Skip to content

Commit

Permalink
feat(webserver): add a default jwt token + a warning
Browse files Browse the repository at this point in the history 
close #470
  • Loading branch information
@tchiotludo
tchiotludo committed Nov 12, 2020
1 parent 4f6f23b commit 985df0a
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
40 changes: 40 additions & 0 deletions src/main/java/org/akhq/configs/JwtSecurityWarning.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package org.akhq.configs;

import io.micronaut.context.annotation.Context;
import io.micronaut.context.annotation.Value;
import lombok.extern.slf4j.Slf4j;

import javax.annotation.PostConstruct;
import javax.inject.Singleton;

@Singleton
@Slf4j
@Context
public class JwtSecurityWarning {
protected static String DEFAULT = "pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!" +
"pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!" +
"pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!";

@Value("${micronaut.security.token.jwt.signatures.secret.generator.secret}")
protected String secret;

@Value("${micronaut.security.enabled:false}")
protected Boolean enabled;

@PostConstruct
public void start() {
if (enabled && secret.equals(DEFAULT)) {
log.warn("");
log.warn("##############################################################");
log.warn("# SECURITY WARNING #");
log.warn("##############################################################");
log.warn("");
log.warn("You still use the default jwt secret.");
log.warn("This known secret can be used to impersonate anyone.");
log.warn("Please change 'micronaut.security.token.jwt.signatures.secret.generator.secret' configuration, or ask your administrator to do it !");
log.warn("");
log.warn("##############################################################");
log.warn("");
}
}
}
5 changes: 5 additions & 0 deletions src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ micronaut:
cookie:
enabled: true
cookie-same-site: strict
signatures:
secret:
generator:
secret: "pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!pleasechangeme!"

redirect:
login-success: "${micronaut.server.context-path:}/ui"
forbidden:
Expand Down

0 comments on commit 985df0a

Please sign in to comment.