Improve hawkBit user management (#1666)
1. Definded with properties users (static) are configured using property map (no need of indexes) 2. AuthenticationProvider that authenticates them is always registered (if not needed - don't configure them) 3. UserDetailsService (in case of missing - won't be registered) 4. Spring security user (spring.security.username) will be registered together with other users (if any). If any - it will be system-wide, otherwise tenant-scoped. 5. UserPrincipal renamed to TenantAwareUser in order to match its purpose. 6. Some if its fields are removes as not needed - to be closer to spring security user 7. DefaultRolloutApprovalStrategy now use UserAuthoritiesResolver instead of UserDetailsService as the central point of truth Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -18,7 +18,7 @@ import java.util.concurrent.Callable;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
|
||||
import org.eclipse.hawkbit.im.authentication.UserTenantAware;
|
||||
import org.eclipse.hawkbit.repository.model.helper.SystemManagementHolder;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -163,8 +163,7 @@ public class SecurityContextSwitch {
|
||||
authorities = annotation.authorities();
|
||||
}
|
||||
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
|
||||
new UserPrincipal(annotation.principal(), annotation.principal(), annotation.principal(),
|
||||
annotation.principal(), null, annotation.tenantId()),
|
||||
new UserTenantAware(annotation.principal(), annotation.tenantId()),
|
||||
annotation.credentials(), authorities);
|
||||
testingAuthenticationToken.setDetails(
|
||||
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));
|
||||
|
||||
@@ -25,7 +25,7 @@ import java.lang.annotation.Target;
|
||||
*/
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ ElementType.METHOD, ElementType.TYPE })
|
||||
@WithSecurityContext(factory = WithUser.WithUserPrincipalSecurityContextFactory.class)
|
||||
@WithSecurityContext(factory = WithUser.WithTenantAwareUserSecurityContextFactory.class)
|
||||
@Inherited
|
||||
public @interface WithUser {
|
||||
|
||||
@@ -80,10 +80,10 @@ public @interface WithUser {
|
||||
|
||||
boolean controller() default false;
|
||||
|
||||
class WithUserPrincipalSecurityContextFactory implements WithSecurityContextFactory<WithUser> {
|
||||
class WithTenantAwareUserSecurityContextFactory implements WithSecurityContextFactory<WithUser> {
|
||||
@Override
|
||||
public SecurityContext createSecurityContext(final WithUser withUserPrincipal) {
|
||||
return new SecurityContextSwitch.WithUserSecurityContext(withUserPrincipal);
|
||||
public SecurityContext createSecurityContext(final WithUser withTenantAwareUser) {
|
||||
return new SecurityContextSwitch.WithUserSecurityContext(withTenantAwareUser);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user