,7 @@ public class JwtTokenProvider { .claim("roles", userPrincipal.getAuthorities().toString()) .setIssuedAt(new Date()) .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)) - .signWith(SignatureAlgorithm.HS512, jwtSecret) + .signWith(getSigningKey(), SignatureAlgorithm.HS512) // 使用安全密钥 .compact(); } @@ -46,7 +59,7 @@ public class JwtTokenProvider { .claim("roles", role) .setIssuedAt(new Date()) .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)) - .signWith(SignatureAlgorithm.HS512, jwtSecret) + .signWith(getSigningKey(), SignatureAlgorithm.HS512) // 使用安全密钥 .compact(); } @@ -54,14 +67,23 @@ public class JwtTokenProvider { * 从令牌中获取用户名 */ public String getUsernameFromJwtToken(String token) { - return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject(); + return Jwts.parserBuilder() + .setSigningKey(getSigningKey()) // 使用安全密钥 + .build() + .parseClaimsJws(token) + .getBody() + .getSubject(); } /** * 从令牌中获取角色 */ public String getRoleFromJwtToken(String token) { - Claims claims = Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody(); + Claims claims = Jwts.parserBuilder() + .setSigningKey(getSigningKey()) // 使用安全密钥 + .build() + .parseClaimsJws(token) + .getBody(); return claims.get("roles", String.class); } @@ -70,7 +92,10 @@ public class JwtTokenProvider { */ public boolean validateJwtToken(String authToken) { try { - Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken); + Jwts.parserBuilder() + .setSigningKey(getSigningKey()) // 使用安全密钥 + .build() + .parseClaimsJws(authToken); return true; } catch (SignatureException | MalformedJwtException | ExpiredJwtException | UnsupportedJwtException | IllegalArgumentException e) { return false; diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 06dfbac..948eb44 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -2,10 +2,9 @@ mqtt: enabled: true # 是否启用 MQTT 客户端 -# JWT 配置 jwt: - secret: campusWaterSystem2024SecretKey!@# # 替换为实际密钥 - expiration: 86400000 # 24小时有效期(毫秒) + secret: "789&kLp23$87bnM90!789poI87&90lkJ78*90jhG78!90fdS78%90saD78^90xcV78&90zbN78!这是安全密钥1234567890" + expiration: 86400000 # Spring 核心配置:允许 Bean 定义覆盖(解决 Bean 重复定义冲突) spring: