Improve hawkBit user management (#1666)

1. Definded with properties users (static) are configured using property map (no need of indexes)
2. AuthenticationProvider that authenticates them is always registered (if not needed - don't configure them)
3. UserDetailsService (in case of missing - won't be registered)
4. Spring security user (spring.security.username) will be registered together with other users (if any). If any - it will be system-wide, otherwise tenant-scoped.
5. UserPrincipal renamed to TenantAwareUser in order to match its purpose.
6. Some if its fields are removes as not needed - to be closer to spring security user
7. DefaultRolloutApprovalStrategy now use UserAuthoritiesResolver instead of UserDetailsService as the central point of truth

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-02-26 16:56:37 +02:00
committed by GitHub
parent 783a5be2dd
commit 24d70827b7
16 changed files with 266 additions and 327 deletions

View File

@@ -18,7 +18,7 @@ import java.util.concurrent.Callable;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
import org.eclipse.hawkbit.im.authentication.UserTenantAware;
import org.eclipse.hawkbit.repository.model.helper.SystemManagementHolder;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -163,8 +163,7 @@ public class SecurityContextSwitch {
authorities = annotation.authorities();
}
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
new UserPrincipal(annotation.principal(), annotation.principal(), annotation.principal(),
annotation.principal(), null, annotation.tenantId()),
new UserTenantAware(annotation.principal(), annotation.tenantId()),
annotation.credentials(), authorities);
testingAuthenticationToken.setDetails(
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));

View File

@@ -25,7 +25,7 @@ import java.lang.annotation.Target;
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.METHOD, ElementType.TYPE })
@WithSecurityContext(factory = WithUser.WithUserPrincipalSecurityContextFactory.class)
@WithSecurityContext(factory = WithUser.WithTenantAwareUserSecurityContextFactory.class)
@Inherited
public @interface WithUser {
@@ -80,10 +80,10 @@ public @interface WithUser {
boolean controller() default false;
class WithUserPrincipalSecurityContextFactory implements WithSecurityContextFactory<WithUser> {
class WithTenantAwareUserSecurityContextFactory implements WithSecurityContextFactory<WithUser> {
@Override
public SecurityContext createSecurityContext(final WithUser withUserPrincipal) {
return new SecurityContextSwitch.WithUserSecurityContext(withUserPrincipal);
public SecurityContext createSecurityContext(final WithUser withTenantAwareUser) {
return new SecurityContextSwitch.WithUserSecurityContext(withTenantAwareUser);
}
}
}