2026.0 to 2026.0.1
1. JWT Keystore: Introduction and Purpose
info
The following changes are only required for unmanaged systems. For managed systems, the operator handles everything needed.
What changed:
A dedicated JWT keystore has been introduced to enable the server to sign JWT tokens for securing endpoints independent of Vaadin sessions.
Four new properties have been added to the Instance Configuration to define JWT keystore parameters:
jwtServiceKeystoreLocationjwtServiceKeystoreTypejwtServiceKeystoreProviderjwtServiceKeystorePassword
Why it matters:
Short-lived JWTs are required to authenticate and authorize external service calls that operate outside the Vaadin session lifecycle. Without this keystore, these endpoints cannot be properly secured, creating a security gap for microservice-to-microservice communication.
These endpoints are needed for the new menu, the basictable and future components.
Recommended actions:
- Provide a jwt keystore for the
server - Ensure the keystore is accessible by the
ADITO serverservice - Configure the
jwtalias within the keystore for token signing operations - Restart the
ADITO server