Refactor header authority controller authentication (#2954)
1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly. 2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority 3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1 4. Doc fixed 5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -83,8 +83,7 @@ class ControllerDownloadSecurityConfiguration {
|
||||
.anonymous(AbstractHttpConfigurer::disable)
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityHeaderAuthenticationFilter(
|
||||
new SecurityHeaderAuthenticator(
|
||||
ddiSecurityConfiguration.getRp().getCnHeader(), ddiSecurityConfiguration.getRp().getSslIssuerHashHeader()),
|
||||
new SecurityHeaderAuthenticator(ddiSecurityConfiguration.getRp()),
|
||||
ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityTokenAuthenticationFilter(
|
||||
new SecurityTokenAuthenticator(controllerManagement),
|
||||
|
||||
@@ -91,9 +91,7 @@ class ControllerSecurityConfiguration {
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.addFilterBefore(
|
||||
new AuthenticationFilters.SecurityHeaderAuthenticationFilter(
|
||||
new SecurityHeaderAuthenticator(
|
||||
ddiSecurityConfiguration.getRp().getCnHeader(),
|
||||
ddiSecurityConfiguration.getRp().getSslIssuerHashHeader()), ddiSecurityConfiguration),
|
||||
new SecurityHeaderAuthenticator(ddiSecurityConfiguration.getRp()), ddiSecurityConfiguration),
|
||||
AuthorizationFilter.class)
|
||||
.addFilterBefore(
|
||||
new AuthenticationFilters.SecurityTokenAuthenticationFilter(
|
||||
|
||||
Reference in New Issue
Block a user