Added System Security Context as attribute to AbstractControllerAuthenticationFilter
This is necessary, because the tenant configuration methods are only accessable with specific permissions. With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions. * updated the chaine of condtructors to set the context in the filter class * added SystemRunner permission to TenantConfigurationManagement * Autowired the system context to AMQP and HTTP controller Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
committed by
Nonnenmacher Fabian
parent
57e040aec1
commit
2be4922615
@@ -24,6 +24,7 @@ import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilt
|
||||
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
||||
import org.eclipse.hawkbit.security.PreAuthenficationFilter;
|
||||
import org.eclipse.hawkbit.security.SecurityProperties;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -57,6 +58,9 @@ public class AmqpControllerAuthentfication {
|
||||
@Autowired
|
||||
private SecurityProperties secruityProperties;
|
||||
|
||||
@Autowired
|
||||
private SystemSecurityContext systemSecurityContext;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*/
|
||||
@@ -74,16 +78,16 @@ public class AmqpControllerAuthentfication {
|
||||
|
||||
private void addFilter() {
|
||||
final ControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||
tenantConfigurationManagement, tenantAware);
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(gatewaySecurityTokenFilter);
|
||||
|
||||
final ControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new ControllerPreAuthenticatedSecurityHeaderFilter(
|
||||
secruityProperties.getRpCnHeader(), secruityProperties.getRpSslIssuerHashHeader(),
|
||||
tenantConfigurationManagement, tenantAware);
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(securityHeaderFilter);
|
||||
|
||||
final ControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new ControllerPreAuthenticateSecurityTokenFilter(
|
||||
tenantConfigurationManagement, controllerManagement, tenantAware);
|
||||
tenantConfigurationManagement, controllerManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(securityTokenFilter);
|
||||
|
||||
filterChain.add(new CoapAnonymousPreAuthenticatedFilter());
|
||||
|
||||
Reference in New Issue
Block a user