diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java index 498fd2e90..0edae78db 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java @@ -16,6 +16,7 @@ import java.util.Map; import java.util.Set; import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition; @@ -88,7 +89,7 @@ public class OidcUserManagementAutoConfiguration { return new JwtAuthoritiesOidcUserService(extractor); } - @Bean + @Bean("hawkbitOAuth2ResourceServerCustomizer") @ConditionalOnMissingBean Customizer> oauth2ResourceServerCustomizer( final InMemoryClientRegistrationRepository clientRegistrationRepository, diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index 5819c1323..55c9f8356 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -39,6 +39,7 @@ import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvide import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.tenancy.TenantAware; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; @@ -56,6 +57,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.Authentication; @@ -425,7 +427,15 @@ public class SecurityManagedConfiguration { SecurityFilterChain filterChainREST( final HttpSecurity http, @Autowired(required = false) + @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer> oauth2ResourceServerCustomizer, + // called just before build of the SecurityFilterChain. + // could be used for instance to set authentication provider + // Note: implementation of the customizer shall always take in account what is the already set by the + // hawkBit + @Autowired(required = false) + @Qualifier("hawkbitHttpSecurityCustomizer") + final Customizer httpSecurityCustomizer, final SystemManagement systemManagement, final SystemSecurityContext systemSecurityContext) throws Exception { http @@ -470,6 +480,10 @@ public class SecurityManagedConfiguration { }); } + if (httpSecurityCustomizer != null) { + httpSecurityCustomizer.customize(http); + } + return http.build(); }