Jwt

jwt.security.key

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizeFilter': Invocation of init method failed; nested exception is io.jsonwebtoken.security.WeakKeyException: The specified key byte array is 232 bits which is not secure enough for any JWT HMAC-SHA algorithm.  The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HMAC-SHA algorithms MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size).  Consider using the io.jsonwebtoken.security.Keys#secretKeyFor(SignatureAlgorithm) method to create a key guaranteed to be secure enough for your preferred HMAC-SHA algorithm.  See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.

出在 base64Secret 的长度不够,导致在创建 HMAC-SHA 签名密钥时抛出了 WeakKeyException。HMAC-SHA 算法要求密钥长度至少为 256 位 (32 字节)。你可以使用更长的密钥或者生成一个新的密钥来解决这个问题。

import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;

// 生成一个新的 256 位密钥
Key key = Keys.secretKeyFor(SignatureAlgorithm.HS256);
String base64EncodedKey = Base64.getEncoder().encodeToString(key.getEncoded());

// 打印或存储密钥以供使用
System.out.println("Base64 Encoded Key: " + base64EncodedKey);

jwt:
  secret: cTce+fPOxFLntX3Ie+gHTYwPEcQzJU7dWSiRhAW1Pxg=
  ttl: 36000000

記得去掉Bearer

private String getJwtToken(String header) {
    if (header != null && header.startsWith("Bearer ")) {
        return header.substring(7);
    }
    return null;
}