diff --git a/datasafe-encryption/datasafe-encryption-impl/pom.xml b/datasafe-encryption/datasafe-encryption-impl/pom.xml
index 3cc2627a9..dc95d9b60 100644
--- a/datasafe-encryption/datasafe-encryption-impl/pom.xml
+++ b/datasafe-encryption/datasafe-encryption-impl/pom.xml
@@ -98,29 +98,24 @@
test-jar
test
-
com.fasterxml.jackson.core
jackson-databind
- ${jackson-databind.version}
test
com.fasterxml.jackson.dataformat
jackson-dataformat-yaml
- ${jackson.version}
test
com.fasterxml.jackson.core
jackson-annotations
- ${jackson.version}
test
com.fasterxml.jackson.core
jackson-core
- ${jackson.version}
test
diff --git a/datasafe-rest-impl/pom.xml b/datasafe-rest-impl/pom.xml
index df7dad36e..666cbd40e 100644
--- a/datasafe-rest-impl/pom.xml
+++ b/datasafe-rest-impl/pom.xml
@@ -15,11 +15,11 @@
3.1.2
2.9.2
- 0.10.5
+ 0.12.4
3.0.0
2.2.4
1.6.0
- 3.0.2
+ 3.0.2
@@ -59,11 +59,6 @@
spring-boot-starter-web
${spring-boot.version}
-
- org.yaml
- snakeyaml
- 2.1
-
org.springframework.boot
spring-boot-starter-actuator
@@ -81,20 +76,11 @@
${spring-boot.version}
true
+
jakarta.validation
jakarta.validation-api
- ${jakarta.validation-api.varsion}
-
-
- com.fasterxml.jackson.core
- jackson-databind
- ${jackson-databind.version}
-
-
- com.fasterxml.jackson.core
- jackson-core
- ${jackson.version}
+ ${jakarta.validation-api.version}
io.jsonwebtoken
diff --git a/datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/JwtAuthorizationFilter.java b/datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/JwtAuthorizationFilter.java
index 592f16087..a444f0423 100644
--- a/datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/JwtAuthorizationFilter.java
+++ b/datasafe-rest-impl/src/main/java/de/adorsys/datasafe/rest/impl/security/JwtAuthorizationFilter.java
@@ -7,6 +7,7 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
@@ -19,9 +20,9 @@
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import javax.crypto.SecretKey;
import java.io.IOException;
import java.util.List;
-import java.util.stream.Collectors;
@Slf4j
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
@@ -74,19 +75,20 @@ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest
private UsernamePasswordAuthenticationToken tryAuthenticate(String token) {
byte[] signingKey = securityProperties.getJwtSecret().getBytes();
+ SecretKey secret = Keys.hmacShaKeyFor(signingKey);
Jws parsedToken = Jwts.parser()
- .setSigningKey(signingKey)
- .parseClaimsJws(token.replace(SecurityConstants.TOKEN_PREFIX, ""));
+ .verifyWith(secret).build()
+ .parseSignedClaims(token.replace(SecurityConstants.TOKEN_PREFIX, ""));
String username = parsedToken
- .getBody()
+ .getPayload()
.getSubject();
- List authorities = ((List) parsedToken.getBody()
+ List authorities = ((List) parsedToken.getPayload()
.get(SecurityConstants.ROLES_NAME)).stream()
.map(authority -> new SimpleGrantedAuthority((String) authority))
- .collect(Collectors.toList());
+ .toList();
if (!Strings.isNullOrEmpty(username)) {
return new UsernamePasswordAuthenticationToken(username, null, authorities);
diff --git a/pom.xml b/pom.xml
index e48bb3c2a..b6588564d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -112,8 +112,7 @@
6.0.11
3.1.2
1.4.4
- 2.12.7
- 2.12.7.1
+ 2.16.1
0.0.9
2.1.1
2.3.1
@@ -334,6 +333,27 @@
jaxb-api
${jaxb-api.version}
+
+ com.fasterxml.jackson.core
+ jackson-core
+ ${jackson.version}
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson.version}
+
+
+ com.fasterxml.jackson.core
+ jackson-annotations
+ ${jackson.version}
+
+
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-yaml
+ ${jackson.version}
+ test
+