Commit d58f42a2 authored by Matija Obreza's avatar Matija Obreza
Browse files

Merge branch '130-jwt-signing-key' into 'master'

Resolve "JWT signing key"

Closes #130

See merge request !127
parents 146a2061 6fb8b223
......@@ -59,6 +59,9 @@ public class OAuth2ServerConfig {
@Value("${default.oauth.refreshToken.validity}")
private int refreshTokenValiditySeconds;
@Value("${default.jwt.signingKey}")
private String jwtSigningKey;
@Autowired
private UserDetailsService userDetailsService;
......@@ -82,7 +85,7 @@ public class OAuth2ServerConfig {
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(APPLICATION_RESOURCE_ID);
converter.setSigningKey(jwtSigningKey);
// This blob is required to convert from JWT token to proper Principal
final DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
......@@ -152,8 +155,7 @@ public class OAuth2ServerConfig {
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
// FIXME This must be a secret!
converter.setSigningKey(APPLICATION_RESOURCE_ID);
converter.setSigningKey(jwtSigningKey);
return converter;
}
......
......@@ -40,6 +40,7 @@ default.oauthclient.clientSecret=my-secret-client
default.oauth.accessToken.validity=21600
default.oauth.refreshToken.validity=604800
default.jwt.signingKey=genesys-catalog
#google properties
google.consumerKey=
......
......@@ -33,6 +33,7 @@ default.oauthclient.clientId=my-trusted-client
default.oauthclient.clientSecret=my-secret-client
default.oauth.accessToken.validity=21600
default.oauth.refreshToken.validity=604800
default.jwt.signingKey=genesys-catalog
# MockMvc printing
spring.test.mockmvc.print=none
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment