dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge with PR 7297

Browse Source
This commit is contained in:
Andrii Shvaika 2022-11-17 13:02:31 +02:00
commit e9be91d9e1
5 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java
View File

@ -18,7 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -30,15 +29,11 @@ import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
import org.thingsboard.server.common.data.security.model.JwtSettings; import org.thingsboard.server.common.data.security.model.JwtSettings;
import org.thingsboard.server.dao.settings.AdminSettingsService; import org.thingsboard.server.dao.settings.AdminSettingsService;
import javax.annotation.PostConstruct;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Base64; import java.util.Base64;
import java.util.Objects; import java.util.Objects;
import java.util.Optional; import java.util.Optional;
import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.ADMIN_SETTINGS_JWT_KEY;
import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.TOKEN_SIGNING_KEY_DEFAULT;
@Service @Service
@RequiredArgsConstructor @RequiredArgsConstructor
@Slf4j @Slf4j
@ -49,7 +44,6 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
@Lazy @Lazy
private final Optional<TbClusterService> tbClusterService; private final Optional<TbClusterService> tbClusterService;
private final JwtSettingsValidator jwtSettingsValidator; private final JwtSettingsValidator jwtSettingsValidator;
private volatile JwtSettings jwtSettings = null; //lazy init
@Value("${security.jwt.tokenExpirationTime:9000}") @Value("${security.jwt.tokenExpirationTime:9000}")
private Integer tokenExpirationTime; private Integer tokenExpirationTime;
@ -60,6 +54,8 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
@Value("${security.jwt.tokenSigningKey:thingsboardDefaultSigningKey}") @Value("${security.jwt.tokenSigningKey:thingsboardDefaultSigningKey}")
private String tokenSigningKey; private String tokenSigningKey;
private volatile JwtSettings jwtSettings = null; //lazy init
/** /**
* Create JWT admin settings is intended to be called from Install scripts only * Create JWT admin settings is intended to be called from Install scripts only
*/ */
@ -160,4 +156,5 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
private boolean isSigningKeyDefault(JwtSettings settings) { private boolean isSigningKeyDefault(JwtSettings settings) {
return TOKEN_SIGNING_KEY_DEFAULT.equals(settings.getTokenSigningKey()); return TOKEN_SIGNING_KEY_DEFAULT.equals(settings.getTokenSigningKey());
} }
} }

2
application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java
View File

@ -59,7 +59,7 @@ public class DefaultJwtSettingsValidator implements JwtSettingsValidator {
if (Arrays.isNullOrEmpty(decodedKey)) { if (Arrays.isNullOrEmpty(decodedKey)) {
throw new DataValidationException("JWT token signing key should be non-empty after Base64 decoding!"); throw new DataValidationException("JWT token signing key should be non-empty after Base64 decoding!");
} }
if (decodedKey.length * Byte.SIZE < 256 && !TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) { if (decodedKey.length * Byte.SIZE < 256 && !JwtSettingsService.TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) {
throw new DataValidationException("JWT token signing key should be a Base64 encoded string representing at least 256 bits of data!"); throw new DataValidationException("JWT token signing key should be a Base64 encoded string representing at least 256 bits of data!");
} }

7
application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java
View File

@ -21,15 +21,16 @@ import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.thingsboard.server.common.data.security.model.JwtSettings; import org.thingsboard.server.common.data.security.model.JwtSettings;
/**
* During Install or upgrade the validation is suppressed to keep existing data
* */
@Primary @Primary
@Profile("install") @Profile("install")
@Component @Component
@RequiredArgsConstructor @RequiredArgsConstructor
public class InstallJwtSettingsValidator implements JwtSettingsValidator { public class InstallJwtSettingsValidator implements JwtSettingsValidator {
/**
* During Install or upgrade the validation is suppressed to keep existing data
* */
@Override @Override
public void validate(JwtSettings jwtSettings) { public void validate(JwtSettings jwtSettings) {

3
application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java
View File

@ -19,6 +19,9 @@ import org.thingsboard.server.common.data.security.model.JwtSettings;
public interface JwtSettingsService { public interface JwtSettingsService {
String ADMIN_SETTINGS_JWT_KEY = "jwt";
String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey";
JwtSettings getJwtSettings(); JwtSettings getJwtSettings();
JwtSettings reloadJwtSettings(); JwtSettings reloadJwtSettings();

2
application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java
View File

@ -18,8 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings;
import org.thingsboard.server.common.data.security.model.JwtSettings; import org.thingsboard.server.common.data.security.model.JwtSettings;
public interface JwtSettingsValidator { public interface JwtSettingsValidator {
String ADMIN_SETTINGS_JWT_KEY = "jwt";
String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey";
void validate(JwtSettings jwtSettings); void validate(JwtSettings jwtSettings);
} }