Added System Security Context as attribute to AbstractControllerAuthenticationFilter

This is necessary, because the tenant configuration methods are only accessable with specific permissions.
With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions.

* updated the chaine of condtructors to set the context in the filter class
* added SystemRunner permission to TenantConfigurationManagement
* Autowired the system context to AMQP and HTTP controller

Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
Fabian Nonnenmacher
2016-02-05 11:01:06 +01:00
committed by Nonnenmacher Fabian
parent 57e040aec1
commit 2be4922615
11 changed files with 65 additions and 36 deletions

View File

@@ -24,6 +24,7 @@ import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilt
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.PreAuthenficationFilter;
import org.eclipse.hawkbit.security.SecurityProperties;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -57,6 +58,9 @@ public class AmqpControllerAuthentfication {
@Autowired
private SecurityProperties secruityProperties;
@Autowired
private SystemSecurityContext systemSecurityContext;
/**
* Constructor.
*/
@@ -74,16 +78,16 @@ public class AmqpControllerAuthentfication {
private void addFilter() {
final ControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new ControllerPreAuthenticatedGatewaySecurityTokenFilter(
tenantConfigurationManagement, tenantAware);
tenantConfigurationManagement, tenantAware, systemSecurityContext);
filterChain.add(gatewaySecurityTokenFilter);
final ControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new ControllerPreAuthenticatedSecurityHeaderFilter(
secruityProperties.getRpCnHeader(), secruityProperties.getRpSslIssuerHashHeader(),
tenantConfigurationManagement, tenantAware);
tenantConfigurationManagement, tenantAware, systemSecurityContext);
filterChain.add(securityHeaderFilter);
final ControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new ControllerPreAuthenticateSecurityTokenFilter(
tenantConfigurationManagement, controllerManagement, tenantAware);
tenantConfigurationManagement, controllerManagement, tenantAware, systemSecurityContext);
filterChain.add(securityTokenFilter);
filterChain.add(new CoapAnonymousPreAuthenticatedFilter());