From b15ef1c082d7d649dd65bd49bd995be24ebc707b Mon Sep 17 00:00:00 2001 From: Andrii Landiak Date: Tue, 6 Jan 2026 12:55:56 +0200 Subject: [PATCH] Redis: add username for ACL auth --- application/src/main/resources/thingsboard.yml | 2 ++ .../server/cache/TBRedisClusterConfiguration.java | 6 ++++++ .../server/cache/TBRedisSentinelConfiguration.java | 8 +++++++- .../server/cache/TBRedisStandaloneConfiguration.java | 5 +++++ transport/coap/src/main/resources/tb-coap-transport.yml | 2 ++ transport/http/src/main/resources/tb-http-transport.yml | 2 ++ transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml | 2 ++ transport/mqtt/src/main/resources/tb-mqtt-transport.yml | 2 ++ transport/snmp/src/main/resources/tb-snmp-transport.yml | 2 ++ 9 files changed, 30 insertions(+), 1 deletion(-) diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index cda7f5782a..5cc3b901ab 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -727,6 +727,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" # ssl config ssl: # Enable/disable secure connection diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java index 0c6599846b..40a1931853 100644 --- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java +++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisClusterConfiguration.java @@ -22,6 +22,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisClusterConfiguration; import org.springframework.data.redis.connection.jedis.JedisClientConfiguration; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.thingsboard.server.common.data.StringUtils; @Configuration @ConditionalOnMissingBean(TbCaffeineCacheConfiguration.class) @@ -37,6 +38,9 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration { @Value("${redis.cluster.useDefaultPoolConfig:true}") private boolean useDefaultPoolConfig; + @Value("${redis.username:}") + private String username; + @Value("${redis.password:}") private String password; @@ -47,6 +51,7 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration { RedisClusterConfiguration clusterConfiguration = new RedisClusterConfiguration(); clusterConfiguration.setClusterNodes(getNodes(clusterNodes)); clusterConfiguration.setMaxRedirects(maxRedirects); + clusterConfiguration.setUsername(username); clusterConfiguration.setPassword(password); return new JedisConnectionFactory(clusterConfiguration, buildClientConfig()); } @@ -65,4 +70,5 @@ public class TBRedisClusterConfiguration extends TBRedisCacheConfiguration { } return jedisClientConfigurationBuilder.build(); } + } diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java index 2a4e1b34ac..9c83782071 100644 --- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java +++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisSentinelConfiguration.java @@ -22,6 +22,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisSentinelConfiguration; import org.springframework.data.redis.connection.jedis.JedisClientConfiguration; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.thingsboard.server.common.data.StringUtils; @Configuration @ConditionalOnMissingBean(TbCaffeineCacheConfiguration.class) @@ -46,6 +47,9 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration { @Value("${redis.ssl.enabled:false}") private boolean useSsl; + @Value("${redis.username:}") + private String username; + @Value("${redis.password:}") private String password; @@ -54,9 +58,10 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration { redisSentinelConfiguration.setMaster(master); redisSentinelConfiguration.setSentinels(getNodes(sentinels)); redisSentinelConfiguration.setSentinelPassword(sentinelPassword); + redisSentinelConfiguration.setUsername(username); redisSentinelConfiguration.setPassword(password); redisSentinelConfiguration.setDatabase(database); - return new JedisConnectionFactory(redisSentinelConfiguration, buildClientConfig()); + return new JedisConnectionFactory(redisSentinelConfiguration, buildClientConfig()); } private JedisClientConfiguration buildClientConfig() { @@ -73,4 +78,5 @@ public class TBRedisSentinelConfiguration extends TBRedisCacheConfiguration { } return jedisClientConfigurationBuilder.build(); } + } diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java index 39944d5217..029e9c72a8 100644 --- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java +++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisStandaloneConfiguration.java @@ -54,6 +54,9 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration { @Value("${redis.db:0}") private Integer db; + @Value("${redis.username:}") + private String username; + @Value("${redis.password:}") private String password; @@ -65,6 +68,7 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration { standaloneConfiguration.setHostName(host); standaloneConfiguration.setPort(port); standaloneConfiguration.setDatabase(db); + standaloneConfiguration.setUsername(username); standaloneConfiguration.setPassword(password); return new JedisConnectionFactory(standaloneConfiguration, buildClientConfig()); } @@ -89,4 +93,5 @@ public class TBRedisStandaloneConfiguration extends TBRedisCacheConfiguration { } return jedisClientConfigurationBuilder.build(); } + } diff --git a/transport/coap/src/main/resources/tb-coap-transport.yml b/transport/coap/src/main/resources/tb-coap-transport.yml index 02ec421366..2227aaddc3 100644 --- a/transport/coap/src/main/resources/tb-coap-transport.yml +++ b/transport/coap/src/main/resources/tb-coap-transport.yml @@ -94,6 +94,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" diff --git a/transport/http/src/main/resources/tb-http-transport.yml b/transport/http/src/main/resources/tb-http-transport.yml index 7fe35a57d5..638bff9641 100644 --- a/transport/http/src/main/resources/tb-http-transport.yml +++ b/transport/http/src/main/resources/tb-http-transport.yml @@ -127,6 +127,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" diff --git a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml index b1718a2099..de3b33688d 100644 --- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml +++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml @@ -94,6 +94,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" diff --git a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml index 86e5dc5a5b..4378fbaa4e 100644 --- a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml +++ b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml @@ -95,6 +95,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" diff --git a/transport/snmp/src/main/resources/tb-snmp-transport.yml b/transport/snmp/src/main/resources/tb-snmp-transport.yml index 9dfb9f0b41..a454f6f294 100644 --- a/transport/snmp/src/main/resources/tb-snmp-transport.yml +++ b/transport/snmp/src/main/resources/tb-snmp-transport.yml @@ -94,6 +94,8 @@ redis: db: "${REDIS_DB:0}" # db password password: "${REDIS_PASSWORD:}" + # Redis username for ACL authentication (Redis 6.0+). Leave empty for legacy password-only auth + username: "${REDIS_USERNAME:}" ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}"