Added System Security Context as attribute to AbstractControllerAuthenticationFilter

This is necessary, because the tenant configuration methods are only accessable with specific permissions.
With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions.

* updated the chaine of condtructors to set the context in the filter class
* added SystemRunner permission to TenantConfigurationManagement
* Autowired the system context to AMQP and HTTP controller

Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>

hawkbit-http-security/src/main/java/org/eclipse/hawkbit/security/AbstractHttpControllerAuthenticationFilter.java

@@ -57,6 +57,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
             + "}/controller/artifacts/v1/**";
     protected TenantConfigurationManagement tenantConfigurationManagement;
     protected TenantAware tenantAware;
+    protected SystemSecurityContext systemSecurityContext;
 
     private final AntPathMatcher pathExtractor;
 
@@ -71,9 +72,10 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
      *            the tenant aware service
      */
     public AbstractHttpControllerAuthenticationFilter(final TenantConfigurationManagement tenantConfigurationManagement,
-            final TenantAware tenantAware) {
+            final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
         this.tenantConfigurationManagement = tenantConfigurationManagement;
         this.tenantAware = tenantAware;
+        this.systemSecurityContext = systemSecurityContext;
         pathExtractor = new AntPathMatcher();
     }
 

hawkbit-http-security/src/main/java/org/eclipse/hawkbit/security/HttpControllerPreAuthenticateSecurityTokenFilter.java

@@ -47,15 +47,15 @@ public class HttpControllerPreAuthenticateSecurityTokenFilter extends AbstractHt
      */
     public HttpControllerPreAuthenticateSecurityTokenFilter(
             final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
-            final ControllerManagement controllerManagement) {
-        super(tenantConfigurationManagement, tenantAware);
+            final ControllerManagement controllerManagement, final SystemSecurityContext systemSecurityContext) {
+        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
         this.controllerManagement = controllerManagement;
     }
 
     @Override
     protected PreAuthenficationFilter createControllerAuthenticationFilter() {
         return new ControllerPreAuthenticateSecurityTokenFilter(tenantConfigurationManagement, controllerManagement,
-                tenantAware);
+                tenantAware, systemSecurityContext);
     }
 
 }

hawkbit-http-security/src/main/java/org/eclipse/hawkbit/security/HttpControllerPreAuthenticatedGatewaySecurityTokenFilter.java

@@ -35,13 +35,15 @@ public class HttpControllerPreAuthenticatedGatewaySecurityTokenFilter
      *            tenant
      */
     public HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
-            final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware) {
-        super(tenantConfigurationManagement, tenantAware);
+            final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
+            final SystemSecurityContext systemSecurityContext) {
+        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
     }
 
     @Override
     protected PreAuthenficationFilter createControllerAuthenticationFilter() {
-        return new ControllerPreAuthenticatedGatewaySecurityTokenFilter(tenantConfigurationManagement, tenantAware);
+        return new ControllerPreAuthenticatedGatewaySecurityTokenFilter(tenantConfigurationManagement, tenantAware,
+                systemSecurityContext);
     }
 
 }

hawkbit-http-security/src/main/java/org/eclipse/hawkbit/security/HttpControllerPreAuthenticatedSecurityHeaderFilter.java

@@ -45,8 +45,8 @@ public class HttpControllerPreAuthenticatedSecurityHeaderFilter extends Abstract
      */
     public HttpControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
             final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
-            final TenantAware tenantAware) {
-        super(tenantConfigurationManagement, tenantAware);
+            final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
+        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
         this.caCommonNameHeader = caCommonNameHeader;
         this.caAuthorityNameHeader = caAuthorityNameHeader;
     }
@@ -54,7 +54,7 @@ public class HttpControllerPreAuthenticatedSecurityHeaderFilter extends Abstract
     @Override
     protected PreAuthenficationFilter createControllerAuthenticationFilter() {
         return new ControllerPreAuthenticatedSecurityHeaderFilter(caCommonNameHeader, caAuthorityNameHeader,
-                tenantConfigurationManagement, tenantAware);
+                tenantConfigurationManagement, tenantAware, systemSecurityContext);
     }
 
 }