diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java index c877e4712d..e306dd1d2d 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java @@ -18,7 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.RandomStringUtils; -import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Service; @@ -30,15 +29,11 @@ import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent; import org.thingsboard.server.common.data.security.model.JwtSettings; import org.thingsboard.server.dao.settings.AdminSettingsService; -import javax.annotation.PostConstruct; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.Objects; import java.util.Optional; -import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.ADMIN_SETTINGS_JWT_KEY; -import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.TOKEN_SIGNING_KEY_DEFAULT; - @Service @RequiredArgsConstructor @Slf4j @@ -49,7 +44,6 @@ public class DefaultJwtSettingsService implements JwtSettingsService { @Lazy private final Optional tbClusterService; private final JwtSettingsValidator jwtSettingsValidator; - private volatile JwtSettings jwtSettings = null; //lazy init @Value("${security.jwt.tokenExpirationTime:9000}") private Integer tokenExpirationTime; @@ -60,6 +54,8 @@ public class DefaultJwtSettingsService implements JwtSettingsService { @Value("${security.jwt.tokenSigningKey:thingsboardDefaultSigningKey}") private String tokenSigningKey; + private volatile JwtSettings jwtSettings = null; //lazy init + /** * Create JWT admin settings is intended to be called from Install scripts only */ @@ -160,4 +156,5 @@ public class DefaultJwtSettingsService implements JwtSettingsService { private boolean isSigningKeyDefault(JwtSettings settings) { return TOKEN_SIGNING_KEY_DEFAULT.equals(settings.getTokenSigningKey()); } + } diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java index ef0e88753c..bf83179b78 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java @@ -59,7 +59,7 @@ public class DefaultJwtSettingsValidator implements JwtSettingsValidator { if (Arrays.isNullOrEmpty(decodedKey)) { throw new DataValidationException("JWT token signing key should be non-empty after Base64 decoding!"); } - if (decodedKey.length * Byte.SIZE < 256 && !TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) { + if (decodedKey.length * Byte.SIZE < 256 && !JwtSettingsService.TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) { throw new DataValidationException("JWT token signing key should be a Base64 encoded string representing at least 256 bits of data!"); } diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java index b8667c45a8..6202e60c96 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java @@ -21,15 +21,16 @@ import org.springframework.context.annotation.Profile; import org.springframework.stereotype.Component; import org.thingsboard.server.common.data.security.model.JwtSettings; +/** + * During Install or upgrade the validation is suppressed to keep existing data + * */ + @Primary @Profile("install") @Component @RequiredArgsConstructor public class InstallJwtSettingsValidator implements JwtSettingsValidator { - /** - * During Install or upgrade the validation is suppressed to keep existing data - * */ @Override public void validate(JwtSettings jwtSettings) { diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java index b5fe1bbf9f..bf02be573c 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java @@ -19,6 +19,9 @@ import org.thingsboard.server.common.data.security.model.JwtSettings; public interface JwtSettingsService { + String ADMIN_SETTINGS_JWT_KEY = "jwt"; + String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey"; + JwtSettings getJwtSettings(); JwtSettings reloadJwtSettings(); diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java index 30d23bca00..06a82fc808 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java @@ -18,8 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings; import org.thingsboard.server.common.data.security.model.JwtSettings; public interface JwtSettingsValidator { - String ADMIN_SETTINGS_JWT_KEY = "jwt"; - String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey"; void validate(JwtSettings jwtSettings); }