Feature/fix sonar warnings (#1226)

* Fixed sonar warnings

- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixed Sonar warnings

* License header fix

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* License header fix #2

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixing review findings

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>

* Fixing tests

- Fixed '&' usage in javadoc and typos
- Fixing some warnings

Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
This commit is contained in:
Peter Vigier
2022-01-31 21:59:46 +01:00
committed by GitHub
parent 5443b5df9c
commit 44a85f20eb
98 changed files with 2583 additions and 2702 deletions

View File

@@ -8,7 +8,6 @@
*/
package org.eclipse.hawkbit.im.authentication;
import java.lang.annotation.Target;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
@@ -22,16 +21,14 @@ import org.springframework.security.core.GrantedAuthority;
/**
* <p>
* Software provisioning permissions that are technically available as
* {@link GrantedAuthority} based on the authenticated users identity context.
* {@linkplain GrantedAuthority} based on the authenticated users identity
* context.
* </p>
*
* <p>
* The Permissions cover CRUD for two data areas:
*
* XX_Target_CRUD which covers the following entities: {@link Target} entities
* including metadata, {@link TargetTag}s, {@link TargetRegistrationRule}s
* XX_Repository CRUD which covers: {@link DistributionSet}s,
* {@link SoftwareModule}s, DS Tags
* The permissions cover CRUD operations for various areas within eclipse
* hawkBit, like targets, software-artifacts, distribution sets, config-options
* etc.
* </p>
*/
public final class SpPermission {
@@ -39,69 +36,50 @@ public final class SpPermission {
private static final Logger LOGGER = LoggerFactory.getLogger(SpPermission.class);
/**
* Permission to read the targets from the
* {@link ProvisioningTargetRepository} including their meta information,
* {@link ProvisioningTargetFilter}s and target changing entities (
* {@link DistributionSetApplier} and {@link TargetRegistrationRule}). That
* corresponds in REST API to GET.
* Permission to read the targets (list and filter).
*/
public static final String READ_TARGET = "READ_TARGET";
/**
* Permission to read the target security token. The security token is
* security concerned and should be protected. So the combination
* {@link #READ_TARGET} and {@link #READ_TARGET_SEC_TOKEN} is necessary to
* able to read the security token of an target.
* Permission to read the target security token. The security token is security
* concerned and should be protected. So the combination
* {@linkplain #READ_TARGET} and {@code READ_TARGET_SEC_TOKEN} is necessary to
* be able to read the security token of a target.
*/
public static final String READ_TARGET_SEC_TOKEN = "READ_TARGET_SECURITY_TOKEN";
/**
* Permission to change/edit/update targets in the
* {@link ProvisioningTargetRepository} including their meta information and
* or/relations or {@link DistributionSet} assignment,
* {@link ProvisioningTargetFilter}s and target changing entities (
* {@link DistributionSetApplier} and {@link TargetRegistrationRule}). That
* corresponds in REST API to POST.
* Permission to change/edit/update targets and to assign updates.
*/
public static final String UPDATE_TARGET = "UPDATE_TARGET";
/**
* Permission to add new targets to the {@link ProvisioningTargetRepository}
* including their meta information and or/relations or
* {@link DistributionSet} assignment.That corresponds in REST API to PUT.
* Permission to add new targets including their meta information.
*/
public static final String CREATE_TARGET = "CREATE_TARGET";
/**
* Permission to delete targets in the {@link ProvisioningTargetRepository},
* {@link ProvisioningTargetFilter}s and target changing entities (
* {@link DistributionSetApplier} and {@link TargetRegistrationRule}). That
* corresponds in REST API to DELETE.
* Permission to delete targets.
*/
public static final String DELETE_TARGET = "DELETE_TARGET";
/**
* Permission to read {@link DistributionSet}s and/or {@link OsPackage}s.
* That corresponds in REST API to GET.
* Permission to read distributions and artifacts.
*/
public static final String READ_REPOSITORY = "READ_REPOSITORY";
/**
* Permission to edit/update {@link DistributionSet}s including their
* {@link OsPackage} assignment and/or {@link OsPackage}s. That corresponds
* in REST API to POST.
* Permission to edit/update distributions and artifacts.
*/
public static final String UPDATE_REPOSITORY = "UPDATE_REPOSITORY";
/**
* Permission to add {@link DistributionSet}s and/or {@link OsPackage}s to
* the repository. That corresponds in REST API to PUT.
* Permission to add distributions and artifacts.
*/
public static final String CREATE_REPOSITORY = "CREATE_REPOSITORY";
/**
* Permission to delete {@link DistributionSet}s and/or {@link OsPackage}s
* from the repository. That corresponds in REST API to DELETE.
* Permission to delete distributions and artifacts.
*/
public static final String DELETE_REPOSITORY = "DELETE_REPOSITORY";
@@ -112,7 +90,7 @@ public final class SpPermission {
public static final String SYSTEM_ADMIN = "SYSTEM_ADMIN";
/**
* Permission to download repository artifact of an software module.
* Permission to download repository artifacts of a software module.
*/
public static final String DOWNLOAD_REPOSITORY_ARTIFACT = "DOWNLOAD_REPOSITORY_ARTIFACT";
@@ -157,9 +135,6 @@ public final class SpPermission {
/**
* Return all permission.
*
* @param exclusionRoles
* roles which will excluded
* @return all permissions
*/
public static List<String> getAllAuthorities() {
@@ -167,7 +142,6 @@ public final class SpPermission {
final Field[] declaredFields = SpPermission.class.getDeclaredFields();
for (final Field field : declaredFields) {
if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers())) {
field.setAccessible(true);
try {
final String role = (String) field.get(null);
allPermissions.add(role);
@@ -219,8 +193,8 @@ public final class SpPermission {
public static final String CONTROLLER_ROLE = "ROLE_CONTROLLER";
/**
* The role which contains in the spring security context in case an
* controller is authenticated but only as anonymous.
* The role which contained in the spring security context in case that a
* controller is authenticated, but only as 'anonymous'.
*/
public static final String CONTROLLER_ROLE_ANONYMOUS = "ROLE_CONTROLLER_ANONYMOUS";
@@ -359,7 +333,7 @@ public final class SpPermission {
/**
* Spring security eval hasAnyRole expression to check if the spring
* context contains the anoynmous role or the controller specific role
* context contains the anonymous role or the controller specific role
* {@link SpringEvalExpressions#CONTROLLER_ROLE}.
*/
public static final String IS_CONTROLLER = "hasAnyRole('" + CONTROLLER_ROLE_ANONYMOUS + "', '" + CONTROLLER_ROLE

View File

@@ -46,7 +46,7 @@ public class UserPrincipal extends User {
*/
public UserPrincipal(final String username, final String firstname, final String lastname, final String loginname,
final String email, final String tenant) {
this(username, "***", lastname, firstname, loginname, email, tenant, Collections.emptyList());
this(username, "***", firstname, lastname, loginname, email, tenant, Collections.emptyList());
}
/**

View File

@@ -11,11 +11,13 @@ package org.eclipse.hawkbit.im.authentication;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import org.junit.jupiter.api.Test;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.util.ReflectionUtils;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
@@ -26,7 +28,7 @@ import io.qameta.allure.Story;
*/
@Feature("Unit Tests - Security")
@Story("Permission Test")
public final class PermissionTest {
public final class SpPermissionTest {
@Test
@Description("Verify the get permission function")
@@ -38,6 +40,21 @@ public final class PermissionTest {
assertThat(allAuthoritiesList).hasSize(allPermission);
assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList()))
.containsAll(allAuthorities);
}
@Test
@Description("Try to double check if all permissions works as expected")
void shouldReturnAllPermissions() {
List<String> expected = new LinkedList<>();
ReflectionUtils.doWithFields(SpPermission.class, f -> {
if (ReflectionUtils.isPublicStaticFinal(f) && String.class.equals(f.getType())) {
try {
expected.add((String) f.get(null));
} catch (IllegalAccessException | IllegalArgumentException e) {
// skip
}
}
});
assertThat(SpPermission.getAllAuthorities()).containsAll(expected);
}
}