search

StefanSchubert / sabi

Seawater Aquarium Business Intelligence (sabi) aims to gain knowledge from aquarists for aquarists based on collected seawater parameters.
https://sabi-project.net
MIT License
4 stars 3 forks source link

JWT token is not a valid base 64 encoded string. Problem after migrating to spring6 / spring-boot-starter 3.0.0 #134

Closed StefanSchubert closed 1 year ago

StefanSchubert commented 1 year ago

Describe the bug I start with the migration of sabis server module to spring-boot-starter 3.0.0 which switches to spring6 and moves some of the javax. namespave to jakarta.

This breaks the old io.jsonwebtoken API which is still uses the javax.xml.bind which is no longer there.

I tried to move on by using this here as a replacement:

        <!-- THE NEXT THREE DEPS ARE ONLY FOR JWT HANDLING, THIS SHOULD BE SIMPLYFIED, AS SOON AS
             SPRINGS OWN JWT IS COMPATIBLE WITH SPRIMG 6 -->
        <dependency>
            <!-- https://github.com/auth0/java-jwt -->
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>${auth0.jwt.version}</version>
        </dependency>
        <!-- API, java.xml.bind module -->
        <dependency>
            <groupId>jakarta.xml.bind</groupId>
            <artifactId>jakarta.xml.bind-api</artifactId>
            <version>${jakarta.xml.bind.version}</version>
        </dependency>
        <!-- Runtime, com.sun.xml.bind module -->
        <dependency>
            <groupId>org.glassfish.jaxb</groupId>
            <artifactId>jaxb-runtime</artifactId>
            <version>${glassfish-jaxb.version}</version>
        </dependency>

And rewriting some of my authorization code to match the new API. While the code build I got runtime errors 

Sabi.Service: TokenAuthenticationService could not parse JWT Token!
com.auth0.jwt.exceptions.JWTDecodeException: The input is not a valid base 64 encoded string.
Token was: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZXN0c2VydmljZTFAYmx1ZXdoYWxlLmRlIiwiaXNzIjoiU0FCSS1zZXJ2ZXIgbW9kdWxlIiwiZXhwIjoxNjcwMTUwMzkyfQ.MXInXRP1JDcYwkl3LFz6ZBjGKW9fe3HrSgEew88yjPMR2RMbBHJflyiMbBwommvUZkWPBFtBn5Hv-FYQqLv3EA
    at com.auth0.jwt.JWTDecoder.<init>(JWTDecoder.java:46)
    at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:444)
    at de.bluewhale.sabi.security.TokenAuthenticationService.extractUserFromToken(TokenAuthenticationService.java:102)
    at de.bluewhale.sabi.security.JWTAuthorizationFilter.getAuthentication(JWTAuthorizationFilter.java:73)
    at de.bluewhale.sabi.security.JWTAuthorizationFilter.doFilterInternal(JWTAuthorizationFilter.java:48)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)

To Reproduce Steps to reproduce the behavior:

  1. Clone sabi feature/sabi-85
  2. Run the following JUnit Test: UserProfileControllerTest.java (As of using eclipse link you will have to add a jvm option: -javaagent:/YOUR REPO LOCATION HERE/org/springframework/spring-instrument/6.0.2/spring-instrument-6.0.2.jar
  3. See error

Expected behavior API accepts the token. I placed it also in jwt.io debugger which accepted it and does not complain about base64 problems.

Additional context I asked the Auth0 Community fo help: see https://github.com/auth0/java-jwt/issues/644

StefanSchubert commented 1 year ago

Has been resolved on feature/sabi-85 branch