Feature hawkbit uaa extension (#317)

* use UserPrincipal to determine tenant at runtime

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

* add hawkbit-uaa extension

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

* adapt WithSpringAuthorityRule with UserPrincipal for determine tenant

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

* fix String principal in DDI download resource

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

* merge the email to the UserPrincipal from the master manually

Signed-off-by: Michael Hirsch <michael.hirsch@bosch-si.com>

* Fixed some grammar issues and typos

Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
Michael Hirsch
2016-10-31 13:16:03 +01:00
committed by GitHub
parent b7f5bf3d79
commit 22272ba3c1
15 changed files with 654 additions and 59 deletions

View File

@@ -8,30 +8,22 @@
*/
package org.eclipse.hawkbit.im.authentication;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.User;
/**
* A software provisioning user principal definition stored in the
* {@link SecurityContext} which contains the user specific attributes.
*
*
*
*
*/
public class UserPrincipal implements UserDetails, Serializable {
public class UserPrincipal extends User {
/**
*
*/
private static final long serialVersionUID = 1L;
private final String username;
private final String firstname;
private final String lastname;
private final String loginname;
@@ -53,8 +45,35 @@ public class UserPrincipal implements UserDetails, Serializable {
* address of the user
*/
public UserPrincipal(final String username, final String firstname, final String lastname, final String loginname,
final String tenant, final String email) {
this.username = username;
final String email, final String tenant) {
this(username, "***", lastname, firstname, loginname, email, tenant, Collections.emptyList());
}
/**
* @param username
* the user name of the user
* @param password
* the password of the user
* @param firstname
* the first name of the user
* @param lastname
* the last name of the user
* @param loginname
* the login name of user
* @param tenant
* the tenant of the user
* @param email
* address of the user
* @param authorities
* the authorities which the user has
*/
// too many parameters, builder pattern wouldn't work easy due the super
// constructor.
@SuppressWarnings("squid:S00107")
public UserPrincipal(final String username, final String password, final String firstname, final String lastname,
final String loginname, final String email, final String tenant,
final Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
this.firstname = firstname;
this.lastname = lastname;
this.loginname = loginname;
@@ -62,38 +81,18 @@ public class UserPrincipal implements UserDetails, Serializable {
this.email = email;
}
/**
* @return the username
*/
@Override
public String getUsername() {
return username;
}
/**
* @return the firstname
*/
public String getFirstname() {
return firstname;
}
/**
* @return the lastname
*/
public String getLastname() {
return lastname;
}
/**
* @return the loginname
*/
public String getLoginname() {
return loginname;
}
/**
* @return the tenant
*/
public String getTenant() {
return tenant;
}
@@ -102,16 +101,6 @@ public class UserPrincipal implements UserDetails, Serializable {
return email;
}
@Override
public Collection<SimpleGrantedAuthority> getAuthorities() {
return Collections.emptyList();
}
@Override
public String getPassword() {
return null;
}
@Override
public boolean isAccountNonExpired() {
return true;
@@ -119,7 +108,7 @@ public class UserPrincipal implements UserDetails, Serializable {
@Override
public boolean isAccountNonLocked() {
return false;
return true;
}
@Override

View File

@@ -11,14 +11,19 @@ package org.eclipse.hawkbit.security;
import java.util.Collection;
import java.util.Collections;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import com.google.common.collect.Lists;
/**
* A {@link TenantAware} implemenation which retrieves the ID of the tenant from
* the {@link SecurityContext#getAuthentication()}
@@ -32,9 +37,9 @@ public class SecurityContextTenantAware implements TenantAware {
public String getCurrentTenant() {
final SecurityContext context = SecurityContextHolder.getContext();
if (context.getAuthentication() != null) {
final Object authDetails = context.getAuthentication().getDetails();
if (authDetails instanceof TenantAwareAuthenticationDetails) {
return ((TenantAwareAuthenticationDetails) authDetails).getTenant();
final Object principal = context.getAuthentication().getPrincipal();
if (principal instanceof UserPrincipal) {
return ((UserPrincipal) principal).getTenant();
}
}
return null;
@@ -66,12 +71,17 @@ public class SecurityContextTenantAware implements TenantAware {
private static final class AuthenticationDelegate implements Authentication {
private static final long serialVersionUID = 1L;
private static final String SYSTEM_USER = "system";
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Lists
.newArrayList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
private final Authentication delegate;
private final TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
private final UserPrincipal systemPrincipal;
private AuthenticationDelegate(final Authentication delegate, final String tenant) {
this.delegate = delegate;
tenantAwareAuthenticationDetails = new TenantAwareAuthenticationDetails(tenant, false);
this.systemPrincipal = new UserPrincipal(SYSTEM_USER, SYSTEM_USER, SYSTEM_USER, SYSTEM_USER, SYSTEM_USER,
null, tenant, SYSTEM_AUTHORITIES);
}
@Override
@@ -111,12 +121,12 @@ public class SecurityContextTenantAware implements TenantAware {
@Override
public Object getDetails() {
return tenantAwareAuthenticationDetails;
return (delegate != null) ? delegate.getDetails() : null;
}
@Override
public Object getPrincipal() {
return (delegate != null) ? delegate.getPrincipal() : null;
return systemPrincipal;
}
@Override