From 5182217745e39c9e8760b20f1a4e6f857c6676a3 Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Tue, 12 Nov 2024 12:45:09 +0200
Subject: [PATCH] Rename hawkbit-security-intenal ->
 hawkbit-security-controller (#2015)

as it is controller only related

* DmfTenantSecurityToken renamed to ControllerSecurityToken - as it is such
* hawkbit.security classes from http-security-internal moved to hawkbit.security.controller - as they are such and it is bad practice to have same package in multiple modules

_release_notes_

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---
 hawkbit-ddi/hawkbit-ddi-starter/pom.xml       |  2 +-
 ...ntrollerDownloadSecurityConfiguration.java |  1 -
 .../ddi/ControllerSecurityConfiguration.java  |  2 +-
 ...actHttpControllerAuthenticationFilter.java | 36 +++++++++----------
 ...enantAwareAuthenticationDetailsSource.java |  2 +-
 ...reAuthenticateAnonymousDownloadFilter.java |  4 +--
 ...lerPreAuthenticateSecurityTokenFilter.java |  4 +--
 ...thenticatedGatewaySecurityTokenFilter.java |  4 +--
 ...rPreAuthenticatedSecurityHeaderFilter.java |  4 +--
 ...SourceTrustAuthenticationProviderTest.java |  4 +--
 hawkbit-dmf/hawkbit-dmf-amqp/pom.xml          |  2 +-
 hawkbit-mgmt/hawkbit-mgmt-starter/pom.xml     |  2 +-
 hawkbit-rest-core/pom.xml                     |  2 +-
 .../rest/SecurityManagedConfiguration.java    |  5 ---
 .../pom.xml                                   |  5 +--
 ...bstractControllerAuthenticationFilter.java | 10 +++---
 ...lerPreAuthenticateSecurityTokenFilter.java | 11 +++---
 ...llerPreAuthenticatedAnonymousDownload.java | 11 +++---
 ...rollerPreAuthenticatedAnonymousFilter.java | 12 ++++---
 ...thenticatedGatewaySecurityTokenFilter.java |  9 ++---
 ...rPreAuthenticatedSecurityHeaderFilter.java | 11 +++---
 .../controller/ControllerSecurityToken.java   | 30 ++++++----------
 .../controller}/HeaderAuthentication.java     |  2 +-
 ...okenSourceTrustAuthenticationProvider.java |  2 +-
 .../controller}/PreAuthenticationFilter.java  |  8 ++---
 .../TenantAwareWebAuthenticationDetails.java  |  6 +++-
 ...PreAuthenticatedAnonymousDownloadTest.java |  3 +-
 ...AuthenticatedSecurityHeaderFilterTest.java | 20 ++++++-----
 hawkbit-test-report/pom.xml                   |  2 +-
 pom.xml                                       |  2 +-
 30 files changed, 109 insertions(+), 109 deletions(-)
 rename {hawkbit-security-integration => hawkbit-security-controller}/pom.xml (93%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/AbstractControllerAuthenticationFilter.java (85%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticateSecurityTokenFilter.java (91%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedAnonymousDownload.java (89%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedAnonymousFilter.java (81%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java (93%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedSecurityHeaderFilter.java (94%)
 rename hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/DmfTenantSecurityToken.java => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerSecurityToken.java (76%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/HeaderAuthentication.java (97%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/PreAuthTokenSourceTrustAuthenticationProvider.java (99%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/PreAuthenticationFilter.java (84%)
 rename {hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller}/TenantAwareWebAuthenticationDetails.java (94%)
 rename {hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedAnonymousDownloadTest.java (95%)
 rename {hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security => hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller}/ControllerPreAuthenticatedSecurityHeaderFilterTest.java (87%)

diff --git a/hawkbit-ddi/hawkbit-ddi-starter/pom.xml b/hawkbit-ddi/hawkbit-ddi-starter/pom.xml
index d8f002f65..910b30f24 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/pom.xml
+++ b/hawkbit-ddi/hawkbit-ddi-starter/pom.xml
@@ -53,7 +53,7 @@
         </dependency>
         <dependency>
             <groupId>org.eclipse.hawkbit</groupId>
-            <artifactId>hawkbit-security-integration</artifactId>
+            <artifactId>hawkbit-security-controller</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java
index 5c0be056e..10ca05119 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java
@@ -29,7 +29,6 @@ import org.eclipse.hawkbit.security.MdcHandler;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java
index 6e8ba5c45..5717cc774 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java
@@ -25,8 +25,8 @@ import org.eclipse.hawkbit.rest.security.DosFilter;
 import org.eclipse.hawkbit.security.DdiSecurityProperties;
 import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
 import org.eclipse.hawkbit.security.MdcHandler;
-import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.PreAuthTokenSourceTrustAuthenticationProvider;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/AbstractHttpControllerAuthenticationFilter.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/AbstractHttpControllerAuthenticationFilter.java
index 52d36963e..1568848b5 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/AbstractHttpControllerAuthenticationFilter.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/AbstractHttpControllerAuthenticationFilter.java
@@ -23,9 +23,9 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
-import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
-import org.eclipse.hawkbit.security.PreAuthenticationFilter;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.ControllerSecurityToken;
+import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.util.UrlUtils;
 import org.slf4j.Logger;
@@ -46,6 +46,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
     protected TenantConfigurationManagement tenantConfigurationManagement;
     protected TenantAware tenantAware;
     protected SystemSecurityContext systemSecurityContext;
+
     private static final String TENANT_PLACE_HOLDER = "tenant";
     private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
     /**
@@ -53,12 +54,11 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
      * containing the placeholder key for retrieving the principal from the URI
      * request. e.g."/{tenant}/controller/v1/{controllerId}
      */
-    private static final String CONTROLLER_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/v1" + "/{"
-            + CONTROLLER_ID_PLACE_HOLDER + "}/**";
-    private static final String CONTROLLER_DL_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER
-            + "}/controller/artifacts/v1/**";
-    private final AntPathMatcher pathExtractor;
+    private static final String CONTROLLER_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/v1" +
+            "/{" + CONTROLLER_ID_PLACE_HOLDER + "}/**";
+    private static final String CONTROLLER_DL_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/artifacts/v1/**";
 
+    private final AntPathMatcher pathExtractor;
     private PreAuthenticationFilter abstractControllerAuthenticationFilter;
 
     /**
@@ -91,7 +91,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
             return;
         }
 
-        final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables((HttpServletRequest) request);
+        final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables((HttpServletRequest) request);
         if (securityToken == null) {
             chain.doFilter(request, response);
             return;
@@ -120,7 +120,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
 
     @Override
     protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
-        final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables(request);
+        final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables(request);
         if (securityToken == null) {
             return null;
         }
@@ -129,7 +129,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
 
     @Override
     protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) {
-        final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables(request);
+        final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables(request);
         if (securityToken == null) {
             return null;
         }
@@ -144,11 +144,11 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
      * Extracts tenant and controllerId from the request URI as path variables.
      *
      * @param request the Http request to extract the path variables.
-     * @return the extracted {@link DmfTenantSecurityToken} or {@code null} if the
+     * @return the extracted {@link ControllerSecurityToken} or {@code null} if the
      *         request does not match the pattern and no variables could be
      *         extracted
      */
-    protected DmfTenantSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request) {
+    protected ControllerSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request) {
         final String requestURI = request.getRequestURI();
 
         if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) {
@@ -173,14 +173,10 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
         }
     }
 
-    private DmfTenantSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request,
+    private ControllerSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request,
             final String tenant, final String controllerId) {
-        final DmfTenantSecurityToken securityToken = new DmfTenantSecurityToken(tenant, null, controllerId, null);
-
-        Collections.list(request.getHeaderNames())
-                .forEach(header -> securityToken.putHeader(header, request.getHeader(header)));
-
+        final ControllerSecurityToken securityToken = new ControllerSecurityToken(tenant, null, controllerId, null);
+        Collections.list(request.getHeaderNames()).forEach(header -> securityToken.putHeader(header, request.getHeader(header)));
         return securityToken;
     }
-
-}
+}
\ No newline at end of file
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/ControllerTenantAwareAuthenticationDetailsSource.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/ControllerTenantAwareAuthenticationDetailsSource.java
index 6dda977a3..a34dc730b 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/ControllerTenantAwareAuthenticationDetailsSource.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/ControllerTenantAwareAuthenticationDetailsSource.java
@@ -14,7 +14,7 @@ import java.util.Map;
 import jakarta.servlet.http.HttpServletRequest;
 
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.hawkbit.security.TenantAwareWebAuthenticationDetails;
+import org.eclipse.hawkbit.security.controller.TenantAwareWebAuthenticationDetails;
 import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
 import org.eclipse.hawkbit.util.UrlUtils;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateAnonymousDownloadFilter.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateAnonymousDownloadFilter.java
index 9d207d0b8..5bd52f5e9 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateAnonymousDownloadFilter.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateAnonymousDownloadFilter.java
@@ -12,9 +12,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
-import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousDownload;
-import org.eclipse.hawkbit.security.PreAuthenticationFilter;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedAnonymousDownload;
+import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.slf4j.Logger;
 
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateSecurityTokenFilter.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateSecurityTokenFilter.java
index 16378de37..bad813fe1 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateSecurityTokenFilter.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticateSecurityTokenFilter.java
@@ -12,9 +12,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.ControllerManagement;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
-import org.eclipse.hawkbit.security.ControllerPreAuthenticateSecurityTokenFilter;
-import org.eclipse.hawkbit.security.PreAuthenticationFilter;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticateSecurityTokenFilter;
+import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.slf4j.Logger;
 
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedGatewaySecurityTokenFilter.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedGatewaySecurityTokenFilter.java
index 84fb3c2a5..22f51d4b0 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedGatewaySecurityTokenFilter.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedGatewaySecurityTokenFilter.java
@@ -11,9 +11,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
 
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
-import org.eclipse.hawkbit.security.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
-import org.eclipse.hawkbit.security.PreAuthenticationFilter;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
+import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.slf4j.Logger;
 
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedSecurityHeaderFilter.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedSecurityHeaderFilter.java
index 06184a58b..52a13cb1c 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedSecurityHeaderFilter.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/security/HttpControllerPreAuthenticatedSecurityHeaderFilter.java
@@ -11,9 +11,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
 
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
-import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilter;
-import org.eclipse.hawkbit.security.PreAuthenticationFilter;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
+import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedSecurityHeaderFilter;
+import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.slf4j.Logger;
 
diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/test/java/org/eclipse/hawkbit/autoconfigure/ddi/security/PreAuthTokenSourceTrustAuthenticationProviderTest.java b/hawkbit-ddi/hawkbit-ddi-starter/src/test/java/org/eclipse/hawkbit/autoconfigure/ddi/security/PreAuthTokenSourceTrustAuthenticationProviderTest.java
index 45e08f714..357417092 100644
--- a/hawkbit-ddi/hawkbit-ddi-starter/src/test/java/org/eclipse/hawkbit/autoconfigure/ddi/security/PreAuthTokenSourceTrustAuthenticationProviderTest.java
+++ b/hawkbit-ddi/hawkbit-ddi-starter/src/test/java/org/eclipse/hawkbit/autoconfigure/ddi/security/PreAuthTokenSourceTrustAuthenticationProviderTest.java
@@ -18,8 +18,8 @@ import java.util.Collections;
 import io.qameta.allure.Description;
 import io.qameta.allure.Feature;
 import io.qameta.allure.Story;
-import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
-import org.eclipse.hawkbit.security.TenantAwareWebAuthenticationDetails;
+import org.eclipse.hawkbit.security.controller.PreAuthTokenSourceTrustAuthenticationProvider;
+import org.eclipse.hawkbit.security.controller.TenantAwareWebAuthenticationDetails;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
diff --git a/hawkbit-dmf/hawkbit-dmf-amqp/pom.xml b/hawkbit-dmf/hawkbit-dmf-amqp/pom.xml
index a123be309..ce8549a91 100644
--- a/hawkbit-dmf/hawkbit-dmf-amqp/pom.xml
+++ b/hawkbit-dmf/hawkbit-dmf-amqp/pom.xml
@@ -35,7 +35,7 @@
         </dependency>
         <dependency>
             <groupId>org.eclipse.hawkbit</groupId>
-            <artifactId>hawkbit-security-integration</artifactId>
+            <artifactId>hawkbit-security-controller</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
diff --git a/hawkbit-mgmt/hawkbit-mgmt-starter/pom.xml b/hawkbit-mgmt/hawkbit-mgmt-starter/pom.xml
index f356b5051..47e848110 100644
--- a/hawkbit-mgmt/hawkbit-mgmt-starter/pom.xml
+++ b/hawkbit-mgmt/hawkbit-mgmt-starter/pom.xml
@@ -30,7 +30,7 @@
         </dependency>
         <dependency>
             <groupId>org.eclipse.hawkbit</groupId>
-            <artifactId>hawkbit-security-integration</artifactId>
+            <artifactId>hawkbit-security-controller</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
diff --git a/hawkbit-rest-core/pom.xml b/hawkbit-rest-core/pom.xml
index 73c8b69ca..5c82cf0e9 100644
--- a/hawkbit-rest-core/pom.xml
+++ b/hawkbit-rest-core/pom.xml
@@ -29,7 +29,7 @@
         </dependency>
         <dependency>
             <groupId>org.eclipse.hawkbit</groupId>
-            <artifactId>hawkbit-security-integration</artifactId>
+            <artifactId>hawkbit-security-core</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
diff --git a/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/SecurityManagedConfiguration.java b/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/SecurityManagedConfiguration.java
index 312459164..050951085 100644
--- a/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/SecurityManagedConfiguration.java
+++ b/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/SecurityManagedConfiguration.java
@@ -16,10 +16,8 @@ import java.util.List;
 import jakarta.servlet.http.HttpServletRequest;
 
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.hawkbit.security.DdiSecurityProperties;
 import org.eclipse.hawkbit.rest.security.DosFilter;
 import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
-import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.AdviceMode;
@@ -28,10 +26,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.firewall.FirewalledRequest;
 import org.springframework.security.web.firewall.HttpFirewall;
diff --git a/hawkbit-security-integration/pom.xml b/hawkbit-security-controller/pom.xml
similarity index 93%
rename from hawkbit-security-integration/pom.xml
rename to hawkbit-security-controller/pom.xml
index b6cefe100..8b6d24521 100644
--- a/hawkbit-security-integration/pom.xml
+++ b/hawkbit-security-controller/pom.xml
@@ -17,9 +17,9 @@
         <artifactId>hawkbit-parent</artifactId>
         <version>${revision}</version>
     </parent>
-    <artifactId>hawkbit-security-integration</artifactId>
-    <name>hawkBit :: Security Integration</name>
 
+    <artifactId>hawkbit-security-controller</artifactId>
+    <name>hawkBit :: Security :: Controller</name>
 
     <dependencies>
         <dependency>
@@ -27,6 +27,7 @@
             <artifactId>hawkbit-repository-api</artifactId>
             <version>${project.version}</version>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-web</artifactId>
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/AbstractControllerAuthenticationFilter.java
similarity index 85%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/AbstractControllerAuthenticationFilter.java
index eb2b33253..1d092ce70 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/AbstractControllerAuthenticationFilter.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.Arrays;
 import java.util.Collection;
@@ -15,6 +15,7 @@ import java.util.Collection;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -31,8 +32,9 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
     protected final SystemSecurityContext systemSecurityContext;
     private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
 
-    protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement,
-            final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
+    protected AbstractControllerAuthenticationFilter(
+            final TenantConfigurationManagement systemManagement, final TenantAware tenantAware,
+            final SystemSecurityContext systemSecurityContext) {
         this.tenantConfigurationManagement = systemManagement;
         this.tenantAware = tenantAware;
         this.systemSecurityContext = systemSecurityContext;
@@ -40,7 +42,7 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
     }
 
     @Override
-    public boolean isEnable(final DmfTenantSecurityToken securityToken) {
+    public boolean isEnable(final ControllerSecurityToken securityToken) {
         return tenantAware.runAsTenant(securityToken.getTenant(), configurationKeyTenantRunner);
     }
 
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticateSecurityTokenFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticateSecurityTokenFilter.java
similarity index 91%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticateSecurityTokenFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticateSecurityTokenFilter.java
index 56234e679..83d0087d5 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticateSecurityTokenFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticateSecurityTokenFilter.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.Optional;
 
@@ -15,6 +15,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.ControllerManagement;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
 import org.eclipse.hawkbit.repository.model.Target;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
 
@@ -54,9 +55,9 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
         final String controllerId = resolveControllerId(securityToken);
-        final String authHeader = securityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER);
+        final String authHeader = securityToken.getHeader(ControllerSecurityToken.AUTHORIZATION_HEADER);
         if ((authHeader != null) && authHeader.startsWith(TARGET_SECURITY_TOKEN_AUTH_SCHEME)) {
             log.debug("found authorization header with scheme {} using target security token for authentication",
                     TARGET_SECURITY_TOKEN_AUTH_SCHEME);
@@ -69,7 +70,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
         final Optional<Target> target = systemSecurityContext.runAsSystemAsTenant(() -> {
             if (securityToken.getTargetId() != null) {
                 return controllerManagement.get(securityToken.getTargetId());
@@ -87,7 +88,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
         return TenantConfigurationKey.AUTHENTICATION_MODE_TARGET_SECURITY_TOKEN_ENABLED;
     }
 
-    private String resolveControllerId(final DmfTenantSecurityToken securityToken) {
+    private String resolveControllerId(final ControllerSecurityToken securityToken) {
         if (securityToken.getControllerId() != null) {
             return securityToken.getControllerId();
         }
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownload.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownload.java
similarity index 89%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownload.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownload.java
index bcbaa6d95..3a813ffa7 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownload.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownload.java
@@ -7,15 +7,16 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
 
 /**
- * An pre-authenticated processing filter which add the
+ * A pre-authenticated processing filter which add the
  * {@link SpringEvalExpressions#CONTROLLER_DOWNLOAD_ROLE_ANONYMOUS} to the
  * security context in case the anonymous download is allowed through
  * configuration.
@@ -39,12 +40,12 @@ public class ControllerPreAuthenticatedAnonymousDownload extends AbstractControl
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
         return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
         return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
     }
 
@@ -52,4 +53,4 @@ public class ControllerPreAuthenticatedAnonymousDownload extends AbstractControl
     protected String getTenantConfigurationKey() {
         return TenantConfigurationKey.ANONYMOUS_DOWNLOAD_MODE_ENABLED;
     }
-}
+}
\ No newline at end of file
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousFilter.java
similarity index 81%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousFilter.java
index a0122da7d..ce1a9fe8b 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousFilter.java
@@ -7,13 +7,15 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
+
+import org.eclipse.hawkbit.security.DdiSecurityProperties;
 
 /**
  * An anonymous controller filter which is only enabled in case of anonymous
  * access is granted. This should only be for development purposes.
  *
- * @see DdiSecurityProperties
+ * @see org.eclipse.hawkbit.security.DdiSecurityProperties
  */
 public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticationFilter {
 
@@ -28,17 +30,17 @@ public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticat
     }
 
     @Override
-    public boolean isEnable(final DmfTenantSecurityToken securityToken) {
+    public boolean isEnable(final ControllerSecurityToken securityToken) {
         return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled();
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
         return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
         return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
     }
 }
\ No newline at end of file
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java
similarity index 93%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java
index fd2fe202b..9c3c69bea 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedGatewaySecurityTokenFilter.java
@@ -7,10 +7,11 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
 
@@ -48,8 +49,8 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
-        final String authHeader = securityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER);
+    public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
+        final String authHeader = securityToken.getHeader(ControllerSecurityToken.AUTHORIZATION_HEADER);
         if (authHeader != null &&
                 authHeader.startsWith(GATEWAY_SECURITY_TOKEN_AUTH_SCHEME) &&
                 authHeader.length() > OFFSET_GATEWAY_TOKEN) { // disables empty string token
@@ -65,7 +66,7 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
         final String gatewayToken = tenantAware.runAsTenant(securityToken.getTenant(),
                 gatewaySecurityTokenKeyConfigRunner);
         return new HeaderAuthentication(securityToken.getControllerId(), gatewayToken);
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilter.java
similarity index 94%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilter.java
index 23463c55f..b1662bb42 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilter.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.Arrays;
 import java.util.List;
@@ -15,6 +15,7 @@ import java.util.stream.Collectors;
 
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
 import org.slf4j.Logger;
@@ -23,7 +24,7 @@ import org.slf4j.LoggerFactory;
 /**
  * A pre-authenticated processing filter which extracts the principal from a
  * request URI and the credential from a request header in a the
- * {@link DmfTenantSecurityToken}.
+ * {@link ControllerSecurityToken}.
  */
 @Slf4j
 public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
@@ -71,7 +72,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
     }
 
     @Override
-    public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
+    public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
         // retrieve the common name header and the authority name header from
         // the http request and combine them together
         final String commonNameValue = securityToken.getHeader(caCommonNameHeader);
@@ -92,7 +93,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
     }
 
     @Override
-    public Object getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
+    public Object getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
         final String authorityNameConfigurationValue = tenantAware.runAsTenant(securityToken.getTenant(),
                 sslIssuerNameConfigTenantRunner);
 
@@ -124,7 +125,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
      * this tenant.
      */
     @SuppressWarnings("java:S2629") // check if debug is enabled is maybe heavier then evaluation
-    private String getIssuerHashHeader(final DmfTenantSecurityToken securityToken, final String knownIssuerHashes) {
+    private String getIssuerHashHeader(final ControllerSecurityToken securityToken, final String knownIssuerHashes) {
         // there may be several knownIssuerHashes configured for the tenant
         final List<String> knownHashes = splitMultiHashBySemicolon(knownIssuerHashes);
 
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/DmfTenantSecurityToken.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerSecurityToken.java
similarity index 76%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/DmfTenantSecurityToken.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerSecurityToken.java
index 6d85ca826..0812f0332 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/DmfTenantSecurityToken.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/ControllerSecurityToken.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.Map;
 import java.util.TreeMap;
@@ -25,16 +25,17 @@ import lombok.Data;
 @Data
 @JsonInclude(Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class DmfTenantSecurityToken {
+public class ControllerSecurityToken {
 
     public static final String AUTHORIZATION_HEADER = "Authorization";
+
     @JsonProperty
     private final Long tenantId;
     @JsonProperty
-    private final String controllerId;
-    @JsonProperty
     private final Long targetId;
     @JsonProperty
+    private final String controllerId;
+    @JsonProperty
     private String tenant;
     @JsonProperty
     private Map<String, String> headers;
@@ -48,7 +49,8 @@ public class DmfTenantSecurityToken {
      * @param targetId alternative target identification by technical ID
      */
     @JsonCreator
-    public DmfTenantSecurityToken(@JsonProperty("tenant") final String tenant,
+    public ControllerSecurityToken(
+            @JsonProperty("tenant") final String tenant,
             @JsonProperty("tenantId") final Long tenantId, @JsonProperty("controllerId") final String controllerId,
             @JsonProperty("targetId") final Long targetId) {
         this.tenant = tenant;
@@ -63,20 +65,10 @@ public class DmfTenantSecurityToken {
      * @param tenant the tenant for the security token
      * @param controllerId the ID of the controller for the security token
      */
-    public DmfTenantSecurityToken(final String tenant, final String controllerId) {
+    public ControllerSecurityToken(final String tenant, final String controllerId) {
         this(tenant, null, controllerId, null);
     }
 
-    /**
-     * Constructor.
-     *
-     * @param tenantId the tenant for the security token
-     * @param targetId target identification by technical ID
-     */
-    public DmfTenantSecurityToken(final Long tenantId, final Long targetId) {
-        this(null, tenantId, null, targetId);
-    }
-
     /**
      * Gets a header value.
      *
@@ -96,12 +88,12 @@ public class DmfTenantSecurityToken {
      *
      * @param name of the header
      * @param value of the header
-     * @return the previous value associated with the <tt>name</tt>, or <tt>null</tt> if there was no mapping for <tt>name</tt>.
      */
-    public String putHeader(final String name, final String value) {
+    public void putHeader(final String name, final String value) {
         if (headers == null) {
             headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
         }
-        return headers.put(name, value);
+
+        headers.put(name, value);
     }
 }
\ No newline at end of file
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/HeaderAuthentication.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/HeaderAuthentication.java
similarity index 97%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/HeaderAuthentication.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/HeaderAuthentication.java
index dc548dc97..91ccf5fb0 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/HeaderAuthentication.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/HeaderAuthentication.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 /**
  * The authentication principal and credentials object which holds the
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthTokenSourceTrustAuthenticationProvider.java
similarity index 99%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthTokenSourceTrustAuthenticationProvider.java
index d9b2c8f46..851f6517f 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthTokenSourceTrustAuthenticationProvider.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthenticationFilter.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthenticationFilter.java
similarity index 84%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthenticationFilter.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthenticationFilter.java
index 367e275da..152af7026 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthenticationFilter.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/PreAuthenticationFilter.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import java.util.Collection;
 import java.util.Collections;
@@ -26,7 +26,7 @@ public interface PreAuthenticationFilter {
      * @param securityToken the secruity info
      * @return <code>true</code> is enabled <code>false</code> diabled
      */
-    boolean isEnable(DmfTenantSecurityToken securityToken);
+    boolean isEnable(ControllerSecurityToken securityToken);
 
     /**
      * Extract the principal information from the current securityToken.
@@ -34,7 +34,7 @@ public interface PreAuthenticationFilter {
      * @param securityToken the securityToken
      * @return the extracted tenant and controller id
      */
-    HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken securityToken);
+    HeaderAuthentication getPreAuthenticatedPrincipal(ControllerSecurityToken securityToken);
 
     /**
      * Extract the principal credentials from the current securityToken.
@@ -42,7 +42,7 @@ public interface PreAuthenticationFilter {
      * @param securityToken the securityToken
      * @return the extracted tenant and controller id
      */
-    Object getPreAuthenticatedCredentials(DmfTenantSecurityToken securityToken);
+    Object getPreAuthenticatedCredentials(ControllerSecurityToken securityToken);
 
     /**
      * Allows to add additional authorities to the successful authenticated token.
diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/TenantAwareWebAuthenticationDetails.java b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/TenantAwareWebAuthenticationDetails.java
similarity index 94%
rename from hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/TenantAwareWebAuthenticationDetails.java
rename to hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/TenantAwareWebAuthenticationDetails.java
index fd46a796e..0687d2b27 100644
--- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/TenantAwareWebAuthenticationDetails.java
+++ b/hawkbit-security-controller/src/main/java/org/eclipse/hawkbit/security/controller/TenantAwareWebAuthenticationDetails.java
@@ -7,7 +7,9 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
+
+import java.io.Serial;
 
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -22,7 +24,9 @@ import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
  */
 public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticationDetails {
 
+    @Serial
     private static final long serialVersionUID = 1L;
+
     private final String remoteAddress;
 
     /**
diff --git a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownloadTest.java b/hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownloadTest.java
similarity index 95%
rename from hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownloadTest.java
rename to hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownloadTest.java
index 7cdd68896..d6e492885 100644
--- a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedAnonymousDownloadTest.java
+++ b/hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedAnonymousDownloadTest.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -15,6 +15,7 @@ import io.qameta.allure.Feature;
 import io.qameta.allure.Story;
 import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
diff --git a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java b/hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilterTest.java
similarity index 87%
rename from hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java
rename to hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilterTest.java
index f8818ffbb..e9df6e294 100644
--- a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java
+++ b/hawkbit-security-controller/src/test/java/org/eclipse/hawkbit/security/controller/ControllerPreAuthenticatedSecurityHeaderFilterTest.java
@@ -7,7 +7,7 @@
  *
  * SPDX-License-Identifier: EPL-2.0
  */
-package org.eclipse.hawkbit.security;
+package org.eclipse.hawkbit.security.controller;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.when;
@@ -19,6 +19,9 @@ import io.qameta.allure.Feature;
 import io.qameta.allure.Story;
 import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
 import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
+import org.eclipse.hawkbit.security.SecurityContextSerializer;
+import org.eclipse.hawkbit.security.SecurityContextTenantAware;
+import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
 import org.junit.jupiter.api.BeforeEach;
@@ -62,14 +65,15 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
     @BeforeEach
     public void before() {
         final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer);
-        underTest = new ControllerPreAuthenticatedSecurityHeaderFilter(CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d",
+        underTest = new ControllerPreAuthenticatedSecurityHeaderFilter(
+                CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d",
                 tenantConfigurationManagementMock, tenantAware, new SystemSecurityContext(tenantAware));
     }
 
     @Test
     @Description("Tests the filter for issuer hash based authentication with a single known hash")
     public void testIssuerHashBasedAuthenticationWithSingleKnownHash() {
-        final DmfTenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
+        final ControllerSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
         // use single known hash
         when(tenantConfigurationManagementMock.getConfigurationValue(
                 TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
@@ -92,7 +96,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
     @Test
     @Description("Tests the filter for issuer hash based authentication with unknown hash")
     public void testIssuerHashBasedAuthenticationWithUnknownHash() {
-        final DmfTenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
+        final ControllerSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
         // use single known hash
         when(tenantConfigurationManagementMock.getConfigurationValue(
                 TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
@@ -103,8 +107,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
     @Test
     @Description("Tests different values for issuer hash header and inspects the credentials")
     public void useDifferentValuesForIssuerHashHeader() {
-        final DmfTenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
-        final DmfTenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
+        final ControllerSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
+        final ControllerSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
 
         final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH);
         final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH);
@@ -129,8 +133,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
 
     }
 
-    private static DmfTenantSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) {
-        final DmfTenantSecurityToken securityToken = new DmfTenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE);
+    private static ControllerSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) {
+        final ControllerSecurityToken securityToken = new ControllerSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE);
         securityToken.putHeader(CA_COMMON_NAME, CA_COMMON_NAME_VALUE);
         securityToken.putHeader(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue);
         return securityToken;
diff --git a/hawkbit-test-report/pom.xml b/hawkbit-test-report/pom.xml
index 39b24e678..1414ef15a 100644
--- a/hawkbit-test-report/pom.xml
+++ b/hawkbit-test-report/pom.xml
@@ -33,7 +33,7 @@
         </dependency>
         <dependency>
             <groupId>org.eclipse.hawkbit</groupId>
-            <artifactId>hawkbit-security-integration</artifactId>
+            <artifactId>hawkbit-security-controller</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
diff --git a/pom.xml b/pom.xml
index 2a42368e5..8e0f898b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
     <modules>
         <module>hawkbit-core</module>
         <module>hawkbit-security-core</module>
-        <module>hawkbit-security-integration</module>
+        <module>hawkbit-security-controller</module>
         <module>hawkbit-artifact</module>
         <module>hawkbit-repository</module>
         <module>hawkbit-autoconfigure</module>