From 81e1a90dba44a64924d3550accc9a1c1170253b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A6=82=E6=A2=A6=E6=8A=80=E6=9C=AF?= <596392912@qq.com> Date: Thu, 26 Jun 2025 09:28:16 +0800 Subject: [PATCH] =?UTF-8?q?:arrow=5Fup:=20=E4=BE=9D=E8=B5=96=E5=8D=87?= =?UTF-8?q?=E7=BA=A7=E5=85=BC=E5=AE=B9=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/springblade/core/secure/utils/SecureUtil.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java b/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java index 7595856..faf0ae7 100644 --- a/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java +++ b/blade-core-secure/src/main/java/org/springblade/core/secure/utils/SecureUtil.java @@ -19,6 +19,8 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.security.Keys; +import io.jsonwebtoken.security.MacAlgorithm; import lombok.SneakyThrows; import org.springblade.core.launch.constant.TokenConstant; import org.springblade.core.secure.BladeUser; @@ -399,9 +401,10 @@ public class SecureUtil { */ public static Claims parseJWT(String jsonWebToken) { try { - return Jwts.parserBuilder() - .setSigningKey(Base64.getDecoder().decode(getBase64Security())).build() - .parseClaimsJws(jsonWebToken).getBody(); + return Jwts.parser() + .verifyWith(Keys.hmacShaKeyFor(Base64.getDecoder().decode(getBase64Security()))).build() + .parseSignedClaims(jsonWebToken) + .getPayload(); } catch (Exception ex) { return null; } @@ -430,7 +433,6 @@ public class SecureUtil { if (!validateClient(clientDetails, clientId, clientSecret)) { throw new SecureException("客户端认证失败!"); } - SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis();