Refactor TenantAware - remove TenantRunner and replace with standard Runnable / Callable (#2755)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-10-14 16:36:42 +03:00
parent 0a2f18fbad
commit 04cd9fb30d
14 changed files with 88 additions and 118 deletions
--- a/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/Authenticator.java
+++ b/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/Authenticator.java
@@ -12,6 +12,7 @@ package org.eclipse.hawkbit.security.controller;
 import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
+import java.util.concurrent.Callable;

 import lombok.EqualsAndHashCode;
 import org.eclipse.hawkbit.im.authentication.SpRole;
@@ -49,7 +50,7 @@ public interface Authenticator {
        protected final TenantConfigurationManagement tenantConfigurationManagement;
        protected final TenantAware tenantAware;
        protected final SystemSecurityContext systemSecurityContext;
-        private final TenantAware.TenantRunner<Boolean> isEnabledTenantRunner;
+        private final Callable<Boolean> isEnabledGetter;

        protected AbstractAuthenticator(
                final TenantConfigurationManagement tenantConfigurationManagement,
@@ -57,12 +58,12 @@ public interface Authenticator {
            this.tenantConfigurationManagement = tenantConfigurationManagement;
            this.tenantAware = tenantAware;
            this.systemSecurityContext = systemSecurityContext;
-            isEnabledTenantRunner = () -> systemSecurityContext.runAsSystem(
+            isEnabledGetter = () -> systemSecurityContext.runAsSystem(
                    () -> tenantConfigurationManagement.getConfigurationValue(getTenantConfigurationKey(), Boolean.class).getValue());
        }

        protected boolean isEnabled(final ControllerSecurityToken securityToken) {
-            return tenantAware.runAsTenant(securityToken.getTenant(), isEnabledTenantRunner);
+            return tenantAware.runAsTenant(securityToken.getTenant(), isEnabledGetter);
        }

        protected abstract String getTenantConfigurationKey();
--- a/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/GatewayTokenAuthenticator.java
+++ b/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/GatewayTokenAuthenticator.java
@@ -9,6 +9,11 @@
 */
 package org.eclipse.hawkbit.security.controller;

+import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_ENABLED;
+import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY;
+
+import java.util.concurrent.Callable;
+
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
@@ -30,19 +35,18 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat
    public static final String GATEWAY_SECURITY_TOKEN_AUTH_SCHEME = "GatewayToken ";
    private static final int OFFSET_GATEWAY_TOKEN = GATEWAY_SECURITY_TOKEN_AUTH_SCHEME.length();

-    private final TenantAware.TenantRunner<String> gatewaySecurityTokenKeyConfigRunner;
+    private final Callable<String> gatewaySecurityTokenKeyGetter;

    public GatewayTokenAuthenticator(
            final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
            final SystemSecurityContext systemSecurityContext) {
        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
-        gatewaySecurityTokenKeyConfigRunner = () -> {
-            log.trace("retrieving configuration value for configuration key {}",
-                    TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY);
+        gatewaySecurityTokenKeyGetter = () -> {
+            log.trace("retrieving configuration value for configuration key {}", AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY);

            return systemSecurityContext
                    .runAsSystem(() -> tenantConfigurationManagement
-                            .getConfigurationValue(TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY, String.class)
+                            .getConfigurationValue(AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY, String.class)
                            .getValue());
        };
    }
@@ -67,7 +71,7 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat
        final String presentedToken = authHeader.substring(OFFSET_GATEWAY_TOKEN);

        // validate if the presented token is the same as the gateway token
-        return presentedToken.equals(tenantAware.runAsTenant(controllerSecurityToken.getTenant(), gatewaySecurityTokenKeyConfigRunner))
+        return presentedToken.equals(tenantAware.runAsTenant(controllerSecurityToken.getTenant(), gatewaySecurityTokenKeyGetter))
                ? authenticatedController(controllerSecurityToken.getTenant(), controllerSecurityToken.getControllerId()) : null;
    }

@@ -78,6 +82,6 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat

    @Override
    protected String getTenantConfigurationKey() {
-        return TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_ENABLED;
+        return AUTHENTICATION_GATEWAY_SECURITY_TOKEN_ENABLED;
    }
 }
--- a/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
+++ b/hawkbit-ddi/hawkbit-ddi-security/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
@@ -11,6 +11,7 @@ package org.eclipse.hawkbit.security.controller;

 import java.util.Arrays;
 import java.util.List;
+import java.util.concurrent.Callable;

 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
@@ -47,7 +48,7 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic
    // header exists multiple times in the request for all trusted chains.
    private final String sslIssuerHashBasicHeader;

-    private final TenantAware.TenantRunner<String> sslIssuerNameConfigTenantRunner;
+    private final Callable<String> sslIssuerNameConfigGetter;

    public SecurityHeaderAuthenticator(
            final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
@@ -56,7 +57,7 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic
        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
        this.caCommonNameHeader = caCommonNameHeader;
        this.sslIssuerHashBasicHeader = caAuthorityNameHeader;
-        sslIssuerNameConfigTenantRunner = () -> systemSecurityContext.runAsSystem(
+        sslIssuerNameConfigGetter = () -> systemSecurityContext.runAsSystem(
                () -> tenantConfigurationManagement.getConfigurationValue(
                        TenantConfigurationKey.AUTHENTICATION_HEADER_AUTHORITY_NAME, String.class).getValue());
    }
@@ -81,7 +82,7 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic

        final String sslIssuerHashValue = getIssuerHashHeader(
                controllerSecurityToken,
-                tenantAware.runAsTenant(controllerSecurityToken.getTenant(), sslIssuerNameConfigTenantRunner));
+                tenantAware.runAsTenant(controllerSecurityToken.getTenant(), sslIssuerNameConfigGetter));
        if (sslIssuerHashValue == null) {
            log.debug("The request contains the 'common name' header but trusted hash is not found");
            return null;