utmstack · mjabascal10 · Nov 27, 2025 · Dec 8, 2025 · Dec 8, 2025 · Dec 8, 2025
diff --git a/backend/src/main/java/com/park/utmstack/config/Constants.java b/backend/src/main/java/com/park/utmstack/config/Constants.java
@@ -2,9 +2,7 @@
 
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
 
-import java.util.Collections;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 
 public final class Constants {
@@ -130,7 +128,6 @@ public final class Constants {
     // Defines the index pattern for querying Elasticsearch statistics indexes.
     // ----------------------------------------------------------------------------------
     public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
-    public static final String API_ACCESS_LOGS = ".utmstack-api-logs";
 
     // Logging
     public static final String TRACE_ID_KEY = "traceId";
@@ -142,10 +139,7 @@ public final class Constants {
     public static final String DURATION_KEY = "duration";
     public static final String CAUSE_KEY = "cause";
     public static final String LAYER_KEY = "layer";
-
-    public static final String API_KEY_HEADER = "Utm-Api-Key";
-    public static final List<String> API_ENDPOINT_IGNORE = Collections.emptyList();
-
+    public static final String TFA_EXEMPTION_HEADER = "X-Bypass-TFA";
 
     private Constants() {
     }

diff --git a/backend/src/main/java/com/park/utmstack/security/jwt/TokenProvider.java b/backend/src/main/java/com/park/utmstack/security/jwt/TokenProvider.java
@@ -1,6 +1,7 @@
 package com.park.utmstack.security.jwt;
 
 
+import com.park.utmstack.config.Constants;
 import com.park.utmstack.security.AuthoritiesConstants;
 import com.park.utmstack.util.CipherUtil;
 import io.jsonwebtoken.*;
@@ -16,10 +17,12 @@
 import org.springframework.stereotype.Component;
 import tech.jhipster.config.JHipsterProperties;
 
+import javax.servlet.http.HttpServletRequest;
 import java.security.Key;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 @Component
@@ -116,4 +119,16 @@ public boolean validateToken(String authToken) {
         }
         return false;
     }
+
+    public boolean canBypassTwoFactorAuth(HttpServletRequest request) {
+        boolean tfaExemptionRequested = Boolean.parseBoolean(request.getHeader(Constants.TFA_EXEMPTION_HEADER));
+
+        boolean forceTfaAuth = Boolean.parseBoolean(
+                Optional.ofNullable(System.getenv(Constants.PROP_TFA_ENABLE)).orElse("true")
+        );
+
+        return tfaExemptionRequested || !forceTfaAuth;
+    }
+
+
 }
diff --git a/backend/src/main/java/com/park/utmstack/service/dto/collectors/dto/CollectorConfigDTO.java b/backend/src/main/java/com/park/utmstack/service/dto/collectors/dto/CollectorConfigDTO.java
@@ -0,0 +1,20 @@
+package com.park.utmstack.service.dto.collectors.dto;
+
+import com.park.utmstack.domain.application_modules.UtmModuleGroupConfiguration;
+import lombok.Getter;
+import lombok.Setter;
+
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+@Setter
+@Getter
+public class CollectorConfigDTO {
+        @NotNull
+        CollectorDTO collector;
+        @NotNull
+        private Long moduleId;
+        @NotNull
+        private List<UtmModuleGroupConfiguration> keys;
+
+}
diff --git a/...nd/src/main/java/com/park/utmstack/service/dto/collectors/dto/CollectorConfigKeysDTO.java b/...nd/src/main/java/com/park/utmstack/service/dto/collectors/dto/CollectorConfigKeysDTO.java
diff --git a/...c/main/java/com/park/utmstack/service/validators/collector/CollectorValidatorService.java b/...c/main/java/com/park/utmstack/service/validators/collector/CollectorValidatorService.java
@@ -1,7 +1,7 @@
 package com.park.utmstack.service.validators.collector;
 
 import com.park.utmstack.domain.application_modules.UtmModuleGroupConfiguration;
-import com.park.utmstack.service.dto.collectors.dto.CollectorConfigKeysDTO;
+import com.park.utmstack.service.dto.collectors.dto.CollectorConfigDTO;
 import org.springframework.stereotype.Service;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
@@ -13,12 +13,12 @@
 public class CollectorValidatorService implements Validator {
     @Override
     public boolean supports(Class<?> clazz) {
-        return CollectorConfigKeysDTO.class.equals(clazz);
+        return CollectorConfigDTO.class.equals(clazz);
     }
 
     @Override
     public void validate(Object target, Errors errors) {
-        CollectorConfigKeysDTO updateConfigurationKeysBody = (CollectorConfigKeysDTO) target;
+        CollectorConfigDTO updateConfigurationKeysBody = (CollectorConfigDTO) target;
 
         Map<String, Long> hostNames = updateConfigurationKeysBody.getKeys().stream()
                 .filter(config -> config.getConfName().equals("Hostname"))

diff --git a/backend/src/main/java/com/park/utmstack/web/rest/UserJWTController.java b/backend/src/main/java/com/park/utmstack/web/rest/UserJWTController.java
@@ -77,7 +77,8 @@ public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM, H
                 throw new TooMuchLoginAttemptsException(String.format("Authentication blocked: IP %s exceeded login attempt threshold", ip));
             }
 
-            boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE));
+            boolean isTfaExempted = this.tokenProvider.canBypassTwoFactorAuth(request);
+            boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE)) || isTfaExempted;
 
             UsernamePasswordAuthenticationToken authenticationToken =
                     new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());

diff --git a/backend/src/main/java/com/park/utmstack/web/rest/collectors/UtmCollectorResource.java b/backend/src/main/java/com/park/utmstack/web/rest/collectors/UtmCollectorResource.java
@@ -16,14 +16,13 @@
 import com.park.utmstack.service.application_modules.UtmModuleGroupService;
 import com.park.utmstack.service.collectors.CollectorOpsService;
 import com.park.utmstack.service.collectors.UtmCollectorService;
-import com.park.utmstack.service.dto.collectors.dto.CollectorConfigKeysDTO;
+import com.park.utmstack.service.dto.collectors.dto.CollectorConfigDTO;
 import com.park.utmstack.service.dto.collectors.dto.CollectorDTO;
 import com.park.utmstack.service.dto.collectors.CollectorModuleEnum;
 import com.park.utmstack.service.dto.collectors.dto.ListCollectorsResponseDTO;
 import com.park.utmstack.service.dto.network_scan.AssetGroupDTO;
 import com.park.utmstack.service.validators.collector.CollectorValidatorService;
 import com.park.utmstack.util.UtilResponse;
-import com.park.utmstack.web.rest.application_modules.UtmModuleGroupConfigurationResource;
 import com.park.utmstack.web.rest.errors.BadRequestAlertException;
 import com.park.utmstack.web.rest.errors.InternalServerErrorException;
 import com.park.utmstack.web.rest.network_scan.UtmNetworkScanResource;
@@ -94,9 +93,7 @@ public UtmCollectorResource(CollectorOpsService collectorService,
      * persist the configurations.
      */
     @PostMapping("/collector-config")
-    public ResponseEntity<Void> upsertCollectorConfig(
-            @Valid @RequestBody CollectorConfigKeysDTO collectorConfig,
-            CollectorDTO collectorDTO) {
+    public ResponseEntity<Void> upsertCollectorConfig(@Valid @RequestBody CollectorConfigDTO collectorConfig) {
         final String ctx = CLASSNAME + ".upsertCollectorConfig";
 
         try {
@@ -112,11 +109,11 @@ public ResponseEntity<Void> upsertCollectorConfig(
 
             // Get the actual configuration just in case of error when updating local db.
             CollectorConfig cacheConfig = collectorService.getCollectorConfig(
-                    ConfigRequest.newBuilder().setModule(CollectorModule.valueOf(collectorDTO.getModule().toString())).build(),
-                    AuthResponse.newBuilder().setId(collectorDTO.getId()).setKey(collectorDTO.getCollectorKey()).build());
+                    ConfigRequest.newBuilder().setModule(CollectorModule.valueOf(collectorConfig.getCollector().getModule().toString())).build(),
+                    AuthResponse.newBuilder().setId(collectorConfig.getCollector().getId()).setKey(collectorConfig.getCollector().getCollectorKey()).build());
             // Map the configurations to gRPC CollectorConfig and try to insert/update the collector config
             collectorService.upsertCollectorConfig(collectorService.mapToCollectorConfig(
-                    collectorService.mapPasswordConfiguration(collectorConfig.getKeys()), collectorDTO));
+                    collectorService.mapPasswordConfiguration(collectorConfig.getKeys()), collectorConfig.getCollector()));
             // If the update is fine via gRPC, then update the configurations in local db.
             try {
                 moduleGroupConfigurationService.updateConfigurationKeys(collectorConfig.getModuleId(), collectorConfig.getKeys());

diff --git a/frontend/src/app/app-management/api-keys/api-keys.component.html b/frontend/src/app/app-management/api-keys/api-keys.component.html
diff --git a/frontend/src/app/app-management/api-keys/api-keys.component.scss b/frontend/src/app/app-management/api-keys/api-keys.component.scss