Merge with PR 7297

2022-11-17 13:02:31 +02:00 · 2022-11-17 13:02:31 +02:00 · e9be91d9e1
commit e9be91d9e1
parent 57332d71aa 8807b7e95d
5 changed files with 11 additions and 12 deletions
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsService.java
@ -18,7 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.RandomStringUtils;
-import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
@ -30,15 +29,11 @@ import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.common.data.security.model.JwtSettings;
 import org.thingsboard.server.dao.settings.AdminSettingsService;

-import javax.annotation.PostConstruct;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Objects;
 import java.util.Optional;

-import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.ADMIN_SETTINGS_JWT_KEY;
-import static org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsValidator.TOKEN_SIGNING_KEY_DEFAULT;
-
@Service
@RequiredArgsConstructor
@Slf4j
@ -49,7 +44,6 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
    @Lazy
    private final Optional<TbClusterService> tbClusterService;
    private final JwtSettingsValidator jwtSettingsValidator;
-    private volatile JwtSettings jwtSettings = null; //lazy init

    @Value("${security.jwt.tokenExpirationTime:9000}")
    private Integer tokenExpirationTime;
@ -60,6 +54,8 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
    @Value("${security.jwt.tokenSigningKey:thingsboardDefaultSigningKey}")
    private String tokenSigningKey;

+    private volatile JwtSettings jwtSettings = null; //lazy init
+
    /**
     * Create JWT admin settings is intended to be called from Install scripts only
     */
@ -160,4 +156,5 @@ public class DefaultJwtSettingsService implements JwtSettingsService {
    private boolean isSigningKeyDefault(JwtSettings settings) {
        return TOKEN_SIGNING_KEY_DEFAULT.equals(settings.getTokenSigningKey());
    }
+
 }
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/DefaultJwtSettingsValidator.java
@ -59,7 +59,7 @@ public class DefaultJwtSettingsValidator implements JwtSettingsValidator {
        if (Arrays.isNullOrEmpty(decodedKey)) {
            throw new DataValidationException("JWT token signing key should be non-empty after Base64 decoding!");
        }
-        if (decodedKey.length * Byte.SIZE < 256 && !TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) {
+        if (decodedKey.length * Byte.SIZE < 256 && !JwtSettingsService.TOKEN_SIGNING_KEY_DEFAULT.equals(jwtSettings.getTokenSigningKey())) {
            throw new DataValidationException("JWT token signing key should be a Base64 encoded string representing at least 256 bits of data!");
        }

--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/InstallJwtSettingsValidator.java
@ -21,15 +21,16 @@ import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.security.model.JwtSettings;

+/**
+ * During Install or upgrade the validation is suppressed to keep existing data
+ * */
+
@Primary
@Profile("install")
@Component
@RequiredArgsConstructor
 public class InstallJwtSettingsValidator implements JwtSettingsValidator {

-    /**
-     * During Install or upgrade the validation is suppressed to keep existing data
-     * */
    @Override
    public void validate(JwtSettings jwtSettings) {

--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsService.java
@ -19,6 +19,9 @@ import org.thingsboard.server.common.data.security.model.JwtSettings;

 public interface JwtSettingsService {

+    String ADMIN_SETTINGS_JWT_KEY = "jwt";
+    String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey";
+
    JwtSettings getJwtSettings();

    JwtSettings reloadJwtSettings();
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/jwt/settings/JwtSettingsValidator.java
@ -18,8 +18,6 @@ package org.thingsboard.server.service.security.auth.jwt.settings;
 import org.thingsboard.server.common.data.security.model.JwtSettings;

 public interface JwtSettingsValidator {
-    String ADMIN_SETTINGS_JWT_KEY = "jwt";
-    String TOKEN_SIGNING_KEY_DEFAULT = "thingsboardDefaultSigningKey";

    void validate(JwtSettings jwtSettings);
 }