Hello, I encountered some problems when trying to use OnlyOffice. I deployed the free version of OnlyOffice on CentOS7 and downloaded the Java example. I tried to run the Java example. Prompt “The document security token is not correctly formed. Please contact your document server administrator. Press” OK “to return to document list.” According to the document, I modified [ files.docservice.secret ] in [ settings.properties ] and made it consistent with that in [ local.json ] When I rerun the example, I still reported the same error. I hope to get some help, thank you.
Hello @A_MaxFun
To apply changes made to local.json config you have to restart Document Server services with command systemctl restart ds-* (use supervisorctl restart all from inside the Document Server Docker contaienr if used Docker as installation method).
Yes, I tried to restart the service, but the problem is still the same. (I didn’t use Docker)
Please provide us log all files of Document Server after reproducing the issue for analysis. Logs are located in /var/log/onlyoffice/documentserver/.
[2023-03-06T23:31:27.525] [WARN] [localhost] [1558988863] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =
[2023-03-06T23:31:42.180] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting…
[2023-03-06T23:31:42.184] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. File system | Node.js v19.7.0 Documentation
[2023-03-06T23:31:42.366] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.3.2. Build: 8
[2023-03-06T23:31:45.989] [WARN] [localhost] [1791551126] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =
[2023-03-07T00:13:54.449] [WARN] [localhost] [230042446] [userId] nodeJS - checkJwt error: name = JsonWebTokenError message = jwt must be provided token =
This error entry means that the JWT Token is improperly configured on the Java example side. After changing the secret did you recompile your Java example with new configuration?
Also, just as a side note, we recommend using custom JWT Headers, for example, AuthorizationJWT.
After reconfirmation, I recompiled my Java sample and confirmed that the configuration information was consistent with local.json. It is still the error of “The document security token is not correctly formed. Please contact your document server administrator”. I also tried to modify the request header, and it didn’t have any effect.
Just to clarify: by recompile I mean to re-built the package and reupload WAR file to Tomcat.
In test purposes you can try disabling JWT Token on Document Server side either by rerunning Docker container with variable -e JWT_ENABLED=false or by changing local.json:
- Find section
"token"and change"inbox","outbox"and"browser"strings tofalselike that:
"token": {
"enable": {
"request": {
"inbox": false,
"outbox": false
},
"browser": false
},
- After that restart Document Server services with
systemctl restart ds-*to apply the change.
Of course, I repackage it to Tomcat every time. I tried to disable JWT on the server side. This time, “The document security token is not correctly formed. Please contact your document server administrator” did not appear, but a new problem occurred.
Please provide fresh logs of the Document Server.
Thank you for the log.
I was able to reproduce the issue with enabled JWT Token. We are checking the situation with this behavior. I will update the thread once I get any news.