Fine-grained permissions (#2535)

* Fine-grained permissions Adds support for permissions of type <permission>(/<rsql filter scope>) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Apply review fixes --------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-07-10 13:51:49 +03:00
parent 7e8dd046e0
commit 21581c4ea4
69 changed files with 1492 additions and 1487 deletions
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/repository/JpaRepositoryAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/repository/JpaRepositoryAutoConfiguration.java
@@ -9,7 +9,7 @@
 */
 package org.eclipse.hawkbit.autoconfigure.repository;

-import org.eclipse.hawkbit.repository.jpa.RepositoryApplicationConfiguration;
+import org.eclipse.hawkbit.repository.jpa.JpaRepositoryConfiguration;
 import org.eclipse.hawkbit.repository.rsql.VirtualPropertyReplacer;
 import org.eclipse.hawkbit.repository.rsql.VirtualPropertyResolver;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -22,8 +22,8 @@ import org.springframework.context.annotation.Import;
 * Auto-Configuration for enabling JPA repository.
 */
@Configuration
-@ConditionalOnClass({ RepositoryApplicationConfiguration.class })
-@Import({ RepositoryApplicationConfiguration.class })
+@ConditionalOnClass({ JpaRepositoryConfiguration.class })
+@Import({ JpaRepositoryConfiguration.class })
 public class JpaRepositoryAutoConfiguration {

    /**
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/scheduling/ExecutorAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/scheduling/ExecutorAutoConfiguration.java
@@ -50,7 +50,7 @@ public class ExecutorAutoConfiguration {
    /**
     * @return ExecutorService with security context availability in thread execution.
     */
-    @Bean(destroyMethod = "shutdown")
+    @Bean(name = "asyncExecutor", destroyMethod = "shutdown")
    @ConditionalOnMissingBean
    public ExecutorService asyncExecutor() {
        return new DelegatingSecurityContextExecutorService(threadPoolExecutor());
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java
@@ -17,7 +17,7 @@ import java.util.stream.Collectors;
 import org.eclipse.hawkbit.ContextAware;
 import org.eclipse.hawkbit.audit.AuditContextProvider;
 import org.eclipse.hawkbit.audit.AuditLoggingAspect;
-import org.eclipse.hawkbit.im.authentication.SpRole;
+import org.eclipse.hawkbit.repository.RepositoryConfiguration;
 import org.eclipse.hawkbit.tenancy.TenantAware.DefaultTenantResolver;
 import org.eclipse.hawkbit.tenancy.TenantAware.TenantResolver;
 import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
@@ -39,11 +39,9 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.domain.AuditorAware;
-import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
-import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
-import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
@@ -57,6 +55,7 @@ import org.springframework.util.CollectionUtils;
 */
@Configuration
@EnableConfigurationProperties({ SecurityProperties.class, HawkbitSecurityProperties.class, TenantAwareUserProperties.class })
+@Import(RepositoryConfiguration.class)
 public class SecurityAutoConfiguration {

    @Bean
@@ -170,19 +169,4 @@ public class SecurityAutoConfiguration {
        simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login");
        return simpleUrlLogoutSuccessHandler;
    }
-
-    @Bean
-    @ConditionalOnMissingBean
-    static RoleHierarchy roleHierarchy() {
-        return RoleHierarchyImpl.fromHierarchy(SpRole.DEFAULT_ROLE_HIERARCHY);
-    }
-
-    // and, if using method security also add
-    @Bean
-    @ConditionalOnMissingBean
-    static MethodSecurityExpressionHandler methodSecurityExpressionHandler(final RoleHierarchy roleHierarchy) {
-        final DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
-        expressionHandler.setRoleHierarchy(roleHierarchy);
-        return expressionHandler;
-    }
 }