Feature hawkbit uaa extension (#317)
* use UserPrincipal to determine tenant at runtime Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com> * add hawkbit-uaa extension Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com> * adapt WithSpringAuthorityRule with UserPrincipal for determine tenant Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com> * fix String principal in DDI download resource Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com> * merge the email to the UserPrincipal from the master manually Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com> * Fixed some grammar issues and typos Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
@@ -8,30 +8,22 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.im.authentication;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
|
||||
/**
|
||||
* A software provisioning user principal definition stored in the
|
||||
* {@link SecurityContext} which contains the user specific attributes.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class UserPrincipal implements UserDetails, Serializable {
|
||||
public class UserPrincipal extends User {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final String username;
|
||||
private final String firstname;
|
||||
private final String lastname;
|
||||
private final String loginname;
|
||||
@@ -53,8 +45,35 @@ public class UserPrincipal implements UserDetails, Serializable {
|
||||
* address of the user
|
||||
*/
|
||||
public UserPrincipal(final String username, final String firstname, final String lastname, final String loginname,
|
||||
final String tenant, final String email) {
|
||||
this.username = username;
|
||||
final String email, final String tenant) {
|
||||
this(username, "***", lastname, firstname, loginname, email, tenant, Collections.emptyList());
|
||||
}
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* the user name of the user
|
||||
* @param password
|
||||
* the password of the user
|
||||
* @param firstname
|
||||
* the first name of the user
|
||||
* @param lastname
|
||||
* the last name of the user
|
||||
* @param loginname
|
||||
* the login name of user
|
||||
* @param tenant
|
||||
* the tenant of the user
|
||||
* @param email
|
||||
* address of the user
|
||||
* @param authorities
|
||||
* the authorities which the user has
|
||||
*/
|
||||
// too many parameters, builder pattern wouldn't work easy due the super
|
||||
// constructor.
|
||||
@SuppressWarnings("squid:S00107")
|
||||
public UserPrincipal(final String username, final String password, final String firstname, final String lastname,
|
||||
final String loginname, final String email, final String tenant,
|
||||
final Collection<? extends GrantedAuthority> authorities) {
|
||||
super(username, password, authorities);
|
||||
this.firstname = firstname;
|
||||
this.lastname = lastname;
|
||||
this.loginname = loginname;
|
||||
@@ -62,38 +81,18 @@ public class UserPrincipal implements UserDetails, Serializable {
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the username
|
||||
*/
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the firstname
|
||||
*/
|
||||
public String getFirstname() {
|
||||
return firstname;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the lastname
|
||||
*/
|
||||
public String getLastname() {
|
||||
return lastname;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the loginname
|
||||
*/
|
||||
public String getLoginname() {
|
||||
return loginname;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the tenant
|
||||
*/
|
||||
public String getTenant() {
|
||||
return tenant;
|
||||
}
|
||||
@@ -102,16 +101,6 @@ public class UserPrincipal implements UserDetails, Serializable {
|
||||
return email;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<SimpleGrantedAuthority> getAuthorities() {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPassword() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return true;
|
||||
@@ -119,7 +108,7 @@ public class UserPrincipal implements UserDetails, Serializable {
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -11,14 +11,19 @@ package org.eclipse.hawkbit.security;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
|
||||
/**
|
||||
* A {@link TenantAware} implemenation which retrieves the ID of the tenant from
|
||||
* the {@link SecurityContext#getAuthentication()}
|
||||
@@ -32,9 +37,9 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
public String getCurrentTenant() {
|
||||
final SecurityContext context = SecurityContextHolder.getContext();
|
||||
if (context.getAuthentication() != null) {
|
||||
final Object authDetails = context.getAuthentication().getDetails();
|
||||
if (authDetails instanceof TenantAwareAuthenticationDetails) {
|
||||
return ((TenantAwareAuthenticationDetails) authDetails).getTenant();
|
||||
final Object principal = context.getAuthentication().getPrincipal();
|
||||
if (principal instanceof UserPrincipal) {
|
||||
return ((UserPrincipal) principal).getTenant();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
@@ -66,12 +71,17 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
private static final class AuthenticationDelegate implements Authentication {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private static final String SYSTEM_USER = "system";
|
||||
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Lists
|
||||
.newArrayList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
|
||||
private final Authentication delegate;
|
||||
private final TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
|
||||
|
||||
private final UserPrincipal systemPrincipal;
|
||||
|
||||
private AuthenticationDelegate(final Authentication delegate, final String tenant) {
|
||||
this.delegate = delegate;
|
||||
tenantAwareAuthenticationDetails = new TenantAwareAuthenticationDetails(tenant, false);
|
||||
this.systemPrincipal = new UserPrincipal(SYSTEM_USER, SYSTEM_USER, SYSTEM_USER, SYSTEM_USER, SYSTEM_USER,
|
||||
null, tenant, SYSTEM_AUTHORITIES);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -111,12 +121,12 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
|
||||
@Override
|
||||
public Object getDetails() {
|
||||
return tenantAwareAuthenticationDetails;
|
||||
return (delegate != null) ? delegate.getDetails() : null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getPrincipal() {
|
||||
return (delegate != null) ? delegate.getPrincipal() : null;
|
||||
return systemPrincipal;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user