GOOGLE ADS

lunes, 18 de abril de 2022

¿Por qué obtengo una excepción "io.jsonwebtoken.ExpiredJwtException"?

Tengo un problema con mi aplicación Spring Security JWT. Recibo un error porque mi JWT está vencido, pero no puedo encontrar dónde obtiene el 2022-04-12 como fecha de vencimiento. No puedo encontrar una sola pieza de código, que dice que la fecha de vencimiento es el 2022-04-12. Según tengo entendido, está creando un nuevo token, cada vez que inicio sesión con un nuevo tiempo de vencimiento, lo que también debe ser cierto, porque en mi salida obtengo un nuevo token cada vez. Pero debido a que el 2022-04-12 ya pasó, recibo una "io.jsonwebtoken.ExpiredJwtException". Entonces, ¿de dónde obtiene el 2022-04-12? Solo estoy proporcionando las partes de mi código, creo que son necesarias, pero si necesita más código, ¡hágamelo saber! (Estoy usando Spring Security, si eso importa)

Filtrar:

package de.gabriel.springsecurityjwt.filters;
import de.gabriel.springsecurityjwt.services.MyUserDetailsService;
import de.gabriel.springsecurityjwt.util.JwtUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
 @Autowired
 private MyUserDetailsService userDetailsService;
 @Autowired
 private JwtUtil jwtUtil;
 @Override
 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
 throws ServletException, IOException {
 final String authorizationHeader = request.getHeader("Authorization");
 String username = null;
 String jwt = null;
 if (authorizationHeader!= null && authorizationHeader.startsWith("Bearer ")) {
 jwt = authorizationHeader.substring(7);
 username = jwtUtil.extractUsername(jwt);
 }
 if (username!= null && SecurityContextHolder.getContext().getAuthentication() == null) {
 UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
 if (jwtUtil.validateToken(jwt, userDetails)) { // If token is valid
 UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
  userDetails, null, userDetails.getAuthorities());
 usernamePasswordAuthenticationToken
 .setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
 SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
 }
 }
 chain.doFilter(request, response);
 }
}

Clase de utilidad para JWT:

package de.gabriel.springsecurityjwt.util;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
@Service
public class JwtUtil { // JwtUtil is a class that is used to create and parse JWT tokens
 private final String SECRET_KEY = "secret";
 public String extractUsername(String token) {
 return extractClaim(token, Claims::getSubject);
 }
 public Date extractExpiration(String token) {
 return extractClaim(token, Claims::getExpiration);
 }
 public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
 final Claims claims = extractAllClaims(token);
 return claimsResolver.apply(claims);
 }
 private Claims extractAllClaims(String token) {
 return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
 }
 private Boolean isTokenExpired(String token) {
 return extractExpiration(token).before(new Date());
 }
 public String generateToken(UserDetails userDetails) {
 Map<String, Object> claims = new HashMap<>();
 return createToken(claims, userDetails.getUsername());
 }
 private String createToken(Map<String, Object> claims, String subject) {
 return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
.signWith(SignatureAlgorithm.HS256, SECRET_KEY).compact();
 }
 public Boolean validateToken(String token, UserDetails userDetails) {
 final String username = extractUsername(token);
 return (username.equals(userDetails.getUsername()) &&!isTokenExpired(token));
 }
}

Clase de controlador de descanso:

package de.gabriel.springsecurityjwt;
import de.gabriel.springsecurityjwt.models.AuthenticationRequest;
import de.gabriel.springsecurityjwt.models.AuthenticationResponse;
import de.gabriel.springsecurityjwt.services.MyUserDetailsService;
import de.gabriel.springsecurityjwt.util.JwtUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.Date;
@RestController
public class HelloResource {
 @Autowired
 private AuthenticationManager authenticationManager;
 @Autowired
 private JwtUtil jwtTokenUtil;
 @Autowired
 private MyUserDetailsService userDetailsService;
 @RequestMapping( "/hello" )
 public String hello() {
 return "Hello World";
 }
 @RequestMapping(value = "/authenticate", method = RequestMethod.POST)
 public ResponseEntity<?> createAuthenticationToken(@RequestBody AuthenticationRequest authenticationRequest) throws Exception {
 try {
 authenticationManager.authenticate(
  new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword())
 );
 }
 catch (BadCredentialsException e) {
 throw new Exception("Incorrect username or password", e);
 }
 final UserDetails userDetails = userDetailsService
.loadUserByUsername(authenticationRequest.getUsername());
 final String jwt = jwtTokenUtil.generateToken(userDetails);
 return ResponseEntity.ok(new AuthenticationResponse(jwt)); // Return token
 }
}

Clase de configurador de seguridad:

package de.gabriel.springsecurityjwt;
import de.gabriel.springsecurityjwt.filters.JwtRequestFilter;
import de.gabriel.springsecurityjwt.services.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
 @Autowired
 private UserDetailsService myUserDetailsService;
 @Autowired
 private JwtRequestFilter jwtRequestFilter;
 @Autowired
 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 auth.userDetailsService(myUserDetailsService);
 }
 @Bean
 public PasswordEncoder passwordEncoder() {
 return NoOpPasswordEncoder.getInstance();
 }
 @Override
 @Bean
 public AuthenticationManager authenticationManagerBean() throws Exception {
 return super.authenticationManagerBean();
 }
 @Override
 protected void configure(HttpSecurity httpSecurity) throws Exception {
 httpSecurity.csrf().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll().
 anyRequest().authenticated().and().
 exceptionHandling().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
 }
}

Aquí está el registro de errores:

io.jsonwebtoken.ExpiredJwtException: JWT expired at 2022-04-12T21:27:05Z. Current time: 2022-04-14T22:20:23Z, a difference of 175998276 milliseconds. Allowed clock skew: 0 milliseconds.
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:385) ~[jjwt-0.9.1.jar:0.9.1]
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.1.jar:0.9.1]
 at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.1.jar:0.9.1]
 at de.gabriel.springsecurityjwt.util.JwtUtil.extractAllClaims(JwtUtil.java:31) ~[classes/:na]
 at de.gabriel.springsecurityjwt.util.JwtUtil.extractClaim(JwtUtil.java:27) ~[classes/:na]
 at de.gabriel.springsecurityjwt.util.JwtUtil.extractUsername(JwtUtil.java:19) ~[classes/:na]
 at de.gabriel.springsecurityjwt.filters.JwtRequestFilter.doFilterInternal(JwtRequestFilter.java:41) ~[classes/:na]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.2.jar:5.6.2]
 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.18.jar:5.3.18]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.18.jar:5.3.18]
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.60.jar:9.0.60]
 at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]

Este es el token utilizado:

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJmb28iLCJleHAiOjE2NTAwMDIyOTEsImlhdCI6MTY0OTk2NjI5MX0.tzfB0Wy9Dp3Y9pl-5_Oc4gwPClOHlIjE8kHUcgvKhUs

Y este es el token (carga útil) decodificado:

{
 "sub": "foo",
 "exp": 1650002291, (2022-04-15)
 "iat": 1649966291
}

Esta es una
imagen del JWT decodificado de jwt.io

Y esta es la solicitud que uso


Solución del problema

Cometí un error al enviar la solicitud en Postman. En lugar de pasar el JWT en el encabezado, lo pasé como un parámetro, que por supuesto no funcionará porque no tengo nada que extraiga el JWT de la URL.

a la/s

No hay comentarios.:

Publicar un comentario

Suscribirse a: Comentarios de la entrada (Atom)

Flutter: error de rango al acceder a la respuesta JSON

Estoy accediendo a una respuesta JSON con la siguiente estructura. { "fullName": "FirstName LastName", "listings...