Add REST API security filter chain customization (#1788)

It is called just before the build and could be used for instance to set application provider.
Note: implementation of customizers shall always take in account what is the already set by the hawkBit

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java

@@ -16,6 +16,7 @@ import java.util.Map;
 import java.util.Set;
 
 import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.security.oauth2.client.ClientsConfiguredCondition;
@@ -88,7 +89,7 @@ public class OidcUserManagementAutoConfiguration {
         return new JwtAuthoritiesOidcUserService(extractor);
     }
 
-    @Bean
+    @Bean("hawkbitOAuth2ResourceServerCustomizer")
     @ConditionalOnMissingBean
     Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer(
             final InMemoryClientRegistrationRepository clientRegistrationRepository,

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java

@@ -39,6 +39,7 @@ import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvide
 import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -56,6 +57,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
@@ -425,7 +427,15 @@ public class SecurityManagedConfiguration {
         SecurityFilterChain filterChainREST(
                 final HttpSecurity http,
                 @Autowired(required = false)
+                @Qualifier("hawkbitOAuth2ResourceServerCustomizer")
                 final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
+                // called just before build of the SecurityFilterChain.
+                // could be used for instance to set authentication provider
+                // Note: implementation of the customizer shall always take in account what is the already set by the
+                //       hawkBit
+                @Autowired(required = false)
+                @Qualifier("hawkbitHttpSecurityCustomizer")
+                final Customizer<HttpSecurity> httpSecurityCustomizer,
                 final SystemManagement systemManagement,
                 final SystemSecurityContext systemSecurityContext) throws Exception {
             http
@@ -470,6 +480,10 @@ public class SecurityManagedConfiguration {
                 });
             }
 
+            if (httpSecurityCustomizer != null) {
+                httpSecurityCustomizer.customize(http);
+            }
+
             return http.build();
         }