From 8986a18d1b393dd4f7ff54a44923738c282d671f Mon Sep 17 00:00:00 2001
From: ard333 <ardiansyah@ard333.com>
Date: Tue, 25 Dec 2018 14:35:50 +0700
Subject: [PATCH] update spring boot and jjwt version

---
 .gitignore                                    |  5 +++-
 pom.xml                                       | 24 ++++++++++++++-----
 .../rest/AuthenticationREST.java              |  2 +-
 .../security/JWTUtil.java                     |  6 ++---
 .../security/WebSecurityConfig.java           |  2 +-
 src/main/resources/application.properties     |  3 ++-
 6 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index 265b65a..4b06616 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,4 +23,7 @@
 /dist/
 /nbdist/
 /.nb-gradle/
-nbactions.xml
\ No newline at end of file
+nbactions.xml
+
+# VS Code #
+.vscode
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 9620ac0..ff6fc6d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.0.0.RELEASE</version>
+		<version>2.1.1.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
@@ -33,15 +33,27 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-webflux</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jsonwebtoken</groupId>
-			<artifactId>jjwt</artifactId>
-			<version>0.7.0</version>
-		</dependency>
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.10.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.10.5</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.10.5</version>
+			<scope>runtime</scope>
+		</dependency>
 
 
 		<dependency>
diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/rest/AuthenticationREST.java b/src/main/java/com/ard333/springbootwebfluxjjwt/rest/AuthenticationREST.java
index ac3fa1c..42ecf88 100644
--- a/src/main/java/com/ard333/springbootwebfluxjjwt/rest/AuthenticationREST.java
+++ b/src/main/java/com/ard333/springbootwebfluxjjwt/rest/AuthenticationREST.java
@@ -30,7 +30,7 @@ public class AuthenticationREST {
 	@Autowired
 	private UserService userRepository;
 
-	@RequestMapping(value = "login", method = RequestMethod.POST)
+	@RequestMapping(value = "/login", method = RequestMethod.POST)
 	public Mono<ResponseEntity<?>> login(@RequestBody AuthRequest ar) {
 		return userRepository.findByUsername(ar.getUsername()).map((userDetails) -> {
 			if (passwordEncoder.encode(ar.getPassword()).equals(userDetails.getPassword())) {
diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/security/JWTUtil.java b/src/main/java/com/ard333/springbootwebfluxjjwt/security/JWTUtil.java
index 228890a..adacec5 100644
--- a/src/main/java/com/ard333/springbootwebfluxjjwt/security/JWTUtil.java
+++ b/src/main/java/com/ard333/springbootwebfluxjjwt/security/JWTUtil.java
@@ -2,6 +2,7 @@ package com.ard333.springbootwebfluxjjwt.security;
 
 import com.ard333.springbootwebfluxjjwt.model.User;
 import java.io.Serializable;
+import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -27,7 +28,7 @@ public class JWTUtil implements Serializable {
 	private String expirationTime;
 	
 	public Claims getAllClaimsFromToken(String token) {
-		return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+		return Jwts.parser().setSigningKey(Base64.getEncoder().encodeToString(secret.getBytes())).parseClaimsJws(token).getBody();
 	}
 	
 	public String getUsernameFromToken(String token) {
@@ -46,7 +47,6 @@ public class JWTUtil implements Serializable {
 	public String generateToken(User user) {
 		Map<String, Object> claims = new HashMap<>();
 		claims.put("role", user.getRoles());
-		claims.put("enable", user.getEnabled());
 		return doGenerateToken(claims, user.getUsername());
 	}
 
@@ -60,7 +60,7 @@ public class JWTUtil implements Serializable {
 				.setSubject(username)
 				.setIssuedAt(createdDate)
 				.setExpiration(expirationDate)
-				.signWith(SignatureAlgorithm.HS512, secret)
+				.signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString(secret.getBytes()))
 				.compact();
 	}
 	
diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java b/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
index 148752f..add99f4 100644
--- a/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
+++ b/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
@@ -31,7 +31,7 @@ public class WebSecurityConfig {
 				.securityContextRepository(securityContextRepository)
 				.authorizeExchange()
 				.pathMatchers(HttpMethod.OPTIONS).permitAll()
-				.pathMatchers("/auth").permitAll()
+				.pathMatchers("/login").permitAll()
 				.anyExchange().authenticated()
 				.and().build();
 		
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 7c37487..662a749 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,5 +1,6 @@
 springbootwebfluxjjwt.password.encoder.secret=mysecret
 springbootwebfluxjjwt.password.encoder.iteration=33
 springbootwebfluxjjwt.password.encoder.keylength=256
-springbootwebfluxjjwt.jjwt.secret=mysecret
+
+springbootwebfluxjjwt.jjwt.secret=ThisIsSecretForJWTHS512SignatureAlgorithmThatMUSTHave512bitsKeySize
 springbootwebfluxjjwt.jjwt.expiration=28800
\ No newline at end of file