Merges with master

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
2016-08-24 10:58:03 +02:00
parent aff2350186
commit 00539ea49c
2 changed files with 158 additions and 116 deletions
--- a/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java
+++ b/hawkbit-ddi-resource/src/test/java/org/eclipse/hawkbit/ddi/rest/resource/DdiArtifactDownloadTest.java
@@ -29,7 +29,7 @@ import java.util.List;
 import java.util.TimeZone;

 import org.apache.commons.lang3.RandomUtils;
-import org.eclipse.hawkbit.eventbus.event.DownloadProgressEvent;
+import org.eclipse.hawkbit.repository.eventbus.event.DownloadProgressEvent;
 import org.eclipse.hawkbit.repository.model.Action;
 import org.eclipse.hawkbit.repository.model.Action.Status;
 import org.eclipse.hawkbit.repository.model.Artifact;
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
@@ -185,18 +185,22 @@ public final class SpPermission {
                field.setAccessible(true);
                try {
                    final String role = (String) field.get(null);
-                    if (!(exclusionRoles.contains(role))) {
-                        allPermissions.add(role);
-                    }
+                    addIfNotExcluded(exclusionRoles, allPermissions, role);
                } catch (final IllegalAccessException e) {
                    LOGGER.error(e.getMessage(), e);
                }
-
            }
        }
        return allPermissions;
    }

+    private static void addIfNotExcluded(final Collection<String> exclusionRoles, final List<String> allPermissions,
+            final String role) {
+        if (!(exclusionRoles.contains(role))) {
+            allPermissions.add(role);
+        }
+    }
+
    /**
     * Contains all the spring security evaluation expressions for the
     * {@link PreAuthorize} annotation for method security.
@@ -224,8 +228,10 @@ public final class SpPermission {
        /*
         * Spring security eval expressions.
         */
-        private static final String HAS_AUTH_PREFIX = "hasAuthority('";
-        private static final String HAS_AUTH_SUFFIX = "')";
+        private static final String BRACKET_OPEN = "(";
+        private static final String BRACKET_CLOSE = ")";
+        private static final String HAS_AUTH_PREFIX = "hasAuthority" + BRACKET_OPEN + "'";
+        private static final String HAS_AUTH_SUFFIX = "'" + BRACKET_CLOSE;
        private static final String HAS_AUTH_AND = " and ";

        /**
@@ -257,99 +263,6 @@ public final class SpPermission {
         */
        public static final String HAS_AUTH_OR = " or ";

-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#UPDATE_TARGET}.
-         */
-        public static final String HAS_AUTH_UPDATE_TARGET = HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#SYSTEM_ADMIN}.
-         */
-        public static final String HAS_AUTH_SYSTEM_ADMIN = HAS_AUTH_PREFIX + SYSTEM_ADMIN + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#READ_TARGET}.
-         */
-        public static final String HAS_AUTH_READ_TARGET = HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#CREATE_TARGET}.
-         */
-        public static final String HAS_AUTH_CREATE_TARGET = HAS_AUTH_PREFIX + CREATE_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#DELETE_TARGET}.
-         */
-        public static final String HAS_AUTH_DELETE_TARGET = HAS_AUTH_PREFIX + DELETE_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#READ_REPOSITORY} and
-         * {@link SpPermission#UPDATE_TARGET}.
-         */
-        public static final String HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET = HAS_AUTH_PREFIX + READ_REPOSITORY
-                + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#CREATE_REPOSITORY}.
-         */
-        public static final String HAS_AUTH_CREATE_REPOSITORY = HAS_AUTH_PREFIX + CREATE_REPOSITORY + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#DELETE_REPOSITORY}.
-         */
-        public static final String HAS_AUTH_DELETE_REPOSITORY = HAS_AUTH_PREFIX + DELETE_REPOSITORY + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#READ_REPOSITORY}.
-         */
-        public static final String HAS_AUTH_READ_REPOSITORY = HAS_AUTH_PREFIX + READ_REPOSITORY + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#UPDATE_REPOSITORY}.
-         */
-        public static final String HAS_AUTH_UPDATE_REPOSITORY = HAS_AUTH_PREFIX + UPDATE_REPOSITORY + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#READ_REPOSITORY} and
-         * {@link SpPermission#READ_TARGET}.
-         */
-        public static final String HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET = HAS_AUTH_PREFIX + READ_REPOSITORY
-                + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#DOWNLOAD_REPOSITORY_ARTIFACT}.
-         */
-        public static final String HAS_AUTH_DOWNLOAD_ARTIFACT = HAS_AUTH_PREFIX + DOWNLOAD_REPOSITORY_ARTIFACT
-                + HAS_AUTH_SUFFIX;
-
-        /**
-         * Spring security eval hasAnyRole expression to check if the spring
-         * context contains the anoynmous role or the controller specific role
-         * {@link SpPermission#CONTROLLER_ROLE}.
-         */
-        public static final String IS_CONTROLLER = "hasAnyRole('" + CONTROLLER_ROLE_ANONYMOUS + "', '" + CONTROLLER_ROLE
-                + "')";
-
-        /**
-         * Spring security eval hasAuthority expression to check if the spring
-         * context contains the role to allow controllers to download specific
-         * role {@link SpPermission#CONTROLLER_DOWNLOAD_ROLE}.
-         */
-        public static final String HAS_CONTROLLER_DOWNLOAD = HAS_AUTH_PREFIX + CONTROLLER_DOWNLOAD_ROLE
-                + HAS_AUTH_SUFFIX;
-
        /**
         * Spring security eval hasAnyRole expression to check if the spring
         * context contains system code role
@@ -359,47 +272,176 @@ public final class SpPermission {

        /**
         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#CREATE_REPOSITORY} and
-         * {@link SpPermission#CREATE_TARGET}.
+         * context contains {@link SpPermission#UPDATE_TARGET} or
+         * {@link #IS_SYSTEM_CODE}.
         */
-        public static final String HAS_AUTH_CREATE_REPOSITORY_AND_CREATE_TARGET = HAS_AUTH_PREFIX + CREATE_REPOSITORY
-                + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + CREATE_TARGET + HAS_AUTH_SUFFIX;
+        public static final String HAS_AUTH_UPDATE_TARGET = HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;

        /**
         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#ROLLOUT_MANAGEMENT}
+         * context contains {@link SpPermission#SYSTEM_ADMIN} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_SYSTEM_ADMIN = HAS_AUTH_PREFIX + SYSTEM_ADMIN + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#READ_TARGET} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_READ_TARGET = HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX + HAS_AUTH_OR
+                + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#READ_TARGET_SEC_TOKEN} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_READ_TARGET_SEC_TOKEN = HAS_AUTH_PREFIX + READ_TARGET_SEC_TOKEN
+                + HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#CREATE_TARGET} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_CREATE_TARGET = HAS_AUTH_PREFIX + CREATE_TARGET + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#DELETE_TARGET} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_DELETE_TARGET = HAS_AUTH_PREFIX + DELETE_TARGET + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#READ_REPOSITORY} and
+         * {@link SpPermission#UPDATE_TARGET} or {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_READ_REPOSITORY_AND_UPDATE_TARGET = BRACKET_OPEN + HAS_AUTH_PREFIX
+                + READ_REPOSITORY + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX
+                + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#CREATE_REPOSITORY} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_CREATE_REPOSITORY = HAS_AUTH_PREFIX + CREATE_REPOSITORY + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#DELETE_REPOSITORY} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_DELETE_REPOSITORY = HAS_AUTH_PREFIX + DELETE_REPOSITORY + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#READ_REPOSITORY} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_READ_REPOSITORY = HAS_AUTH_PREFIX + READ_REPOSITORY + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#UPDATE_REPOSITORY} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_UPDATE_REPOSITORY = HAS_AUTH_PREFIX + UPDATE_REPOSITORY + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#READ_REPOSITORY} and
+         * {@link SpPermission#READ_TARGET} or {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_READ_REPOSITORY_AND_READ_TARGET = BRACKET_OPEN + HAS_AUTH_PREFIX
+                + READ_REPOSITORY + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX
+                + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#DOWNLOAD_REPOSITORY_ARTIFACT} or
+         * {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_DOWNLOAD_ARTIFACT = HAS_AUTH_PREFIX + DOWNLOAD_REPOSITORY_ARTIFACT
+                + HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAnyRole expression to check if the spring
+         * context contains the anoynmous role or the controller specific role
+         * {@link SpringEvalExpressions#CONTROLLER_ROLE}.
+         */
+        public static final String IS_CONTROLLER = "hasAnyRole('" + CONTROLLER_ROLE_ANONYMOUS + "', '" + CONTROLLER_ROLE
+                + "')";
+
+        /**
+         * Spring security eval hasAuthority expression to check if the spring
+         * context contains the role to allow controllers to download specific
+         * role {@link SpringEvalExpressions#CONTROLLER_DOWNLOAD_ROLE}
+         */
+        public static final String HAS_CONTROLLER_DOWNLOAD = HAS_AUTH_PREFIX + CONTROLLER_DOWNLOAD_ROLE
+                + HAS_AUTH_SUFFIX;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#CREATE_REPOSITORY} and
+         * {@link SpPermission#CREATE_TARGET} or {@link #IS_SYSTEM_CODE}.
+         */
+        public static final String HAS_AUTH_CREATE_REPOSITORY_AND_CREATE_TARGET = BRACKET_OPEN + HAS_AUTH_PREFIX
+                + CREATE_REPOSITORY + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + CREATE_TARGET + HAS_AUTH_SUFFIX
+                + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;
+
+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#ROLLOUT_MANAGEMENT} or
+         * {@link #IS_SYSTEM_CODE}.
         */
        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
-                + HAS_AUTH_SUFFIX;
+                + HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;

        /**
         * Spring security eval hasAuthority expression to check if spring
         * context contains {@link SpPermission#ROLLOUT_MANAGEMENT} and
-         * {@link SpPermission#READ_TARGET}
+         * {@link SpPermission#READ_TARGET} or {@link #IS_SYSTEM_CODE}.
         */
-        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ = HAS_AUTH_PREFIX
-                + ROLLOUT_MANAGEMENT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX;
+        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_READ_AND_TARGET_READ = BRACKET_OPEN + HAS_AUTH_PREFIX
+                + ROLLOUT_MANAGEMENT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX
+                + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;

        /**
         * Spring security eval hasAuthority expression to check if spring
         * context contains {@link SpPermission#ROLLOUT_MANAGEMENT} and
-         * {@link SpPermission#UPDATE_TARGET}.
+         * {@link SpPermission#UPDATE_TARGET} or {@link #IS_SYSTEM_CODE}.
         */
-        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
-                + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;
+        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = BRACKET_OPEN + HAS_AUTH_PREFIX
+                + ROLLOUT_MANAGEMENT + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET
+                + HAS_AUTH_SUFFIX + BRACKET_CLOSE + HAS_AUTH_OR + IS_SYSTEM_CODE;

        /**
         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#TENANT_CONFIGURATION}
+         * context contains {@link SpPermission#TENANT_CONFIGURATION} or
+         * {@link #IS_SYSTEM_CODE}.
         */
        public static final String HAS_AUTH_TENANT_CONFIGURATION = HAS_AUTH_PREFIX + TENANT_CONFIGURATION
-                + HAS_AUTH_SUFFIX;
+                + HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;

        /**
         * Spring security eval hasAuthority expression to check if spring
-         * context contains {@link SpPermission#SYSTEM_MONITOR}
+         * context contains {@link SpPermission#SYSTEM_MONITOR} or
+         * {@link #IS_SYSTEM_CODE}.
         */
-        public static final String HAS_AUTH_SYSTEM_MONITOR = HAS_AUTH_PREFIX + SYSTEM_MONITOR + HAS_AUTH_SUFFIX;
+        public static final String HAS_AUTH_SYSTEM_MONITOR = HAS_AUTH_PREFIX + SYSTEM_MONITOR + HAS_AUTH_SUFFIX
+                + HAS_AUTH_OR + IS_SYSTEM_CODE;

        private SpringEvalExpressions() {
            // utility class