Refactor header authority controller authentication (#2954)

1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly. 2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority 3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1 4. Doc fixed 5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-03-12 10:36:37 +02:00
parent a1608cce19
commit 011d7f567e
8 changed files with 127 additions and 126 deletions
--- a/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/tenancy/configuration/TenantConfigurationProperties.java
+++ b/hawkbit-repository/hawkbit-repository-api/src/main/java/org/eclipse/hawkbit/tenancy/configuration/TenantConfigurationProperties.java
@@ -69,9 +69,9 @@ public class TenantConfigurationProperties {
         */
        public static final String AUTHENTICATION_HEADER_ENABLED = "authentication.header.enabled";
        /**
-         * Header based authentication authority name.
+         * Header based authentication authority(-ies, could be list).
         */
-        public static final String AUTHENTICATION_HEADER_AUTHORITY_NAME = "authentication.header.authority";
+        public static final String AUTHENTICATION_HEADER_AUTHORITY = "authentication.header.authority";
        /**
         * Target token based authentication enabled.
         */