put the constants in ConfigurationKeys

common/src/main/java/org/apache/seata/common/ConfigurationKeys.java

@@ -18,7 +18,6 @@
 
 /**
  * The type Configuration keys.
- *
  */
 public interface ConfigurationKeys {
     /**
@@ -68,6 +67,11 @@ public interface ConfigurationKeys {
      */
     String SEATA_PREFIX = SEATA_FILE_ROOT_CONFIG + ".";
 
+    /**
+     * The constant SECURITY_PREFIX
+     */
+    String SECURITY_PREFIX = "security.";
+
     /**
      * The constant SERVICE_PREFIX.
      */
@@ -1011,4 +1015,24 @@ public interface ConfigurationKeys {
      * The constant SERVER_APPLICATION_DATA_SIZE_CHECK
      */
     String SERVER_APPLICATION_DATA_SIZE_CHECK = SERVER_PREFIX + "applicationDataLimitCheck";
+
+    /**
+     * The constant SECURITY_USERNAME;
+     */
+    String SECURITY_USERNME = SECURITY_PREFIX + "username";
+
+    /**
+     * The constant SECURITY_PASSWORD;
+     */
+    String SECURITY_PASSWORD = SECURITY_PREFIX + "password";
+
+    /**
+     * The constant SECURITY_SECRET_KEY;
+     */
+    String SECURITY_SECRET_KEY = SECURITY_PREFIX + "secretKey";
+
+    /**
+     * The constant SECURITY_TOKEN_VALID_TIME;
+     */
+    String SECURITY_TOKEN_VALID_TIME = SECURITY_PREFIX + "tokenValidityInMilliseconds";
 }

core/src/main/java/org/apache/seata/core/auth/JwtAuthManager.java

@@ -17,6 +17,7 @@
 package org.apache.seata.core.auth;
 
 
+import org.apache.seata.common.ConfigurationKeys;
 import org.apache.seata.common.util.StringUtils;
 import org.apache.seata.config.ConfigurationFactory;
 
@@ -53,8 +54,8 @@ public static JwtAuthManager getInstance() {
     }
 
     public void init() {
-        username = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig("security." + PRO_USERNAME);
-        password = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig("security." + PRO_PASSWORD);
+        username = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig(ConfigurationKeys.SECURITY_USERNME);
+        password = ConfigurationFactory.CURRENT_FILE_INSTANCE.getConfig(ConfigurationKeys.SECURITY_PASSWORD);
     }
 
     public String getToken() {

server/src/main/java/org/apache/seata/server/auth/JwtCheckAuthHandler.java

@@ -23,6 +23,7 @@
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.ExpiredJwtException;
+import org.apache.seata.common.ConfigurationKeys;
 import org.apache.seata.common.exception.RetryableException;
 import org.apache.seata.common.loader.LoadLevel;
 import org.apache.seata.common.util.StringUtils;
@@ -46,6 +47,10 @@ public class JwtCheckAuthHandler extends AbstractCheckAuthHandler {
 
     private static final String TOKEN = "token";
 
+    private static final String PRO_USERNAME = "username";
+
+    private static final String PRO_PASSWORD = "password";
+
     private JwtAuthManager authManager = JwtAuthManager.getInstance();
 
     @Override
@@ -77,8 +82,8 @@ public boolean needRefreshToken(AbstractIdentifyRequest abstractIdentifyRequest)
             // 2.if token will be expired, need refresh token.
             try {
                 String accessToken = authDataMap.get(TOKEN);
-                String secretKey = ConfigurationFactory.getInstance().getConfig("security.secretKey");
-                String tokenValidWindow = ConfigurationFactory.getInstance().getConfig("security.tokenValidityInMilliseconds");
+                String secretKey = ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_SECRET_KEY);
+                String tokenValidWindow = ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_TOKEN_VALID_TIME);
                 Jws<Claims> claimsJws = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(accessToken);
                 Claims claims = claimsJws.getBody();
                 Date expiration = claims.getExpiration();
@@ -95,8 +100,8 @@ public boolean needRefreshToken(AbstractIdentifyRequest abstractIdentifyRequest)
     @Override
     public String refreshToken(AbstractIdentifyRequest abstractIdentifyRequest) {
         String subject;
-        String secretKey = ConfigurationFactory.getInstance().getConfig("security.secretKey");
-        String expirationMillis = ConfigurationFactory.getInstance().getConfig("security.tokenValidityInMilliseconds");
+        String secretKey = ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_SECRET_KEY);
+        String expirationMillis = ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_TOKEN_VALID_TIME);
         if (authManager.getUsername() != null) {
             subject = authManager.getUsername();
         } else {
@@ -123,19 +128,19 @@ private boolean checkAuthData(String extraData) throws RetryableException {
         }
         HashMap<String, String> authData = JwtAuthManager.convertToHashMap(extraData);
         // 1.check username/password
-        String username = authData.get("username");
-        String password = authData.get("password");
+        String username = authData.get(PRO_USERNAME);
+        String password = authData.get(PRO_PASSWORD);
         if (null != username && null != password
-            && StringUtils.equals(username, ConfigurationFactory.getInstance().getConfig("security.username"))
-            && StringUtils.equals(password, ConfigurationFactory.getInstance().getConfig("security.password"))) {
+            && StringUtils.equals(username, ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_USERNME))
+            && StringUtils.equals(password, ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_PASSWORD))) {
             authManager.setUsername(username);
             authManager.setPassword(password);
             return true;
         } else if (authData.get(TOKEN) != null) {
             // 2.check token
             try {
                 String accessToken = authData.get(TOKEN);
-                String secretKey = ConfigurationFactory.getInstance().getConfig("security.secretKey");
+                String secretKey = ConfigurationFactory.getInstance().getConfig(ConfigurationKeys.SECURITY_SECRET_KEY);
                 Jwts.parser().setSigningKey(secretKey).parseClaimsJws(accessToken);
                 authManager.setAccessToken(accessToken);
                 return true;