jsonjerseyjwtjax-rs

How to set JWT type in JWT Header

Not able to set the JWT token typ in token header.

This is for making secure API's which I have already developed in JAX-RS. Basically i have generating a token by Jwts.builder() method, and in return i am getting token in APPLICATION_JSON, ant i paste this token at https://jwt.io/ Debugger. So i got to know that there is no token type specified token header, there is only { "alg": "HS512" }

Maybe this could be a reason that I cannot access secured API's. When I try to access secured API's then i got "Signed Claims JWSs are not supported" exception.

private String issueToken(String login, String password) {

        LocalDateTime now = LocalDateTime.now().plusMinutes(10L);
        Instant instant = now.atZone(ZoneId.systemDefault()).toInstant();
        Date jwtExpiry = Date.from(instant);
        
        String jwtToken = Jwts.builder().setSubject(login).setIssuer("XYZ").setIssuedAt(new Date())
                .setExpiration(jwtExpiry).signWith(SignatureAlgorithm.HS512, "secretKey").compact();
        return jwtToken;
}

public class JWTTokenNeededFilter implements ContainerRequestFilter 
{
    public static final Logger logger = Logger.getLogger(JWTTokenNeededFilter.class);

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        String token = requestContext.getHeaderString("userToken");
        if (token == null) {
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }

        try {
            Jwts.parser().setSigningKey("secretKey").parseClaimsJwt(token);

            logger.info("Valid Token " + token);

        } catch (ExpiredJwtException expiredJwtException) {
            logger.info("Token Expires " + expiredJwtException);
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }

        catch (Exception exception) {
            logger.info("Exceptioin " + exception);
            requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }
}

I am expecting token header like this

{ "alg": "HS512", "typ": "JWT" }

Solution

  • You can set using header as explained here : https://github.com/jwtk/jjwt/issues/174

    Header header = Jwts.header();
header.setType("JWT");

    Then set header to builder (I haven't compiled the code)

    private String issueToken(String login, String password) {

    LocalDateTime now = LocalDateTime.now().plusMinutes(10L);
    Instant instant = now.atZone(ZoneId.systemDefault()).toInstant();
    Date jwtExpiry = Date.from(instant);

    Header header = Jwts.header();
    header.setType("JWT");
    //set additional headers
    String jwtToken = 
       Jwts.builder().setHeader((Map<String, Object>) 
        header).setSubject(login).setIssuer("XYZ").setIssuedAt(new 
        Date())
            .setExpiration(jwtExpiry).signWith(SignatureAlgorithm.HS512, 
          "secretKey").compact();
    return jwtToken;
}