diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/artifact/PropertyBasedArtifactUrlResolverAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/artifact/PropertyBasedArtifactUrlResolverAutoConfiguration.java index bf3da754d..18a8f0000 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/artifact/PropertyBasedArtifactUrlResolverAutoConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/artifact/PropertyBasedArtifactUrlResolverAutoConfiguration.java @@ -31,7 +31,7 @@ public class PropertyBasedArtifactUrlResolverAutoConfiguration { @ConditionalOnMissingBean(ArtifactUrlResolver.class) PropertyBasedArtifactUrlResolver propertyBasedArtifactUrlHandler( final PropertyBasedArtifactUrlResolverProperties urlHandlerProperties, - @Value("${server.servlet.context-path:}") final String contextPath) { + @Value("${hawkbit.server.servlet.context-path:}") final String contextPath) { return new PropertyBasedArtifactUrlResolver(urlHandlerProperties, contextPath); } } \ No newline at end of file diff --git a/hawkbit-ddi/hawkbit-ddi-resource/src/test/resources/ddi-test.properties b/hawkbit-ddi/hawkbit-ddi-resource/src/test/resources/ddi-test.properties index 06903de8c..4cb223a73 100644 --- a/hawkbit-ddi/hawkbit-ddi-resource/src/test/resources/ddi-test.properties +++ b/hawkbit-ddi/hawkbit-ddi-resource/src/test/resources/ddi-test.properties @@ -25,4 +25,4 @@ spring.servlet.multipart.max-file-size=5MB hawkbit.server.security.dos.maxStatusEntriesPerAction=100 hawkbit.server.security.dos.maxAttributeEntriesPerTarget=10 # Quota - END -org.eclipse.hawkbit.events.remote-enabled=false +hawkbit.events.remote-enabled=false diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java index 18f3a8fc0..f378ef09e 100644 --- a/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java +++ b/hawkbit-dmf/hawkbit-dmf-amqp/src/test/java/org/eclipse/hawkbit/amqp/AmqpMessageDispatcherServiceTest.java @@ -74,7 +74,7 @@ import org.springframework.test.context.TestPropertySource; @ActiveProfiles({ "test" }) @SpringBootTest(classes = { JpaRepositoryConfiguration.class }, webEnvironment = SpringBootTest.WebEnvironment.NONE) @TestPropertySource(properties = { - "org.eclipse.hawkbit.events.remote-enabled=false", + "hawkbit.events.remote-enabled=false", "spring.main.allow-bean-definition-overriding=true" }) class AmqpMessageDispatcherServiceTest extends AbstractIntegrationTest { diff --git a/hawkbit-dmf/hawkbit-dmf-rabbitmq-test/src/main/java/org/eclipse/hawkbit/rabbitmq/test/AbstractAmqpIntegrationTest.java b/hawkbit-dmf/hawkbit-dmf-rabbitmq-test/src/main/java/org/eclipse/hawkbit/rabbitmq/test/AbstractAmqpIntegrationTest.java index af0a29fd9..6e40ff854 100644 --- a/hawkbit-dmf/hawkbit-dmf-rabbitmq-test/src/main/java/org/eclipse/hawkbit/rabbitmq/test/AbstractAmqpIntegrationTest.java +++ b/hawkbit-dmf/hawkbit-dmf-rabbitmq-test/src/main/java/org/eclipse/hawkbit/rabbitmq/test/AbstractAmqpIntegrationTest.java @@ -38,7 +38,7 @@ import org.springframework.test.context.TestPropertySource; // Dirty context is necessary to create a new vhost and recreate all necessary beans after every test class. @DirtiesContext(classMode = ClassMode.AFTER_CLASS) @TestPropertySource(properties = { - "org.eclipse.hawkbit.events.remote-enabled=false", + "hawkbit.events.remote-enabled=false", "spring.main.allow-bean-definition-overriding=true" }) @SuppressWarnings("java:S6813") // constructor injects are not possible for test classes public abstract class AbstractAmqpIntegrationTest extends AbstractIntegrationTest { diff --git a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/resources/mgmt-test.properties b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/resources/mgmt-test.properties index 140242d3b..c077991c3 100644 --- a/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/resources/mgmt-test.properties +++ b/hawkbit-mgmt/hawkbit-mgmt-resource/src/test/resources/mgmt-test.properties @@ -11,4 +11,4 @@ # Logging START - activate to see request/response details #logging.level.org.eclipse.hawkbit.rest.util.MockMvcResultPrinter=DEBUG # Logging END -org.eclipse.hawkbit.events.remote-enabled=false +hawkbit.events.remote-enabled=false diff --git a/hawkbit-monolith/hawkbit-update-server/src/main/resources/application.properties b/hawkbit-monolith/hawkbit-update-server/src/main/resources/application.properties index ca483e525..bdef2cee9 100644 --- a/hawkbit-monolith/hawkbit-update-server/src/main/resources/application.properties +++ b/hawkbit-monolith/hawkbit-update-server/src/main/resources/application.properties @@ -49,8 +49,8 @@ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.amqp.RabbitA ## Uncomment bellow to Enable communication between services (disabled by default) - no cluster support. # To enable it, enable RabbitMQ (see above) -# and set below 'org.eclipse.hawkbit.events.remote-enabled=true' -org.eclipse.hawkbit.events.remote-enabled=false +# and set below 'hawkbit.events.remote-enabled=true' +hawkbit.events.remote-enabled=false ## Disable DMF (by default) - no DMF support. To enable it, enable RabbitMQ (see above) and comment the line ## (hawkbit.dmf.rabbitmq.enabled=false) set hawkbit.dmf.rabbitmq.enabled=true diff --git a/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/RepositoryConfiguration.java b/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/RepositoryConfiguration.java index dd67611e5..72da94c40 100644 --- a/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/RepositoryConfiguration.java +++ b/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/RepositoryConfiguration.java @@ -57,9 +57,9 @@ public class RepositoryConfiguration { @SuppressWarnings("java:S3358") // java:S3358 better readable this way RoleHierarchy roleHierarchy( // if configured replaces the hierarchy completely - @Value("${org.eclipse.hawkbit.hierarchy:}") final String hierarchy, + @Value("${hawkbit.hierarchy:}") final String hierarchy, // if the "hierarchy" property is empty, and this property is configured it is appended to the default hierarchy - @Value("${org.eclipse.hawkbit.hierarchy.ext:}") final String hierarchyExt) { + @Value("${hawkbit.hierarchy.ext:}") final String hierarchyExt) { return RoleHierarchyImpl.fromHierarchy( ObjectUtils.isEmpty(hierarchy) ? (ObjectUtils.isEmpty(hierarchyExt) ? Hierarchy.DEFAULT : Hierarchy.DEFAULT + hierarchyExt) diff --git a/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/event/EventPublisherHolder.java b/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/event/EventPublisherHolder.java index f1e7c5ad8..51e10a375 100644 --- a/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/event/EventPublisherHolder.java +++ b/hawkbit-repository/hawkbit-repository-core/src/main/java/org/eclipse/hawkbit/repository/event/EventPublisherHolder.java @@ -44,13 +44,13 @@ import org.springframework.context.ApplicationEventPublisher; @Slf4j public final class EventPublisherHolder { - @Value("${org.eclipse.hawkbit.events.remote-enabled:true}") + @Value("${hawkbit.events.remote-enabled:true}") private boolean remoteEventsEnabled; - @Value("${org.eclipse.hawkbit.events.remote.destination:fanoutEventChannel}") + @Value("${hawkbit.events.remote.destination:fanoutEventChannel}") private String fanoutEventChannel; - @Value("${org.eclipse.hawkbit.events.remote-service-enabled:true}") + @Value("${hawkbit.events.remote-service-enabled:true}") private boolean remoteServiceEventsEnabled; - @Value("${org.eclipse.hawkbit.events.remote.service.destination:serviceEventChannel}") + @Value("${hawkbit.events.remote.service.destination:serviceEventChannel}") private String serviceEventChannel; @@ -65,7 +65,7 @@ public final class EventPublisherHolder { @PostConstruct private void validateRemoteEventConfig() { if (remoteEventsEnabled && streamBridge == null) { - throw new IllegalStateException("'org.eclipse.hawkbit.events.remote-enabled' is true but streamBridge is not configured. Check if 'spring-cloud-starter-stream-rabbit' dependency is included."); + throw new IllegalStateException("'hawkbit.events.remote-enabled' is true but streamBridge is not configured. Check if 'spring-cloud-starter-stream-rabbit' dependency is included."); } } diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaRolloutManagement.java b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaRolloutManagement.java index 5ba701616..fe6981872 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaRolloutManagement.java +++ b/hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/repository/jpa/management/JpaRolloutManagement.java @@ -120,7 +120,7 @@ public class JpaRolloutManagement implements RolloutManagement { RolloutStatus.CREATING, RolloutStatus.READY, RolloutStatus.WAITING_FOR_APPROVAL, RolloutStatus.STARTING, RolloutStatus.RUNNING, RolloutStatus.PAUSED, RolloutStatus.APPROVAL_DENIED); - @Value("${org.eclipse.hawkbit.repository.jpa.management.rollout.max.actions.per.transaction:5000}") + @Value("${hawkbit.repository.jpa.management.rollout.max.actions.per.transaction:5000}") private int MAX_ACTIONS; private final EntityManager entityManager; diff --git a/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties b/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties index 8b7f21fd1..bd159922d 100644 --- a/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties +++ b/hawkbit-repository/hawkbit-repository-jpa/src/test/resources/jpa-test.properties @@ -64,4 +64,4 @@ hawkbit.repository.cluster.lock.refreshOnRemainPercent=10 ## reduce scheduler tic period to speed up tests hawkbit.repository.cluster.lock.ticPeriodMS=10 -org.eclipse.hawkbit.events.remote-enabled=false \ No newline at end of file +hawkbit.events.remote-enabled=false \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/resources/hawkbit-test-defaults.properties b/hawkbit-repository/hawkbit-repository-test/src/main/resources/hawkbit-test-defaults.properties index 151e1a4d3..c21253805 100644 --- a/hawkbit-repository/hawkbit-repository-test/src/main/resources/hawkbit-test-defaults.properties +++ b/hawkbit-repository/hawkbit-repository-test/src/main/resources/hawkbit-test-defaults.properties @@ -80,4 +80,4 @@ hawkbit.server.security.dos.maxActionsPerTarget=20 # Quota - END # Properties that are managed by autoconfigure module at runtime and not available during test - END -org.eclipse.hawkbit.events.remote-enabled=false \ No newline at end of file +hawkbit.events.remote-enabled=false \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextSerializer.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextSerializer.java index 025354938..0d7ed06bf 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextSerializer.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextSerializer.java @@ -32,6 +32,7 @@ import org.eclipse.hawkbit.security.SpringSecurityAuditorAware.AuditorAwarePrinc import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails; import org.eclipse.hawkbit.tenancy.TenantAwareUser; import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; @@ -106,7 +107,7 @@ public interface SecurityContextSerializer { private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); private static final boolean FALLBACK_TO_JAVA_SERIALIZATION = - !Boolean.getBoolean("org.hawkbit.security.contextSerializer.json.no-fallback-to-java"); + !Boolean.getBoolean("hawkbit.security.contextSerializer.json.no-fallback-to-java"); @Override public String serialize(final SecurityContext securityContext) { @@ -137,6 +138,8 @@ public interface SecurityContextSerializer { } // simplified info for the security context keeping just the basic info needed for background execution of + // controller authentication is not supported - always is false + // only authenticated user is supported @NoArgsConstructor @Data private static class SecCtxInfo implements Serializable { @@ -145,19 +148,21 @@ public interface SecurityContextSerializer { private static final long serialVersionUID = 1L; private String tenant; - private boolean controller; // auditor / username (authentication principal name) - private String auditor; + private String auditor = "n/a"; // default value "n/a" is used only on deserialization if field is missing @JsonProperty(required = true) private String[] authorities; - @JsonProperty(defaultValue = "true") - private boolean authenticated; SecCtxInfo(final SecurityContext securityContext) { final Authentication authentication = securityContext.getAuthentication(); + if (!authentication.isAuthenticated()) { + throw new IllegalStateException("Only authenticated context could be serialized"); + } if (authentication.getDetails() instanceof TenantAwareAuthenticationDetails tenantAwareDetails) { + if (tenantAwareDetails.controller()) { + throw new IllegalStateException("Controller authentication context is not supported"); + } tenant = tenantAwareDetails.tenant(); - controller = tenantAwareDetails.controller(); } else if (authentication.getPrincipal() instanceof TenantAwareUser tenantAwareUser) { tenant = tenantAwareUser.getTenant(); } @@ -167,10 +172,10 @@ public interface SecurityContextSerializer { // since the class is not known to auditor aware - it shall used default - principal as auditor auditor = SpringSecurityAuditorAware.resolveAuditor(authentication); authorities = authentication.getAuthorities().stream().map(Object::toString).toArray(String[]::new); - authenticated = authentication.isAuthenticated(); } - // allows setting for auditor also as username (so supported auditor/username in json) + // TODO - remove it in future + // auditor alias, allows setting for auditor also as username (so supported auditor/username in json) @JsonSetter("username") private void setUsername(final String username) { this.auditor = username; @@ -178,7 +183,7 @@ public interface SecurityContextSerializer { private SecurityContext toSecurityContext() { final SecurityContext ctx = SecurityContextHolder.createEmptyContext(); - final Object details = tenant == null ? null : new TenantAwareAuthenticationDetails(tenant, controller); + final Object details = tenant == null ? null : new TenantAwareAuthenticationDetails(tenant, false); final AuditorAwarePrincipal principal = () -> auditor; final Collection grantedAuthorities = Stream.of(authorities).map(SimpleGrantedAuthority::new).toList(); @@ -196,7 +201,7 @@ public interface SecurityContextSerializer { @Override public boolean isAuthenticated() { - return authenticated; + return true; } @Override