From efb9b49d5c264604f3dc79e8fd6e9fc9fa4b9f68 Mon Sep 17 00:00:00 2001
From: chenqi <chen.qi@jin-group.cn>
Date: Fri, 5 Jun 2026 09:17:13 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E6=9B=B4=E6=96=B0JWT?=
 =?UTF-8?q?=E4=BE=9D=E8=B5=96=E7=89=88=E6=9C=AC=E5=B9=B6=E9=87=8D=E6=9E=84?=
 =?UTF-8?q?=E4=BB=A4=E7=89=8C=E6=9C=8D=E5=8A=A1=E5=AE=9E=E7=8E=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 将JWT版本从0.9.1升级到0.12.6
- 拆分jjwt依赖为api、impl和jackson三个独立模块
- 使用Keys.hmacShaKeyFor替换SignatureAlgorithm.HS512进行签名
- 使用UTF-8编码处理密钥字符串
- 重构令牌创建和解析方法以适配新版本API
- 添加运行时作用域配置以优化依赖加载
---
 openhis-server-new/core-common/pom.xml        | 16 +++++++++++---
 .../framework/web/service/TokenService.java   |  7 +++---
 openhis-server-new/pom.xml                    | 22 ++++++++++++++-----
 3 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/openhis-server-new/core-common/pom.xml b/openhis-server-new/core-common/pom.xml
index baf4d8166..51ebf5eb1 100755
--- a/openhis-server-new/core-common/pom.xml
+++ b/openhis-server-new/core-common/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -142,7 +142,17 @@
         <!-- Token生成与解析-->
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
-            <artifactId>jjwt</artifactId>
+            <artifactId>jjwt-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <scope>runtime</scope>
         </dependency>
 
         <!-- Jaxb -->
@@ -189,4 +199,4 @@
 
     </dependencies>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/openhis-server-new/core-framework/src/main/java/com/core/framework/web/service/TokenService.java b/openhis-server-new/core-framework/src/main/java/com/core/framework/web/service/TokenService.java
index f2d4ae845..fc6b63321 100755
--- a/openhis-server-new/core-framework/src/main/java/com/core/framework/web/service/TokenService.java
+++ b/openhis-server-new/core-framework/src/main/java/com/core/framework/web/service/TokenService.java
@@ -12,7 +12,8 @@ import com.core.common.utils.uuid.IdUtils;
 import eu.bitwalker.useragentutils.UserAgent;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import java.nio.charset.StandardCharsets;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -154,7 +155,7 @@ public class TokenService {
      * @return 令牌
      */
     private String createToken(Map<String, Object> claims) {
-        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
+        String token = Jwts.builder().claims(claims).signWith(Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8)), Jwts.SIG.HS512).compact();
         return token;
     }
 
@@ -165,7 +166,7 @@ public class TokenService {
      * @return 数据声明
      */
     private Claims parseToken(String token) {
-        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+        return Jwts.parser().verifyWith(Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8))).build().parseSignedClaims(token).getPayload();
     }
 
     /**
diff --git a/openhis-server-new/pom.xml b/openhis-server-new/pom.xml
index 66bcdcbf5..273c87eb9 100755
--- a/openhis-server-new/pom.xml
+++ b/openhis-server-new/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://maven.apache.org/POM/4.0.0"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -35,7 +35,7 @@
         <commons.io.version>2.21.0</commons.io.version>
         <poi.version>4.1.2</poi.version>
         <velocity.version>2.3</velocity.version>
-        <jwt.version>0.9.1</jwt.version>
+        <jwt.version>0.12.6</jwt.version>
         <!-- override dependency version -->
         <lombok.version>1.18.34</lombok.version>  <!-- 替换为 -->
         <mybatis-plus.version>3.5.16</mybatis-plus.version>
@@ -293,13 +293,25 @@
                 <version>${velocity.version}</version>
             </dependency>
 
+            <!-- Token生成与解析-->
             <!-- Token生成与解析-->
             <dependency>
                 <groupId>io.jsonwebtoken</groupId>
-                <artifactId>jjwt</artifactId>
+                <artifactId>jjwt-api</artifactId>
                 <version>${jwt.version}</version>
             </dependency>
-
+            <dependency>
+                <groupId>io.jsonwebtoken</groupId>
+                <artifactId>jjwt-impl</artifactId>
+                <version>${jwt.version}</version>
+                <scope>runtime</scope>
+            </dependency>
+            <dependency>
+                <groupId>io.jsonwebtoken</groupId>
+                <artifactId>jjwt-jackson</artifactId>
+                <version>${jwt.version}</version>
+                <scope>runtime</scope>
+            </dependency>
             <!-- 验证码 -->
             <dependency>
                 <groupId>pro.fessional</groupId>
@@ -414,4 +426,4 @@
         </pluginRepository>
     </pluginRepositories>
 
-</project>
\ No newline at end of file
+</project>