Add REST API security filter chain customization (#1788)
It is called just before the build and could be used for instance to set application provider. Note: implementation of customizers shall always take in account what is the already set by the hawkBit Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
@@ -16,6 +16,7 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
|
||||
@@ -88,7 +89,7 @@ public class OidcUserManagementAutoConfiguration {
|
||||
return new JwtAuthoritiesOidcUserService(extractor);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Bean("hawkbitOAuth2ResourceServerCustomizer")
|
||||
@ConditionalOnMissingBean
|
||||
Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer(
|
||||
final InMemoryClientRegistrationRepository clientRegistrationRepository,
|
||||
|
||||
@@ -39,6 +39,7 @@ import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvide
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
@@ -56,6 +57,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -425,7 +427,15 @@ public class SecurityManagedConfiguration {
|
||||
SecurityFilterChain filterChainREST(
|
||||
final HttpSecurity http,
|
||||
@Autowired(required = false)
|
||||
@Qualifier("hawkbitOAuth2ResourceServerCustomizer")
|
||||
final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
||||
// called just before build of the SecurityFilterChain.
|
||||
// could be used for instance to set authentication provider
|
||||
// Note: implementation of the customizer shall always take in account what is the already set by the
|
||||
// hawkBit
|
||||
@Autowired(required = false)
|
||||
@Qualifier("hawkbitHttpSecurityCustomizer")
|
||||
final Customizer<HttpSecurity> httpSecurityCustomizer,
|
||||
final SystemManagement systemManagement,
|
||||
final SystemSecurityContext systemSecurityContext) throws Exception {
|
||||
http
|
||||
@@ -470,6 +480,10 @@ public class SecurityManagedConfiguration {
|
||||
});
|
||||
}
|
||||
|
||||
if (httpSecurityCustomizer != null) {
|
||||
httpSecurityCustomizer.customize(http);
|
||||
}
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user