mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-08-26 14:19:24 +00:00
95d2118884
This PR introduces JWT (JSON Web Token) authentication for Stirling-PDF,
allowing for stateless authentication capabilities alongside the
existing session-based authentication system.
### Key Features & Changes
JWT Authentication System
- Core Service: JwtService.java - Token generation, validation, and
cookie management
- Authentication Filter: JwtAuthenticationFilter.java - Request
interceptor for JWT validation
- Key Management: KeyPersistenceService.java +
KeyPairCleanupService.java - RSA key rotation and persistence
- Frontend: jwt-init.js - Client-side JWT handling and URL cleanup
Security Integration
- SAML2: JwtSaml2AuthenticationRequestRepository.java - JWT-backed SAML
request storage
- OAuth2: Updated CustomAuthenticationSuccessHandler. java,
CustomOAuth2AuthenticationSuccessHandler.java &
CustomSaml2AuthenticationSuccessHandler.java for JWT integration
- Configuration: Enhanced SecurityConfiguration.java with JWT filter
chain
Infrastructure
- Caching: CacheConfig.java - Caffeine cache for JWT keys
- Database: New JwtVerificationKey.java entity for key storage
- Error Handling: JwtAuthenticationEntryPoint.java for unauthorized
access
### Challenges Encountered
- Configured SecurityConfiguration to use either
`UsernamePasswordAuthenticationFilter` or `JWTAuthenticationFilter`
based on whether JWTs are enabled to prevent the former intercepting
requests while in stateless mode.
- Removed the `.defaultSuccessUrl("/")` from login configuration as its
inclusion was preventing overriding the use of the
`CustomAuthenticationSuccessHandler` and preventing proper
authentication flows.
---
## Checklist
### General
- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md)
(if applicable)
- [x] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings
### Documentation
- [x] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [x] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
### UI Changes (if applicable)
- [x] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)
<img width="599" height="515" alt="Screenshot 2025-07-10 at 13 35 56"
src="https://github.com/user-attachments/assets/4126b752-ad0d-4ffa-b295-6714c43381e1"
/>
<img width="392" height="376" alt="Screenshot 2025-07-10 at 13 36 10"
src="https://github.com/user-attachments/assets/c681bc43-68ff-4934-8245-d544e2ad7b9c"
/>
<img width="1870" height="986" alt="eb750e8c3954fc47b2dd2e6e76ddb7d5"
src="https://github.com/user-attachments/assets/fca9b23d-b0b6-4884-8a26-98a441b641ef"
/>
<img width="1299" height="702" alt="Screenshot 2025-07-10 at 13 30 57"
src="https://github.com/user-attachments/assets/9415d8bf-fac4-4d38-8c3a-985d043d1076"
/>
### Testing (if applicable)
- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing)
for more details.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ludy <Ludy87@users.noreply.github.com>
Co-authored-by: EthanHealy01 <80844253+EthanHealy01@users.noreply.github.com>
Co-authored-by: Ethan <ethan@MacBook-Pro.local>
Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
62 lines
2.5 KiB
Properties
62 lines
2.5 KiB
Properties
multipart.enabled=true
|
|
logging.level.org.springframework=WARN
|
|
logging.level.org.hibernate=WARN
|
|
logging.level.org.eclipse.jetty=WARN
|
|
#logging.level.org.springframework.security.saml2=TRACE
|
|
#logging.level.org.springframework.security=DEBUG
|
|
#logging.level.org.opensaml=DEBUG
|
|
#logging.level.stirling.software.proprietary.security=DEBUG
|
|
logging.level.com.zaxxer.hikari=WARN
|
|
spring.jpa.open-in-view=false
|
|
server.forward-headers-strategy=NATIVE
|
|
server.error.path=/error
|
|
server.error.whitelabel.enabled=false
|
|
server.error.include-stacktrace=always
|
|
server.error.include-exception=true
|
|
server.error.include-message=always
|
|
#logging.level.org.springframework.web=DEBUG
|
|
#logging.level.org.springframework=DEBUG
|
|
#logging.level.org.springframework.security=DEBUG
|
|
|
|
spring.servlet.multipart.max-file-size=2000MB
|
|
spring.servlet.multipart.max-request-size=2000MB
|
|
server.servlet.session.tracking-modes=cookie
|
|
server.servlet.context-path=${SYSTEM_ROOTURIPATH:/}
|
|
spring.devtools.restart.enabled=true
|
|
spring.devtools.livereload.enabled=true
|
|
spring.devtools.restart.exclude=stirling.software.proprietary.security/**
|
|
# spring.thymeleaf.encoding=UTF-8 # Disabled - React frontend replaces Thymeleaf
|
|
spring.web.resources.mime-mappings.webmanifest=application/manifest+json
|
|
spring.mvc.async.request-timeout=${SYSTEM_CONNECTIONTIMEOUTMILLISECONDS:1200000}
|
|
|
|
spring.datasource.url=jdbc:h2:file:./configs/stirling-pdf-DB-2.3.232;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE;MODE=PostgreSQL
|
|
spring.datasource.driver-class-name=org.h2.Driver
|
|
spring.datasource.username=sa
|
|
spring.datasource.password=
|
|
spring.h2.console.enabled=false
|
|
spring.jpa.hibernate.ddl-auto=update
|
|
# Defer datasource initialization to ensure that the database is fully set up
|
|
# before Hibernate attempts to access it. This is particularly useful when
|
|
# using database initialization scripts or tools.
|
|
spring.jpa.defer-datasource-initialization=true
|
|
|
|
# Disable SQL logging to avoid cluttering the logs in production. Enable this
|
|
# property during development if you need to debug SQL queries.
|
|
spring.jpa.show-sql=false
|
|
server.servlet.session.timeout:30m
|
|
# Change the default URL path for OpenAPI JSON
|
|
springdoc.api-docs.path=/v1/api-docs
|
|
# Set the URL of the OpenAPI JSON for the Swagger UI
|
|
springdoc.swagger-ui.url=/v1/api-docs
|
|
springdoc.swagger-ui.path=/index.html
|
|
posthog.api.key=phc_fiR65u5j6qmXTYL56MNrLZSWqLaDW74OrZH0Insd2xq
|
|
posthog.host=https://eu.i.posthog.com
|
|
|
|
spring.main.allow-bean-definition-overriding=true
|
|
|
|
# Set up a consistent temporary directory location
|
|
java.io.tmpdir=${stirling.tempfiles.directory:${java.io.tmpdir}/stirling-pdf}
|
|
|
|
# V2 features
|
|
v2=false
|