diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index 7bf2a2786..ef0d4ba41 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -87,7 +87,6 @@ import org.springframework.security.web.session.SessionManagementFilter; import org.springframework.util.StringUtils; import org.vaadin.spring.security.VaadinSecurityContext; import org.vaadin.spring.security.annotation.EnableVaadinSecurity; -import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy; import org.vaadin.spring.security.web.VaadinRedirectStrategy; import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler; import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler; @@ -179,9 +178,9 @@ public class SecurityManagedConfiguration { */ @Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) - public FilterRegistrationBean dosDDiFilter(final HawkbitSecurityProperties securityProperties) { + public FilterRegistrationBean dosDDiFilter(final HawkbitSecurityProperties securityProperties) { - final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS), + final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS), securityProperties.getDos().getFilter(), securityProperties.getClients()); filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setName("dosDDiFilter"); @@ -295,9 +294,9 @@ public class SecurityManagedConfiguration { */ @Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) - public FilterRegistrationBean dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) { + public FilterRegistrationBean dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) { - final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER), + final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER), securityProperties.getDos().getFilter(), securityProperties.getClients()); filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setName("dosDDiDlFilter"); @@ -385,9 +384,9 @@ public class SecurityManagedConfiguration { */ @Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) - public FilterRegistrationBean dosSystemFilter(final HawkbitSecurityProperties securityProperties) { + public FilterRegistrationBean dosSystemFilter(final HawkbitSecurityProperties securityProperties) { - final FilterRegistrationBean filterRegBean = dosFilter(Collections.emptyList(), + final FilterRegistrationBean filterRegBean = dosFilter(Collections.emptyList(), securityProperties.getDos().getFilter(), securityProperties.getClients()); filterRegBean.setUrlPatterns(Arrays.asList("/system/*")); filterRegBean.setOrder(DOS_FILTER_ORDER); @@ -396,11 +395,11 @@ public class SecurityManagedConfiguration { return filterRegBean; } - private static FilterRegistrationBean dosFilter(final Collection includeAntPaths, + private static FilterRegistrationBean dosFilter(final Collection includeAntPaths, final HawkbitSecurityProperties.Dos.Filter filterProperties, final HawkbitSecurityProperties.Clients clientProperties) { - final FilterRegistrationBean filterRegBean = new FilterRegistrationBean(); + final FilterRegistrationBean filterRegBean = new FilterRegistrationBean<>(); filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(), filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(), @@ -479,10 +478,10 @@ public class SecurityManagedConfiguration { */ @Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) - public FilterRegistrationBean dosMgmtFilter(final HawkbitSecurityProperties securityProperties) { + public FilterRegistrationBean dosMgmtFilter(final HawkbitSecurityProperties securityProperties) { - final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getFilter(), - securityProperties.getClients()); + final FilterRegistrationBean filterRegBean = dosFilter(null, + securityProperties.getDos().getFilter(), securityProperties.getClients()); filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*")); filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setName("dosMgmtFilter"); @@ -545,6 +544,15 @@ public class SecurityManagedConfiguration { @Autowired private HawkbitSecurityProperties hawkbitSecurityProperties; + private final VaadinUrlAuthenticationSuccessHandler handler; + + public UISecurityConfigurationAdapter(final VaadinRedirectStrategy redirectStrategy) { + handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler(); + handler.setRedirectStrategy(redirectStrategy); + handler.setDefaultTargetUrl("/UI/"); + handler.setTargetUrlParameter("r"); + } + /** * Filter to protect the hawkBit management UI against to many requests. * @@ -556,10 +564,10 @@ public class SecurityManagedConfiguration { */ @Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true) - public FilterRegistrationBean dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) { + public FilterRegistrationBean dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) { - final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getUiFilter(), - securityProperties.getClients()); + final FilterRegistrationBean filterRegBean = dosFilter(null, + securityProperties.getDos().getUiFilter(), securityProperties.getClients()); // All URLs that can be called anonymous filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*")); filterRegBean.setOrder(DOS_FILTER_ORDER); @@ -574,35 +582,20 @@ public class SecurityManagedConfiguration { */ @PostConstruct public void afterPropertiesSet() { - this.vaadinSecurityContext.addAuthenticationSuccessHandler(redirectSaveHandler()); + this.vaadinSecurityContext.addAuthenticationSuccessHandler(handler); } - @Bean(name = "authenticationManager") @Override + @Bean(name = "authenticationManager") public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } - /** - * @return The VaadinRedirectStategy - */ - @Bean - public VaadinRedirectStrategy vaadinRedirectStrategy() { - return new VaadinDefaultRedirectStrategy(); - } - /** * @return the vaadin success authentication handler */ @Bean public VaadinAuthenticationSuccessHandler redirectSaveHandler() { - - final VaadinUrlAuthenticationSuccessHandler handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler(); - - handler.setRedirectStrategy(vaadinRedirectStrategy()); - handler.setDefaultTargetUrl("/UI/"); - handler.setTargetUrlParameter("r"); - return handler; }