Fix auth -> authentication in some props in SDK (#2839)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -23,7 +23,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||
* hasRole([role]) Returns true if the current principal has the specified role.
|
||||
* hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings)
|
||||
* principal Allows direct access to the principal object representing the current user
|
||||
* auth Allows direct access to the current Authentication object obtained from the SecurityContext
|
||||
* authentication Allows direct access to the current Authentication object obtained from the SecurityContext
|
||||
* permitAll Always evaluates to true
|
||||
* denyAll Always evaluates to false
|
||||
* isAnonymous() Returns true if the current principal is an anonymous user
|
||||
|
||||
@@ -332,7 +332,7 @@ public class AccessContext {
|
||||
}
|
||||
|
||||
// simplified info for the security context keeping just the basic info needed for background execution of
|
||||
// controller auth is not supported - always is false
|
||||
// controller authentication is not supported - always is false
|
||||
// only authenticated user is supported
|
||||
@NoArgsConstructor
|
||||
@Data
|
||||
@@ -342,7 +342,6 @@ public class AccessContext {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private String tenant;
|
||||
// auditor / username (auth principal name)
|
||||
private String auditor = "n/a"; // default value "n/a" is used only on deserialization if field is missing
|
||||
@JsonProperty(required = true)
|
||||
private String[] authorities;
|
||||
@@ -354,7 +353,7 @@ public class AccessContext {
|
||||
}
|
||||
if (authentication.getDetails() instanceof TenantAwareAuthenticationDetails tenantAwareDetails) {
|
||||
if (tenantAwareDetails.controller()) {
|
||||
throw new IllegalStateException("Controller auth context is not supported");
|
||||
throw new IllegalStateException("Controller authentication context is not supported");
|
||||
}
|
||||
tenant = tenantAwareDetails.tenant();
|
||||
} else if (authentication.getPrincipal() instanceof TenantAwareUser tenantAwareUser) {
|
||||
@@ -362,7 +361,7 @@ public class AccessContext {
|
||||
}
|
||||
|
||||
// keep the auditor, ofr audit purposes,
|
||||
// sets principal to the resolved auditor and then deserialized auth will return it as principal
|
||||
// sets principal to the resolved auditor and then deserialized authentication will return it as principal
|
||||
// since the class is not known to auditor aware - it shall used default - principal as auditor
|
||||
auditor = resolve(authentication);
|
||||
authorities = authentication.getAuthorities().stream().map(Object::toString).toArray(String[]::new);
|
||||
@@ -417,7 +416,7 @@ public class AccessContext {
|
||||
|
||||
/**
|
||||
* An implementation of the Spring's {@link Authentication} object which is used within a system security code block and
|
||||
* wraps the original auth object. The wrapped object contains the necessary {@link SpRole#SYSTEM_ROLE}
|
||||
* wraps the original authentication object. The wrapped object contains the necessary {@link SpRole#SYSTEM_ROLE}
|
||||
* which is allowed to execute all secured methods.
|
||||
*/
|
||||
static final class SystemCodeAuthentication implements Authentication {
|
||||
|
||||
@@ -49,7 +49,7 @@ public class Mdc {
|
||||
}
|
||||
|
||||
/**
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the auth in the MDC context.
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the authentication in the MDC context.
|
||||
*
|
||||
* @param <T> the return type
|
||||
* @param callable the callable to execute
|
||||
@@ -81,7 +81,7 @@ public class Mdc {
|
||||
}
|
||||
|
||||
/**
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the auth in the MDC context.
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the authentication in the MDC context.
|
||||
* Calls the {@link #withAuth(Callable)} method and wraps any catchable exception into a {@link RuntimeException}.
|
||||
*
|
||||
* @param <T> the return type
|
||||
@@ -116,7 +116,7 @@ public class Mdc {
|
||||
}
|
||||
|
||||
/**
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the auth in the MDC context.
|
||||
* Executes callable and returns the result. If MDC is enabled, it sets the tenant and / or actor from the authentication in the MDC context.
|
||||
* Calls the {@link #asTenantAsActor(String, String, Callable)} method and wraps any catchable exception into a {@link RuntimeException}.
|
||||
*
|
||||
* @param <T> the return type
|
||||
|
||||
@@ -43,11 +43,11 @@ public class HawkbitSecurityProperties {
|
||||
*/
|
||||
private List<String> httpFirewallIgnoredPaths;
|
||||
/**
|
||||
* Basic auth realm, see https://tools.ietf.org/html/rfc2617#page-3 .
|
||||
* Basic authentication realm, see https://tools.ietf.org/html/rfc2617#page-3 .
|
||||
*/
|
||||
private String basicRealm = "hawkBit";
|
||||
/**
|
||||
* If to allow http auth when there is OAuth2 auth enabled.
|
||||
* If to allow http authentication when there is OAuth2 authentication enabled.
|
||||
*/
|
||||
private boolean allowHttpBasicOnOAuthEnabled = false;
|
||||
|
||||
|
||||
@@ -15,8 +15,8 @@ import java.io.Serializable;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
|
||||
/**
|
||||
* An auth details object {@link AbstractAuthenticationToken#getDetails()} which is stored in the
|
||||
* spring security auth token details to transport the principal and tenant in the security context session.
|
||||
* An authentication details object {@link AbstractAuthenticationToken#getDetails()} which is stored in the
|
||||
* spring security authentication token details to transport the principal and tenant in the security context session.
|
||||
*/
|
||||
public record TenantAwareAuthenticationDetails(String tenant, boolean controller) implements Serializable {
|
||||
|
||||
|
||||
@@ -27,39 +27,39 @@ class AccessContextAsSystemTest {
|
||||
|
||||
@Test
|
||||
void test() {
|
||||
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
|
||||
"test", "pass", List.of(new SimpleGrantedAuthority("anonymous")));
|
||||
auth.setDetails("string details");
|
||||
test(auth);
|
||||
authentication.setDetails("string details");
|
||||
test(authentication);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testWithNullPrincipal() {
|
||||
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
|
||||
null, "pass", List.of(new SimpleGrantedAuthority("anonymous")));
|
||||
auth.setDetails("string details");
|
||||
test(auth);
|
||||
authentication.setDetails("string details");
|
||||
test(authentication);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testWithNullCredentials() {
|
||||
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
|
||||
"test", null, List.of(new SimpleGrantedAuthority("anonymous")));
|
||||
auth.setDetails("string details");
|
||||
test(auth);
|
||||
authentication.setDetails("string details");
|
||||
test(authentication);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testWitAllNull() {
|
||||
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
|
||||
null, null, List.of(new SimpleGrantedAuthority("anonymous")));
|
||||
auth.setDetails(null);
|
||||
test(auth);
|
||||
authentication.setDetails(null);
|
||||
test(authentication);
|
||||
}
|
||||
|
||||
private static void test(final UsernamePasswordAuthenticationToken auth) {
|
||||
private static void test(final UsernamePasswordAuthenticationToken authentication) {
|
||||
final SecurityContext sc = SecurityContextHolder.createEmptyContext();
|
||||
sc.setAuthentication(auth);
|
||||
sc.setAuthentication(authentication);
|
||||
SecurityContextHolder.setContext(sc);
|
||||
asSystemAsTenant("tenant", () -> {
|
||||
final Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
Reference in New Issue
Block a user