Added System Security Context as attribute to AbstractControllerAuthenticationFilter
This is necessary, because the tenant configuration methods are only accessable with specific permissions. With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions. * updated the chaine of condtructors to set the context in the filter class * added SystemRunner permission to TenantConfigurationManagement * Autowired the system context to AMQP and HTTP controller Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
committed by
Nonnenmacher Fabian
parent
57e040aec1
commit
2be4922615
@@ -29,11 +29,13 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
|
||||
protected final TenantConfigurationManagement tenantConfigurationManagement;
|
||||
protected final TenantAware tenantAware;
|
||||
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
|
||||
protected final SystemSecurityContext systemSecurityContext;
|
||||
|
||||
protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement,
|
||||
final TenantAware tenantAware) {
|
||||
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||
this.tenantConfigurationManagement = systemManagement;
|
||||
this.tenantAware = tenantAware;
|
||||
this.systemSecurityContext = systemSecurityContext;
|
||||
this.configurationKeyTenantRunner = new SecurityConfigurationKeyTenantRunner();
|
||||
}
|
||||
|
||||
@@ -53,9 +55,10 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
|
||||
private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> {
|
||||
@Override
|
||||
public Boolean run() {
|
||||
|
||||
LOGGER.trace("retrieving configuration value for configuration key {}", getTenantConfigurationKey());
|
||||
return tenantConfigurationManagement.getConfigurationValue(getTenantConfigurationKey(), Boolean.class)
|
||||
.getValue();
|
||||
return systemSecurityContext.runAsSystem(() -> tenantConfigurationManagement
|
||||
.getConfigurationValue(getTenantConfigurationKey(), Boolean.class).getValue());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -45,8 +45,8 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param systemManagement
|
||||
* the system management service to retrieve configuration
|
||||
* @param tenantConfigurationManagement
|
||||
* the tenant management service to retrieve configuration
|
||||
* properties
|
||||
* @param controllerManagement
|
||||
* the controller management to retrieve the specific target
|
||||
@@ -54,11 +54,15 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
||||
* @param tenantAware
|
||||
* the tenant aware service to get configuration for the specific
|
||||
* tenant
|
||||
* @param systemSecurityContext
|
||||
* the system security context to get access to tenant
|
||||
* configuration
|
||||
*/
|
||||
public ControllerPreAuthenticateSecurityTokenFilter(
|
||||
final TenantConfigurationManagement tenantConfigurationManagement,
|
||||
final ControllerManagement controllerManagement, final TenantAware tenantAware) {
|
||||
super(tenantConfigurationManagement, tenantAware);
|
||||
final ControllerManagement controllerManagement, final TenantAware tenantAware,
|
||||
final SystemSecurityContext systemSecurityContext) {
|
||||
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
this.controllerManagement = controllerManagement;
|
||||
}
|
||||
|
||||
|
||||
@@ -39,16 +39,20 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param systemManagement
|
||||
* the system management service to retrieve configuration
|
||||
* @param tenantConfigurationManagement
|
||||
* the tenant management service to retrieve configuration
|
||||
* properties
|
||||
* @param tenantAware
|
||||
* the tenant aware service to get configuration for the specific
|
||||
* tenant
|
||||
* @param systemSecurityContext
|
||||
* the system security context to get access to tenant
|
||||
* configuration
|
||||
*/
|
||||
public ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware) {
|
||||
super(tenantConfigurationManagement, tenantAware);
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||
final SystemSecurityContext systemSecurityContext) {
|
||||
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -84,8 +88,12 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
||||
public String run() {
|
||||
LOGGER.trace("retrieving configuration value for configuration key {}",
|
||||
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY);
|
||||
return tenantConfigurationManagement.getConfigurationValue(
|
||||
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY, String.class).getValue();
|
||||
|
||||
return systemSecurityContext
|
||||
.runAsSystem(() -> tenantConfigurationManagement
|
||||
.getConfigurationValue(
|
||||
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY, String.class)
|
||||
.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -56,18 +56,20 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
||||
* @param caAuthorityNameHeader
|
||||
* the http-header which holds the ca-authority name of the
|
||||
* certificate
|
||||
* @param systemManagement
|
||||
* the system management service to retrieve configuration
|
||||
* properties to check if the header authentication is enabled
|
||||
* for this tenant
|
||||
* @param tenantConfigurationManagement
|
||||
* the tenant management service to retrieve configuration
|
||||
* properties
|
||||
* @param tenantAware
|
||||
* the tenant aware service to get configuration for the specific
|
||||
* tenant
|
||||
* @param systemSecurityContext
|
||||
* the system security context to get access to tenant
|
||||
* configuration
|
||||
*/
|
||||
public ControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
|
||||
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
|
||||
final TenantAware tenantAware) {
|
||||
super(tenantConfigurationManagement, tenantAware);
|
||||
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
this.caCommonNameHeader = caCommonNameHeader;
|
||||
this.sslIssuerHashBasicHeader = caAuthorityNameHeader;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user