Merge pull request #5476 from thingsboard/lwm2m_bs_forbiden

lwm2m - authorization in Bootstrap session

common/transport/lwm2m/src/main/java/org/thingsboard/server/transport/lwm2m/bootstrap/secure/LwM2mDefaultBootstrapSessionManager.java

@@ -34,6 +34,7 @@ import org.eclipse.leshan.server.security.BootstrapSecurityStore;
 import org.eclipse.leshan.server.security.SecurityChecker;
 import org.eclipse.leshan.server.security.SecurityInfo;
 import org.thingsboard.server.common.transport.TransportService;
+import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
 
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -79,8 +80,9 @@ public class LwM2mDefaultBootstrapSessionManager extends DefaultBootstrapSession
 
     @Override
     public BootstrapSession begin(BootstrapRequest request, Identity clientIdentity) {
-        boolean authorized;
+        boolean authorized = true;
         Iterator<SecurityInfo> securityInfos;
+        try {
             if (bsSecurityStore != null && securityChecker != null) {
                 if (clientIdentity.isSecure() && clientIdentity.isPSK()) {
                     securityInfos = bsSecurityStore.getAllByEndpoint(clientIdentity.getPskIdentity());
@@ -88,8 +90,9 @@ public class LwM2mDefaultBootstrapSessionManager extends DefaultBootstrapSession
                     securityInfos = bsSecurityStore.getAllByEndpoint(request.getEndpointName());
                 }
                 authorized = securityChecker.checkSecurityInfos(request.getEndpointName(), clientIdentity, securityInfos);
-        } else {
-            authorized = true;
+            }
+        } catch (LwM2MAuthException e) {
+            authorized = false;
         }
         DefaultBootstrapSession session = new DefaultBootstrapSession(request, clientIdentity, authorized);
         if (authorized) {