diff --git a/pom.xml b/pom.xml
index 4a73f1eac..dc8f0a5ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
1.2.76
4.1.2
1.7
- 0.9.1
+ 0.11.2
3.4.3
5.6.5
2.2.6.RELEASE
@@ -83,7 +83,17 @@
io.jsonwebtoken
- jjwt
+ jjwt-api
+ ${jwt.version}
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ ${jwt.version}
+
+
+ io.jsonwebtoken
+ jjwt-jackson
${jwt.version}
diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 476a9333d..34b0240fb 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -91,8 +91,8 @@ spring:
token:
# 令牌自定义标识
header: Authorization
- # 令牌密钥
- secret: abcdefghijklmnopqrstuvwxyz
+ # 令牌密钥 HMAC-SHA sha256
+ secret: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890==========
# 令牌有效期(默认30分钟)
expireTime: 30
diff --git a/ruoyi-common/pom.xml b/ruoyi-common/pom.xml
index c6275c250..378d4bcf5 100644
--- a/ruoyi-common/pom.xml
+++ b/ruoyi-common/pom.xml
@@ -74,7 +74,15 @@
io.jsonwebtoken
- jjwt
+ jjwt-api
+
+
+ io.jsonwebtoken
+ jjwt-impl
+
+
+ io.jsonwebtoken
+ jjwt-jackson
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
index 0db777bcc..e8f6667f2 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
@@ -14,10 +14,13 @@ import com.ruoyi.framework.config.properties.TokenProperties;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
+import java.security.Key;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@@ -145,10 +148,9 @@ public class TokenService {
* @return 令牌
*/
private String createToken(Map claims) {
- String token = Jwts.builder()
- .setClaims(claims)
- .signWith(SignatureAlgorithm.HS512, tokenProperties.getSecret()).compact();
- return token;
+ byte[] keyBytes = Decoders.BASE64.decode(tokenProperties.getSecret());
+ Key key = Keys.hmacShaKeyFor(keyBytes);
+ return Jwts.builder().setClaims(claims).signWith(key).compact();
}
/**
@@ -158,10 +160,7 @@ public class TokenService {
* @return 数据声明
*/
private Claims parseToken(String token) {
- return Jwts.parser()
- .setSigningKey(tokenProperties.getSecret())
- .parseClaimsJws(token)
- .getBody();
+ return Jwts.parserBuilder().setSigningKey(tokenProperties.getSecret()).build().parseClaimsJws(token).getBody();
}
/**