lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Refactor header authority controller authentication (#2954)

Browse Source 
1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly.
2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority
3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1
4. Doc fixed
5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2026-03-12 10:36:37 +02:00
committed by GitHub
parent a1608cce19
commit 011d7f567e
8 changed files with 127 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/tenancy/configuration/TenantConfigurationProperties.java
View File

@@ -69,9 +69,9 @@ public class TenantConfigurationProperties {
*/
public static final String AUTHENTICATION_HEADER_ENABLED = "authentication.header.enabled";
/**
* Header based authentication authority name.
* Header based authentication authority(-ies, could be list).
*/
public static final String AUTHENTICATION_HEADER_AUTHORITY_NAME = "authentication.header.authority";
public static final String AUTHENTICATION_HEADER_AUTHORITY = "authentication.header.authority";
/**
* Target token based authentication enabled.
*/

2
hawkbit-repository/hawkbit-repository-jpa-init/src/main/java/org/eclipse/hawkbit/repository/jpa/init/HawkbitFlywayDbInit.java
View File

@@ -90,7 +90,7 @@ public class HawkbitFlywayDbInit {
log.info("Start ({}): {}@{}, table: {}, locations: {}, sql-migration-suffixes: {}",
MODE, USER, URL, TABLE, LOCATIONS, SQL_MIGRATION_SUFFIXES);
// configured via system properties callbacks are with prority. If not confiured - try to load via service loader
// configured via system properties callbacks are with priority. If not configured - try to load via service loader
final Callback[] callbackViaServiceLoader = CALLBACKS.length == 0 ? ServiceLoader.load(Callback.class).stream()
.map(ServiceLoader.Provider::get)
.toArray(Callback[]::new) : new Callback[0];