Reapplied hawkBit code formatter.
It seems that from Luna to Mars Eclipse changed how the code formatter handles lines breaks in certain cases. This is now the “Mars” variant.
This commit is contained in:
Kai Zimmermann
@@ -11,7 +11,6 @@ package org.eclipse.hawkbit.autoconfigure.scheduling;
|
||||
import java.util.concurrent.ArrayBlockingQueue;
|
||||
import java.util.concurrent.BlockingQueue;
|
||||
import java.util.concurrent.Executor;
|
||||
import java.util.concurrent.RejectedExecutionHandler;
|
||||
import java.util.concurrent.ThreadPoolExecutor;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
@@ -46,19 +45,15 @@ public class ExecutorAutoConfiguration {
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public Executor asyncExecutor() {
|
||||
final BlockingQueue<Runnable> blockingQueue = new ArrayBlockingQueue<Runnable>(
|
||||
final BlockingQueue<Runnable> blockingQueue = new ArrayBlockingQueue<>(
|
||||
asyncConfigurerProperties.getQueuesize());
|
||||
final ThreadPoolExecutor threadPoolExecutor = new ThreadPoolExecutor(
|
||||
asyncConfigurerProperties.getCorethreads(), asyncConfigurerProperties.getMaxthreads(),
|
||||
asyncConfigurerProperties.getIdletimeout(), TimeUnit.MILLISECONDS, blockingQueue,
|
||||
final ThreadPoolExecutor threadPoolExecutor = new ThreadPoolExecutor(asyncConfigurerProperties.getCorethreads(),
|
||||
asyncConfigurerProperties.getMaxthreads(), asyncConfigurerProperties.getIdletimeout(),
|
||||
TimeUnit.MILLISECONDS, blockingQueue,
|
||||
new ThreadFactoryBuilder().setNameFormat("central-executor-pool-%d").build());
|
||||
threadPoolExecutor.setRejectedExecutionHandler(new RejectedExecutionHandler() {
|
||||
@Override
|
||||
public void rejectedExecution(final Runnable r, final java.util.concurrent.ThreadPoolExecutor executor) {
|
||||
LOGGER.warn("Reject runnable for centralExecutorService, reached limit of queue size {}", executor
|
||||
.getQueue().size());
|
||||
}
|
||||
});
|
||||
threadPoolExecutor.setRejectedExecutionHandler((r, executor) -> LOGGER.warn(
|
||||
"Reject runnable for centralExecutorService, reached limit of queue size {}",
|
||||
executor.getQueue().size()));
|
||||
return new DelegatingSecurityContextExecutor(threadPoolExecutor);
|
||||
}
|
||||
|
||||
|
||||
@@ -159,35 +159,27 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
}
|
||||
|
||||
if (securityConfiguration.getAnonymousEnabled()) {
|
||||
LOG.info("******************\n** Anonymous controller security enabled, should only use for developing purposes **\n******************");
|
||||
LOG.info(
|
||||
"******************\n** Anonymous controller security enabled, should only use for developing purposes **\n******************");
|
||||
final AnonymousAuthenticationFilter anoymousFilter = new AnonymousAuthenticationFilter(
|
||||
"controllerAnonymousFilter", "anonymous", Collections.singletonList(new SimpleGrantedAuthority(
|
||||
SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
|
||||
"controllerAnonymousFilter", "anonymous", Collections.singletonList(
|
||||
new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
|
||||
anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||
httpSec.requestMatchers().antMatchers("/*/controller/v1/**", "/*/controller/artifacts/v1/**").and()
|
||||
.securityContext().disable().anonymous().authenticationFilter(anoymousFilter);
|
||||
} else {
|
||||
httpSec.addFilter(securityHeaderFilter)
|
||||
.addFilter(securityTokenFilter)
|
||||
.addFilter(gatewaySecurityTokenFilter)
|
||||
.antMatcher("/*/controller/**")
|
||||
.anonymous()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.exceptionHandling()
|
||||
.authenticationEntryPoint(
|
||||
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED
|
||||
.value())).and().sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
httpSec.addFilter(securityHeaderFilter).addFilter(securityTokenFilter)
|
||||
.addFilter(gatewaySecurityTokenFilter).antMatcher("/*/controller/**").anonymous().disable()
|
||||
.authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
|
||||
.authenticationEntryPoint((request, response, authException) -> response
|
||||
.setStatus(HttpStatus.UNAUTHORIZED.value()))
|
||||
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
*
|
||||
* @see
|
||||
* org.springframework.security.config.annotation.web.configuration.
|
||||
* WebSecurityConfigurerAdapter
|
||||
@@ -196,8 +188,8 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
*/
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.authenticationProvider(new PreAuthTokenSourceTrustAuthenticationProvider(securityConfiguration
|
||||
.getRpTrustedIPs()));
|
||||
auth.authenticationProvider(
|
||||
new PreAuthTokenSourceTrustAuthenticationProvider(securityConfiguration.getRpTrustedIPs()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -212,10 +204,12 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
public FilterRegistrationBean dosFilter() {
|
||||
final FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
|
||||
|
||||
filterRegBean.setFilter(new DosFilter(environment
|
||||
.getProperty("security.dos.filter.maxRead", Integer.class, 200), environment.getProperty(
|
||||
"security.dos.filter.maxWrite", Integer.class, 50), environment
|
||||
.getProperty("security.dos.filter.whitelist"), environment.getProperty("security.clients.blacklist"),
|
||||
filterRegBean
|
||||
.setFilter(
|
||||
new DosFilter(environment.getProperty("security.dos.filter.maxRead", Integer.class, 200),
|
||||
environment.getProperty("security.dos.filter.maxWrite", Integer.class, 50),
|
||||
environment.getProperty("security.dos.filter.whitelist"), environment
|
||||
.getProperty("security.clients.blacklist"),
|
||||
environment.getProperty("security.rp.remote_ip_header", String.class, "X-Forwarded-For")));
|
||||
filterRegBean.addUrlPatterns("/{tenant}/controller/v1/*", "/rest/*");
|
||||
return filterRegBean;
|
||||
@@ -301,7 +295,8 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
}, RequestHeaderAuthenticationFilter.class)
|
||||
.addFilterAfter(
|
||||
new AuthenticationSuccessTenantMetadataCreationFilter(tenantAware, systemManagement),
|
||||
RequestHeaderAuthenticationFilter.class).authorizeRequests().anyRequest().authenticated()
|
||||
RequestHeaderAuthenticationFilter.class)
|
||||
.authorizeRequests().anyRequest().authenticated()
|
||||
.antMatchers(RestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN).antMatchers(RestConstants.BASE_SYSTEM_MAPPING + "/**")
|
||||
.hasAnyAuthority(SpPermission.SYSTEM_DIAG);
|
||||
@@ -310,12 +305,13 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
|
||||
/**
|
||||
* {@link WebSecurityConfigurer} for external (management) access.
|
||||
*
|
||||
*
|
||||
*/
|
||||
@Configuration
|
||||
@Order(400)
|
||||
@EnableVaadinSecurity
|
||||
public static class UISecurityConfigurationAdapter extends WebSecurityConfigurerAdapter implements EnvironmentAware {
|
||||
public static class UISecurityConfigurationAdapter extends WebSecurityConfigurerAdapter
|
||||
implements EnvironmentAware {
|
||||
|
||||
private static final String XFRAME_OPTION_DENY = "DENY";
|
||||
private static final String XFRAME_OPTION_SAMEORIGIN = "SAMEORIGIN";
|
||||
@@ -371,7 +367,7 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
* Listener to redirect to login page after session timeout. Close the
|
||||
* vaadin session, because it's is not possible to redirect in
|
||||
* atmospehere.
|
||||
*
|
||||
*
|
||||
* @return the servlet listener.
|
||||
*/
|
||||
@Bean
|
||||
@@ -388,10 +384,9 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
if (confXframeOption.equals(XFAME_OPTION_ALLOW_FROM) && confAllowFromUri == null) {
|
||||
// if allow-from option is specified but no allowFromUri throw
|
||||
// exception
|
||||
throw new IllegalStateException(
|
||||
"hawkbit.server.security.xframe.option has been specified as ALLOW-FROM"
|
||||
+ " but no hawkbit.server.security.xframe.option.allowfrom has been set, "
|
||||
+ "please ensure to set allow from URIs");
|
||||
throw new IllegalStateException("hawkbit.server.security.xframe.option has been specified as ALLOW-FROM"
|
||||
+ " but no hawkbit.server.security.xframe.option.allowfrom has been set, "
|
||||
+ "please ensure to set allow from URIs");
|
||||
}
|
||||
|
||||
// workaround regex: we need to exclude the URL /UI/HEARTBEAT here
|
||||
@@ -400,23 +395,22 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
// vaadin-forum:
|
||||
// https://vaadin.com/forum#!/thread/3200565.
|
||||
HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$")
|
||||
// disable as CSRF is handled by Vaadin
|
||||
// disable as CSRF is handled by Vaadin
|
||||
.csrf().disable();
|
||||
|
||||
if (springSecurityProperties.isRequireSsl()) {
|
||||
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
||||
} else {
|
||||
LOG.info("\"******************\\n** Requires HTTPS Security has been disabled for UI, should only use for developing purposes **\\n******************\"");
|
||||
LOG.info(
|
||||
"\"******************\\n** Requires HTTPS Security has been disabled for UI, should only use for developing purposes **\\n******************\"");
|
||||
}
|
||||
|
||||
// for UI integrator we allow frame integration on same origin
|
||||
httpSec.headers()
|
||||
.addHeaderWriter(
|
||||
confXframeOption.equals(XFAME_OPTION_ALLOW_FROM) ? new XFrameOptionsHeaderWriter(
|
||||
new StaticAllowFromStrategy(new URI(confAllowFromUri)))
|
||||
: new XFrameOptionsHeaderWriter(xframeOptionFromStr(confXframeOption)))
|
||||
.contentTypeOptions().xssProtection().httpStrictTransportSecurity()
|
||||
.and()
|
||||
.addHeaderWriter(confXframeOption.equals(XFAME_OPTION_ALLOW_FROM)
|
||||
? new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(new URI(confAllowFromUri)))
|
||||
: new XFrameOptionsHeaderWriter(xframeOptionFromStr(confXframeOption)))
|
||||
.contentTypeOptions().xssProtection().httpStrictTransportSecurity().and()
|
||||
// UI
|
||||
.authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll()
|
||||
.anyRequest().authenticated().and()
|
||||
@@ -437,7 +431,7 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
* string does not match an option then
|
||||
* {@link XFrameOptionsMode#SAMEORIGIN} is returned
|
||||
*/
|
||||
private XFrameOptionsMode xframeOptionFromStr(@NotNull final String xframeOption) {
|
||||
private static XFrameOptionsMode xframeOptionFromStr(@NotNull final String xframeOption) {
|
||||
switch (xframeOption) {
|
||||
case XFRAME_OPTION_DENY:
|
||||
return XFrameOptionsMode.DENY;
|
||||
@@ -450,8 +444,8 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
|
||||
@Override
|
||||
public void configure(final WebSecurity webSecurity) throws Exception {
|
||||
webSecurity.ignoring()
|
||||
.antMatchers("/documentation/**", "/VAADIN/**", "/*.*", "/v2/api-docs/**", "/docs/**");
|
||||
webSecurity.ignoring().antMatchers("/documentation/**", "/VAADIN/**", "/*.*", "/v2/api-docs/**",
|
||||
"/docs/**");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -482,15 +476,15 @@ public class SecurityManagedConfiguration implements EnvironmentAware {
|
||||
http.csrf().disable();
|
||||
http.anonymous().disable();
|
||||
|
||||
http.regexMatcher(HttpDownloadAuthenticationFilter.REQUEST_ID_REGEX_PATTERN).addFilterBefore(
|
||||
downloadIdAuthenticationFilter, FilterSecurityInterceptor.class);
|
||||
http.regexMatcher(HttpDownloadAuthenticationFilter.REQUEST_ID_REGEX_PATTERN)
|
||||
.addFilterBefore(downloadIdAuthenticationFilter, FilterSecurityInterceptor.class);
|
||||
http.authorizeRequests().anyRequest().authenticated();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.authenticationProvider(new PreAuthTokenSourceTrustAuthenticationProvider(securityConfiguration
|
||||
.getRpTrustedIPs()));
|
||||
auth.authenticationProvider(
|
||||
new PreAuthTokenSourceTrustAuthenticationProvider(securityConfiguration.getRpTrustedIPs()));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -510,7 +504,7 @@ class TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler extends
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
*
|
||||
* @see org.vaadin.spring.security.web.authentication.
|
||||
* SavedRequestAwareVaadinAuthenticationSuccessHandler
|
||||
* #onAuthenticationSuccess(org.springframework.security.core.
|
||||
@@ -519,10 +513,10 @@ class TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler extends
|
||||
@Override
|
||||
public void onAuthenticationSuccess(final Authentication authentication) throws Exception {
|
||||
if (authentication.getClass().equals(TenantUserPasswordAuthenticationToken.class)) {
|
||||
systemManagement.getTenantMetadata(((TenantUserPasswordAuthenticationToken) authentication).getTenant()
|
||||
.toString());
|
||||
systemManagement
|
||||
.getTenantMetadata(((TenantUserPasswordAuthenticationToken) authentication).getTenant().toString());
|
||||
} else if (authentication.getClass().equals(UsernamePasswordAuthenticationToken.class)) {
|
||||
// TODO: MECS-1078 vaadin4spring-ext-security does not give us the
|
||||
// TODO: vaadin4spring-ext-security does not give us the
|
||||
// fullyAuthenticatedToken
|
||||
// in the GenericVaadinSecurity class. Only the token which has been
|
||||
// created in the
|
||||
|
||||
Reference in New Issue
Block a user