7

I am using spring-boot with JWT.

Application.properties

jwt.secret=xyz

Controller.java

@PostMapping(path = "/authenticate")
    public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtRequest authenticationRequest) throws Exception {

        authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());

        final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());

        final String token = jwtTokenUtil.generateToken(userDetails);

        return ResponseEntity.ok(new JwtResponse(token));
    }

JwtTokenUtil.java

    @Value("${jwt.secret}")
    private String secret;
    public String generateToken(UserDetails userDetails) {
            Map<String, Object> claims = new HashMap<>();
            return doGenerateToken(claims, userDetails.getUsername());
        }

        private String doGenerateToken(Map<String, Object> claims, String subject) {

            return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
                    .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY*1000)).signWith(SignatureAlgorithm.HS512, secret).compact();
        }

in the jwtTokenUtil.generateToken code I am getting the following error

ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalArgumentException: secret key byte array cannot be null or empty.] with root cause
java.lang.IllegalArgumentException: secret key byte array cannot be null or empty.
    at io.jsonwebtoken.lang.Assert.notEmpty(Assert.java:204)
    at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:88)
    at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:100)
    at net.javaguides.springboot.helloworldapp.config.JwtTokenUtil.doGenerateToken(JwtTokenUtil.java:66)
    at net.javaguides.springboot.helloworldapp.config.JwtTokenUtil.generateToken(JwtTokenUtil.java:60)
    at net.javaguides.springboot.helloworldapp.controller.BasicAuthController.createAuthenticationToken(BasicAuthController.java:75)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:567)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)

When I have given my credentials I am getting this error. the application is already validated my credentials, but while generating the token I am getting this error.

UPDATE:-

While debugging I have seen the internal code like below

 @Override
    public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) {
        Assert.hasText(base64EncodedSecretKey, "base64-encoded secret key cannot be null or empty.");
        Assert.isTrue(alg.isHmac(), "Base64-encoded key bytes may only be specified for HMAC signatures.  If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead.");
        byte[] bytes = TextCodec.BASE64.decode(base64EncodedSecretKey);
        return signWith(alg, bytes);
    }

In this bytes I am getting null

Improve this question
4
  • 1
    Exception is because the variable 'secret' is null Commented Feb 18, 2020 at 6:47
  • 1
    @jps error message is clear but I am giving the jwt.secret=xyz in application.properties file Commented Feb 18, 2020 at 8:13
  • in your code you just use secret and it's not clear where or how it is defined: signWith(SignatureAlgorithm.HS512, secret). It's a matter of debugging, set a breakpoint and watch your variables. Commented Feb 18, 2020 at 8:31
  • 1
    @jps I have not given the variable diclaration there but in debugging I am getting secret value as xyz, I have edited my question Commented Feb 18, 2020 at 8:33

5 Answers 5

Reset to default
7

I think your key need to be base64 encoded See Source: https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtBuilder.java#L138

Try following:

    private String doGenerateToken(Map<String, Object> claims, String subject) {

String encodedString = Base64.getEncoder().encodeToString(secret.getBytes())
        return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
                .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY*1000)).signWith(SignatureAlgorithm.HS512, encodedString ).compact();
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

7

The secret key is too short. I had the same error and just changing from

jwt.secret=omg

to

jwt.secret=HRlELXqpSB

solved the issue.

Improve this answer

Comments

0

I had the similar issue and my reason was that the code was not able to get secret value, even though it was declared in application properties and i was reading it. After just doing a set of the secret key, it was able to generate token.

Improve this answer

Comments

0

your secret key is too short. please use a long one, like more than 10 characters. then it will be fine.

Improve this answer

Comments

0

@Autowired val tokenUtils = JwtTokenUtil()

if you using this class in another class, check @Autowired. its worked

Improve this answer

1 Comment

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.