Added System Security Context as attribute to AbstractControllerAuthenticationFilter
This is necessary, because the tenant configuration methods are only accessable with specific permissions. With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions. * updated the chaine of condtructors to set the context in the filter class * added SystemRunner permission to TenantConfigurationManagement * Autowired the system context to AMQP and HTTP controller Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
This commit is contained in:
committed by
Nonnenmacher Fabian
parent
57e040aec1
commit
2be4922615
@@ -39,6 +39,7 @@ import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedSecurityHeader
|
|||||||
import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
|
import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
|
||||||
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
||||||
import org.eclipse.hawkbit.security.SecurityProperties;
|
import org.eclipse.hawkbit.security.SecurityProperties;
|
||||||
|
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -127,6 +128,8 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
|||||||
private SecurityProperties securityConfiguration;
|
private SecurityProperties securityConfiguration;
|
||||||
@Autowired
|
@Autowired
|
||||||
private org.springframework.boot.autoconfigure.security.SecurityProperties springSecurityProperties;
|
private org.springframework.boot.autoconfigure.security.SecurityProperties springSecurityProperties;
|
||||||
|
@Autowired
|
||||||
|
private SystemSecurityContext systemSecurityContext;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(final HttpSecurity http) throws Exception {
|
protected void configure(final HttpSecurity http) throws Exception {
|
||||||
@@ -134,19 +137,19 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
|||||||
|
|
||||||
final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(
|
final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(
|
||||||
securityConfiguration.getRpCnHeader(), securityConfiguration.getRpSslIssuerHashHeader(),
|
securityConfiguration.getRpCnHeader(), securityConfiguration.getRpSslIssuerHashHeader(),
|
||||||
tenantConfigurationManagement, tenantAware);
|
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
securityHeaderFilter.setAuthenticationManager(authenticationManager());
|
securityHeaderFilter.setAuthenticationManager(authenticationManager());
|
||||||
securityHeaderFilter.setCheckForPrincipalChanges(true);
|
securityHeaderFilter.setCheckForPrincipalChanges(true);
|
||||||
securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||||
|
|
||||||
final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
|
final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
|
||||||
tenantConfigurationManagement, tenantAware, controllerManagement);
|
tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext);
|
||||||
securityTokenFilter.setAuthenticationManager(authenticationManager());
|
securityTokenFilter.setAuthenticationManager(authenticationManager());
|
||||||
securityTokenFilter.setCheckForPrincipalChanges(true);
|
securityTokenFilter.setCheckForPrincipalChanges(true);
|
||||||
securityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
securityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||||
|
|
||||||
final HttpControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
final HttpControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||||
tenantConfigurationManagement, tenantAware);
|
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
gatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
|
gatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
|
||||||
gatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
|
gatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
|
||||||
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilt
|
|||||||
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
||||||
import org.eclipse.hawkbit.security.PreAuthenficationFilter;
|
import org.eclipse.hawkbit.security.PreAuthenficationFilter;
|
||||||
import org.eclipse.hawkbit.security.SecurityProperties;
|
import org.eclipse.hawkbit.security.SecurityProperties;
|
||||||
|
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@@ -57,6 +58,9 @@ public class AmqpControllerAuthentfication {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private SecurityProperties secruityProperties;
|
private SecurityProperties secruityProperties;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private SystemSecurityContext systemSecurityContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*/
|
*/
|
||||||
@@ -74,16 +78,16 @@ public class AmqpControllerAuthentfication {
|
|||||||
|
|
||||||
private void addFilter() {
|
private void addFilter() {
|
||||||
final ControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
final ControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||||
tenantConfigurationManagement, tenantAware);
|
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
filterChain.add(gatewaySecurityTokenFilter);
|
filterChain.add(gatewaySecurityTokenFilter);
|
||||||
|
|
||||||
final ControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new ControllerPreAuthenticatedSecurityHeaderFilter(
|
final ControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new ControllerPreAuthenticatedSecurityHeaderFilter(
|
||||||
secruityProperties.getRpCnHeader(), secruityProperties.getRpSslIssuerHashHeader(),
|
secruityProperties.getRpCnHeader(), secruityProperties.getRpSslIssuerHashHeader(),
|
||||||
tenantConfigurationManagement, tenantAware);
|
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
filterChain.add(securityHeaderFilter);
|
filterChain.add(securityHeaderFilter);
|
||||||
|
|
||||||
final ControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new ControllerPreAuthenticateSecurityTokenFilter(
|
final ControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new ControllerPreAuthenticateSecurityTokenFilter(
|
||||||
tenantConfigurationManagement, controllerManagement, tenantAware);
|
tenantConfigurationManagement, controllerManagement, tenantAware, systemSecurityContext);
|
||||||
filterChain.add(securityTokenFilter);
|
filterChain.add(securityTokenFilter);
|
||||||
|
|
||||||
filterChain.add(new CoapAnonymousPreAuthenticatedFilter());
|
filterChain.add(new CoapAnonymousPreAuthenticatedFilter());
|
||||||
|
|||||||
@@ -57,6 +57,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
|
|||||||
+ "}/controller/artifacts/v1/**";
|
+ "}/controller/artifacts/v1/**";
|
||||||
protected TenantConfigurationManagement tenantConfigurationManagement;
|
protected TenantConfigurationManagement tenantConfigurationManagement;
|
||||||
protected TenantAware tenantAware;
|
protected TenantAware tenantAware;
|
||||||
|
protected SystemSecurityContext systemSecurityContext;
|
||||||
|
|
||||||
private final AntPathMatcher pathExtractor;
|
private final AntPathMatcher pathExtractor;
|
||||||
|
|
||||||
@@ -71,9 +72,10 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
|
|||||||
* the tenant aware service
|
* the tenant aware service
|
||||||
*/
|
*/
|
||||||
public AbstractHttpControllerAuthenticationFilter(final TenantConfigurationManagement tenantConfigurationManagement,
|
public AbstractHttpControllerAuthenticationFilter(final TenantConfigurationManagement tenantConfigurationManagement,
|
||||||
final TenantAware tenantAware) {
|
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||||
this.tenantConfigurationManagement = tenantConfigurationManagement;
|
this.tenantConfigurationManagement = tenantConfigurationManagement;
|
||||||
this.tenantAware = tenantAware;
|
this.tenantAware = tenantAware;
|
||||||
|
this.systemSecurityContext = systemSecurityContext;
|
||||||
pathExtractor = new AntPathMatcher();
|
pathExtractor = new AntPathMatcher();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -47,15 +47,15 @@ public class HttpControllerPreAuthenticateSecurityTokenFilter extends AbstractHt
|
|||||||
*/
|
*/
|
||||||
public HttpControllerPreAuthenticateSecurityTokenFilter(
|
public HttpControllerPreAuthenticateSecurityTokenFilter(
|
||||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||||
final ControllerManagement controllerManagement) {
|
final ControllerManagement controllerManagement, final SystemSecurityContext systemSecurityContext) {
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
this.controllerManagement = controllerManagement;
|
this.controllerManagement = controllerManagement;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
||||||
return new ControllerPreAuthenticateSecurityTokenFilter(tenantConfigurationManagement, controllerManagement,
|
return new ControllerPreAuthenticateSecurityTokenFilter(tenantConfigurationManagement, controllerManagement,
|
||||||
tenantAware);
|
tenantAware, systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -35,13 +35,15 @@ public class HttpControllerPreAuthenticatedGatewaySecurityTokenFilter
|
|||||||
* tenant
|
* tenant
|
||||||
*/
|
*/
|
||||||
public HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
public HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware) {
|
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
final SystemSecurityContext systemSecurityContext) {
|
||||||
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
||||||
return new ControllerPreAuthenticatedGatewaySecurityTokenFilter(tenantConfigurationManagement, tenantAware);
|
return new ControllerPreAuthenticatedGatewaySecurityTokenFilter(tenantConfigurationManagement, tenantAware,
|
||||||
|
systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ public class HttpControllerPreAuthenticatedSecurityHeaderFilter extends Abstract
|
|||||||
*/
|
*/
|
||||||
public HttpControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
|
public HttpControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
|
||||||
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
|
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
|
||||||
final TenantAware tenantAware) {
|
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
this.caCommonNameHeader = caCommonNameHeader;
|
this.caCommonNameHeader = caCommonNameHeader;
|
||||||
this.caAuthorityNameHeader = caAuthorityNameHeader;
|
this.caAuthorityNameHeader = caAuthorityNameHeader;
|
||||||
}
|
}
|
||||||
@@ -54,7 +54,7 @@ public class HttpControllerPreAuthenticatedSecurityHeaderFilter extends Abstract
|
|||||||
@Override
|
@Override
|
||||||
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
protected PreAuthenficationFilter createControllerAuthenticationFilter() {
|
||||||
return new ControllerPreAuthenticatedSecurityHeaderFilter(caCommonNameHeader, caAuthorityNameHeader,
|
return new ControllerPreAuthenticatedSecurityHeaderFilter(caCommonNameHeader, caAuthorityNameHeader,
|
||||||
tenantConfigurationManagement, tenantAware);
|
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -73,7 +73,8 @@ public class TenantConfigurationManagement implements EnvironmentAware {
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
@Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
|
||||||
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
|
@PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION + SpringEvalExpressions.HAS_AUTH_OR
|
||||||
|
+ SpringEvalExpressions.IS_SYSTEM_CODE)
|
||||||
public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
|
public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
|
||||||
final Class<T> propertyType) throws TenantConfigurationValidatorException {
|
final Class<T> propertyType) throws TenantConfigurationValidatorException {
|
||||||
|
|
||||||
|
|||||||
@@ -29,11 +29,13 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
|
|||||||
protected final TenantConfigurationManagement tenantConfigurationManagement;
|
protected final TenantConfigurationManagement tenantConfigurationManagement;
|
||||||
protected final TenantAware tenantAware;
|
protected final TenantAware tenantAware;
|
||||||
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
|
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
|
||||||
|
protected final SystemSecurityContext systemSecurityContext;
|
||||||
|
|
||||||
protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement,
|
protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement,
|
||||||
final TenantAware tenantAware) {
|
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||||
this.tenantConfigurationManagement = systemManagement;
|
this.tenantConfigurationManagement = systemManagement;
|
||||||
this.tenantAware = tenantAware;
|
this.tenantAware = tenantAware;
|
||||||
|
this.systemSecurityContext = systemSecurityContext;
|
||||||
this.configurationKeyTenantRunner = new SecurityConfigurationKeyTenantRunner();
|
this.configurationKeyTenantRunner = new SecurityConfigurationKeyTenantRunner();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -53,9 +55,10 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
|
|||||||
private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> {
|
private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> {
|
||||||
@Override
|
@Override
|
||||||
public Boolean run() {
|
public Boolean run() {
|
||||||
|
|
||||||
LOGGER.trace("retrieving configuration value for configuration key {}", getTenantConfigurationKey());
|
LOGGER.trace("retrieving configuration value for configuration key {}", getTenantConfigurationKey());
|
||||||
return tenantConfigurationManagement.getConfigurationValue(getTenantConfigurationKey(), Boolean.class)
|
return systemSecurityContext.runAsSystem(() -> tenantConfigurationManagement
|
||||||
.getValue();
|
.getConfigurationValue(getTenantConfigurationKey(), Boolean.class).getValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
|||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
* @param systemManagement
|
* @param tenantConfigurationManagement
|
||||||
* the system management service to retrieve configuration
|
* the tenant management service to retrieve configuration
|
||||||
* properties
|
* properties
|
||||||
* @param controllerManagement
|
* @param controllerManagement
|
||||||
* the controller management to retrieve the specific target
|
* the controller management to retrieve the specific target
|
||||||
@@ -54,11 +54,15 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
|||||||
* @param tenantAware
|
* @param tenantAware
|
||||||
* the tenant aware service to get configuration for the specific
|
* the tenant aware service to get configuration for the specific
|
||||||
* tenant
|
* tenant
|
||||||
|
* @param systemSecurityContext
|
||||||
|
* the system security context to get access to tenant
|
||||||
|
* configuration
|
||||||
*/
|
*/
|
||||||
public ControllerPreAuthenticateSecurityTokenFilter(
|
public ControllerPreAuthenticateSecurityTokenFilter(
|
||||||
final TenantConfigurationManagement tenantConfigurationManagement,
|
final TenantConfigurationManagement tenantConfigurationManagement,
|
||||||
final ControllerManagement controllerManagement, final TenantAware tenantAware) {
|
final ControllerManagement controllerManagement, final TenantAware tenantAware,
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
final SystemSecurityContext systemSecurityContext) {
|
||||||
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
this.controllerManagement = controllerManagement;
|
this.controllerManagement = controllerManagement;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -39,16 +39,20 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
|||||||
/**
|
/**
|
||||||
* Constructor.
|
* Constructor.
|
||||||
*
|
*
|
||||||
* @param systemManagement
|
* @param tenantConfigurationManagement
|
||||||
* the system management service to retrieve configuration
|
* the tenant management service to retrieve configuration
|
||||||
* properties
|
* properties
|
||||||
* @param tenantAware
|
* @param tenantAware
|
||||||
* the tenant aware service to get configuration for the specific
|
* the tenant aware service to get configuration for the specific
|
||||||
* tenant
|
* tenant
|
||||||
|
* @param systemSecurityContext
|
||||||
|
* the system security context to get access to tenant
|
||||||
|
* configuration
|
||||||
*/
|
*/
|
||||||
public ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
public ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware) {
|
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
final SystemSecurityContext systemSecurityContext) {
|
||||||
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -84,8 +88,12 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
|||||||
public String run() {
|
public String run() {
|
||||||
LOGGER.trace("retrieving configuration value for configuration key {}",
|
LOGGER.trace("retrieving configuration value for configuration key {}",
|
||||||
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY);
|
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY);
|
||||||
return tenantConfigurationManagement.getConfigurationValue(
|
|
||||||
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY, String.class).getValue();
|
return systemSecurityContext
|
||||||
|
.runAsSystem(() -> tenantConfigurationManagement
|
||||||
|
.getConfigurationValue(
|
||||||
|
TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY, String.class)
|
||||||
|
.getValue());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -56,18 +56,20 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
|||||||
* @param caAuthorityNameHeader
|
* @param caAuthorityNameHeader
|
||||||
* the http-header which holds the ca-authority name of the
|
* the http-header which holds the ca-authority name of the
|
||||||
* certificate
|
* certificate
|
||||||
* @param systemManagement
|
* @param tenantConfigurationManagement
|
||||||
* the system management service to retrieve configuration
|
* the tenant management service to retrieve configuration
|
||||||
* properties to check if the header authentication is enabled
|
* properties
|
||||||
* for this tenant
|
|
||||||
* @param tenantAware
|
* @param tenantAware
|
||||||
* the tenant aware service to get configuration for the specific
|
* the tenant aware service to get configuration for the specific
|
||||||
* tenant
|
* tenant
|
||||||
|
* @param systemSecurityContext
|
||||||
|
* the system security context to get access to tenant
|
||||||
|
* configuration
|
||||||
*/
|
*/
|
||||||
public ControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
|
public ControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
|
||||||
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
|
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
|
||||||
final TenantAware tenantAware) {
|
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
||||||
super(tenantConfigurationManagement, tenantAware);
|
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||||
this.caCommonNameHeader = caCommonNameHeader;
|
this.caCommonNameHeader = caCommonNameHeader;
|
||||||
this.sslIssuerHashBasicHeader = caAuthorityNameHeader;
|
this.sslIssuerHashBasicHeader = caAuthorityNameHeader;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user