When signature is changed on generated JWT, parseClaimsJws doesn't throw

[TomasCruz]

JJWT version 0.9.1
When signature's last character is deliberately changed, that tampering with the signature is not registered. In DefaultJwsParser, check
validator.isValid(jwtWithoutSignature, base64UrlEncodedDigest)
passes, and SignatureException is not thrown. So, JWS is treated as valid though it's not.

Example:
public static final String SECRET = "SecretKeyToGenJWTs";
Token Jwts.builder()
.setSubject(((User) auth.getPrincipal()).getUsername())
.setExpiration(expiration)
.signWith(SignatureAlgorithm.HS512, SecurityConstants.SECRET.getBytes())
.compact();
produced was
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMSIsImV4cCI6MTUzMzMxMzAxNH0.mXVGnMC5a7rDx15nlnMse4YjLYZ7sWV9ySjXfCvlKhUvkVuNd3LFQrW990ATwacMPsijGgj9d9kEK4VPidEWVQ

After changing it to
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMSIsImV4cCI6MTUzMzMxMzAxNH0.mXVGnMC5a7rDx15nlnMse4YjLYZ7sWV9ySjXfCvlKhUvkVuNd3LFQrW990ATwacMPsijGgj9d9kEK4VPidEWVT
no problems are detected

[lhazlewood]

You can't just modify Base64 text and think it invalidates the encoding. That's not how Base64 works. :)

Please see #211 #269 #324.

[lhazlewood]

Just a note - I can't tell if your SECRET constant is just an example, but it is definitely insecure. HS512 requires keys that are at least 64 bytes in length, and preferably secure-random at that.

[TomasCruz]

Ok, #211 had a good explanation on Base64. I've had naively expected a one-to-one correspondence of text and it's encoding :)

Thanks for the tip on secret key security.