A模块调用B模块时,总提示"JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."
信息如下:
[0;39m[31m2022-03-24 15:12:23[0;39m [32m[http-nio-8002-exec-2][0;39m [1;31mERROR[0;39m [1;35mo.a.c.c.C.[.[.[.[dispatcherServlet].log 175[0;39m - [33mServlet.service() for servlet [dispatcherServlet] in context with path [/zex-weixin] threw exception
[0;39mio.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:354)
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
at com.zex.modules.security.utils.JwtTokenUtil.getAllClaimsFromToken(JwtTokenUtil.java:55)
at com.zex.modules.security.utils.JwtTokenUtil.getClaimFromToken(JwtTokenUtil.java:48)
at com.zex.modules.security.utils.JwtTokenUtil.getIssuedAtDateFromToken(JwtTokenUtil.java:40)
at com.zex.modules.security.utils.JwtTokenUtil.validateToken(JwtTokenUtil.java:121)
at com.zex.modules.security.security.JwtAuthorizationTokenFilter.doFilterInternal(JwtAuthorizationTokenFilter.java:59)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$
查了一圈~~
原因:登录模块创建token的secret key与当前需要验证token的模块的secret key 不一致。
尝试解决:使两个模块的application.yml中设置的jwt secret key一致。
但是,依旧提示"JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."
继续跟开发沟通,反馈测试环境是正常的,生产环境才报错!
尝试直接拷贝测试环境的application-video-prod.yml配置文件过来替换生产环境application-prod.yml(当然修改了相关参数,但没动到jwt的参数)
#jwt
jwt:
header: Authorization
secret: mySecret
结果居然正常了!!!
diff检查两个配置文件,内容完全一致
检查编码也一致…
猜测,jwt.secret: mySecret格式要求比较高,最好在编译前就定义好,后续再修改,认证可能会出现异常。