Rename hawkbit-security-intenal -> hawkbit-security-controller (#2015)

as it is controller only related

* DmfTenantSecurityToken renamed to ControllerSecurityToken - as it is such
* hawkbit.security classes from http-security-internal moved to hawkbit.security.controller - as they are such and it is bad practice to have same package in multiple modules

_release_notes_

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-11-12 12:45:09 +02:00
committed by GitHub
parent c85518be3c
commit 5182217745
30 changed files with 109 additions and 109 deletions

View File

@@ -53,7 +53,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-controller</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@@ -29,7 +29,6 @@ import org.eclipse.hawkbit.security.MdcHandler;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;

View File

@@ -25,8 +25,8 @@ import org.eclipse.hawkbit.rest.security.DosFilter;
import org.eclipse.hawkbit.security.DdiSecurityProperties; import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties; import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import org.eclipse.hawkbit.security.MdcHandler; import org.eclipse.hawkbit.security.MdcHandler;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;

View File

@@ -23,9 +23,9 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.ControllerSecurityToken;
import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.util.UrlUtils; import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
@@ -46,6 +46,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
protected TenantConfigurationManagement tenantConfigurationManagement; protected TenantConfigurationManagement tenantConfigurationManagement;
protected TenantAware tenantAware; protected TenantAware tenantAware;
protected SystemSecurityContext systemSecurityContext; protected SystemSecurityContext systemSecurityContext;
private static final String TENANT_PLACE_HOLDER = "tenant"; private static final String TENANT_PLACE_HOLDER = "tenant";
private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId"; private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
/** /**
@@ -53,12 +54,11 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
* containing the placeholder key for retrieving the principal from the URI * containing the placeholder key for retrieving the principal from the URI
* request. e.g."/{tenant}/controller/v1/{controllerId} * request. e.g."/{tenant}/controller/v1/{controllerId}
*/ */
private static final String CONTROLLER_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/v1" + "/{" private static final String CONTROLLER_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/v1" +
+ CONTROLLER_ID_PLACE_HOLDER + "}/**"; "/{" + CONTROLLER_ID_PLACE_HOLDER + "}/**";
private static final String CONTROLLER_DL_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER private static final String CONTROLLER_DL_REQUEST_ANT_PATTERN = "/{" + TENANT_PLACE_HOLDER + "}/controller/artifacts/v1/**";
+ "}/controller/artifacts/v1/**";
private final AntPathMatcher pathExtractor;
private final AntPathMatcher pathExtractor;
private PreAuthenticationFilter abstractControllerAuthenticationFilter; private PreAuthenticationFilter abstractControllerAuthenticationFilter;
/** /**
@@ -91,7 +91,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
return; return;
} }
final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables((HttpServletRequest) request); final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables((HttpServletRequest) request);
if (securityToken == null) { if (securityToken == null) {
chain.doFilter(request, response); chain.doFilter(request, response);
return; return;
@@ -120,7 +120,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
@Override @Override
protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) { protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables(request); final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables(request);
if (securityToken == null) { if (securityToken == null) {
return null; return null;
} }
@@ -129,7 +129,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
@Override @Override
protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) { protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) {
final DmfTenantSecurityToken securityToken = createTenantSecurityTokenVariables(request); final ControllerSecurityToken securityToken = createTenantSecurityTokenVariables(request);
if (securityToken == null) { if (securityToken == null) {
return null; return null;
} }
@@ -144,11 +144,11 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
* Extracts tenant and controllerId from the request URI as path variables. * Extracts tenant and controllerId from the request URI as path variables.
* *
* @param request the Http request to extract the path variables. * @param request the Http request to extract the path variables.
* @return the extracted {@link DmfTenantSecurityToken} or {@code null} if the * @return the extracted {@link ControllerSecurityToken} or {@code null} if the
* request does not match the pattern and no variables could be * request does not match the pattern and no variables could be
* extracted * extracted
*/ */
protected DmfTenantSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request) { protected ControllerSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request) {
final String requestURI = request.getRequestURI(); final String requestURI = request.getRequestURI();
if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) { if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) {
@@ -173,14 +173,10 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
} }
} }
private DmfTenantSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request, private ControllerSecurityToken createTenantSecurityTokenVariables(final HttpServletRequest request,
final String tenant, final String controllerId) { final String tenant, final String controllerId) {
final DmfTenantSecurityToken securityToken = new DmfTenantSecurityToken(tenant, null, controllerId, null); final ControllerSecurityToken securityToken = new ControllerSecurityToken(tenant, null, controllerId, null);
Collections.list(request.getHeaderNames()).forEach(header -> securityToken.putHeader(header, request.getHeader(header)));
Collections.list(request.getHeaderNames())
.forEach(header -> securityToken.putHeader(header, request.getHeader(header)));
return securityToken; return securityToken;
} }
} }

View File

@@ -14,7 +14,7 @@ import java.util.Map;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.security.TenantAwareWebAuthenticationDetails; import org.eclipse.hawkbit.security.controller.TenantAwareWebAuthenticationDetails;
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails; import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.util.UrlUtils; import org.eclipse.hawkbit.util.UrlUtils;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;

View File

@@ -12,9 +12,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousDownload;
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedAnonymousDownload;
import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger; import org.slf4j.Logger;

View File

@@ -12,9 +12,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.ControllerManagement; import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerPreAuthenticateSecurityTokenFilter;
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticateSecurityTokenFilter;
import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger; import org.slf4j.Logger;

View File

@@ -11,9 +11,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger; import org.slf4j.Logger;

View File

@@ -11,9 +11,9 @@ package org.eclipse.hawkbit.autoconfigure.ddi.security;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilter;
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.security.controller.ControllerPreAuthenticatedSecurityHeaderFilter;
import org.eclipse.hawkbit.security.controller.PreAuthenticationFilter;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger; import org.slf4j.Logger;

View File

@@ -18,8 +18,8 @@ import java.util.Collections;
import io.qameta.allure.Description; import io.qameta.allure.Description;
import io.qameta.allure.Feature; import io.qameta.allure.Feature;
import io.qameta.allure.Story; import io.qameta.allure.Story;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider; import org.eclipse.hawkbit.security.controller.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.TenantAwareWebAuthenticationDetails; import org.eclipse.hawkbit.security.controller.TenantAwareWebAuthenticationDetails;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.Mock;

View File

@@ -35,7 +35,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-controller</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@@ -30,7 +30,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-controller</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@@ -29,7 +29,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-core</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@@ -16,10 +16,8 @@ import java.util.List;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.rest.security.DosFilter; import org.eclipse.hawkbit.rest.security.DosFilter;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties; import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.AdviceMode; import org.springframework.context.annotation.AdviceMode;
@@ -28,10 +26,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySource;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.firewall.FirewalledRequest; import org.springframework.security.web.firewall.FirewalledRequest;
import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.HttpFirewall;

View File

@@ -17,9 +17,9 @@
<artifactId>hawkbit-parent</artifactId> <artifactId>hawkbit-parent</artifactId>
<version>${revision}</version> <version>${revision}</version>
</parent> </parent>
<artifactId>hawkbit-security-integration</artifactId>
<name>hawkBit :: Security Integration</name>
<artifactId>hawkbit-security-controller</artifactId>
<name>hawkBit :: Security :: Controller</name>
<dependencies> <dependencies>
<dependency> <dependency>
@@ -27,6 +27,7 @@
<artifactId>hawkbit-repository-api</artifactId> <artifactId>hawkbit-repository-api</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId> <artifactId>spring-security-web</artifactId>

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@@ -15,6 +15,7 @@ import java.util.Collection;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -31,8 +32,9 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
protected final SystemSecurityContext systemSecurityContext; protected final SystemSecurityContext systemSecurityContext;
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner; private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement, protected AbstractControllerAuthenticationFilter(
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) { final TenantConfigurationManagement systemManagement, final TenantAware tenantAware,
final SystemSecurityContext systemSecurityContext) {
this.tenantConfigurationManagement = systemManagement; this.tenantConfigurationManagement = systemManagement;
this.tenantAware = tenantAware; this.tenantAware = tenantAware;
this.systemSecurityContext = systemSecurityContext; this.systemSecurityContext = systemSecurityContext;
@@ -40,7 +42,7 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
} }
@Override @Override
public boolean isEnable(final DmfTenantSecurityToken securityToken) { public boolean isEnable(final ControllerSecurityToken securityToken) {
return tenantAware.runAsTenant(securityToken.getTenant(), configurationKeyTenantRunner); return tenantAware.runAsTenant(securityToken.getTenant(), configurationKeyTenantRunner);
} }

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.Optional; import java.util.Optional;
@@ -15,6 +15,7 @@ import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.ControllerManagement; import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.model.Target; import org.eclipse.hawkbit.repository.model.Target;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
@@ -54,9 +55,9 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
final String controllerId = resolveControllerId(securityToken); final String controllerId = resolveControllerId(securityToken);
final String authHeader = securityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER); final String authHeader = securityToken.getHeader(ControllerSecurityToken.AUTHORIZATION_HEADER);
if ((authHeader != null) && authHeader.startsWith(TARGET_SECURITY_TOKEN_AUTH_SCHEME)) { if ((authHeader != null) && authHeader.startsWith(TARGET_SECURITY_TOKEN_AUTH_SCHEME)) {
log.debug("found authorization header with scheme {} using target security token for authentication", log.debug("found authorization header with scheme {} using target security token for authentication",
TARGET_SECURITY_TOKEN_AUTH_SCHEME); TARGET_SECURITY_TOKEN_AUTH_SCHEME);
@@ -69,7 +70,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
final Optional<Target> target = systemSecurityContext.runAsSystemAsTenant(() -> { final Optional<Target> target = systemSecurityContext.runAsSystemAsTenant(() -> {
if (securityToken.getTargetId() != null) { if (securityToken.getTargetId() != null) {
return controllerManagement.get(securityToken.getTargetId()); return controllerManagement.get(securityToken.getTargetId());
@@ -87,7 +88,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
return TenantConfigurationKey.AUTHENTICATION_MODE_TARGET_SECURITY_TOKEN_ENABLED; return TenantConfigurationKey.AUTHENTICATION_MODE_TARGET_SECURITY_TOKEN_ENABLED;
} }
private String resolveControllerId(final DmfTenantSecurityToken securityToken) { private String resolveControllerId(final ControllerSecurityToken securityToken) {
if (securityToken.getControllerId() != null) { if (securityToken.getControllerId() != null) {
return securityToken.getControllerId(); return securityToken.getControllerId();
} }

View File

@@ -7,15 +7,16 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
/** /**
* An pre-authenticated processing filter which add the * A pre-authenticated processing filter which add the
* {@link SpringEvalExpressions#CONTROLLER_DOWNLOAD_ROLE_ANONYMOUS} to the * {@link SpringEvalExpressions#CONTROLLER_DOWNLOAD_ROLE_ANONYMOUS} to the
* security context in case the anonymous download is allowed through * security context in case the anonymous download is allowed through
* configuration. * configuration.
@@ -39,12 +40,12 @@ public class ControllerPreAuthenticatedAnonymousDownload extends AbstractControl
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
} }

View File

@@ -7,13 +7,15 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
/** /**
* An anonymous controller filter which is only enabled in case of anonymous * An anonymous controller filter which is only enabled in case of anonymous
* access is granted. This should only be for development purposes. * access is granted. This should only be for development purposes.
* *
* @see DdiSecurityProperties * @see org.eclipse.hawkbit.security.DdiSecurityProperties
*/ */
public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticationFilter { public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticationFilter {
@@ -28,17 +30,17 @@ public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticat
} }
@Override @Override
public boolean isEnable(final DmfTenantSecurityToken securityToken) { public boolean isEnable(final ControllerSecurityToken securityToken) {
return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled(); return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled();
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
} }
} }

View File

@@ -7,10 +7,11 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
@@ -48,8 +49,8 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
final String authHeader = securityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER); final String authHeader = securityToken.getHeader(ControllerSecurityToken.AUTHORIZATION_HEADER);
if (authHeader != null && if (authHeader != null &&
authHeader.startsWith(GATEWAY_SECURITY_TOKEN_AUTH_SCHEME) && authHeader.startsWith(GATEWAY_SECURITY_TOKEN_AUTH_SCHEME) &&
authHeader.length() > OFFSET_GATEWAY_TOKEN) { // disables empty string token authHeader.length() > OFFSET_GATEWAY_TOKEN) { // disables empty string token
@@ -65,7 +66,7 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
final String gatewayToken = tenantAware.runAsTenant(securityToken.getTenant(), final String gatewayToken = tenantAware.runAsTenant(securityToken.getTenant(),
gatewaySecurityTokenKeyConfigRunner); gatewaySecurityTokenKeyConfigRunner);
return new HeaderAuthentication(securityToken.getControllerId(), gatewayToken); return new HeaderAuthentication(securityToken.getControllerId(), gatewayToken);

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@@ -15,6 +15,7 @@ import java.util.stream.Collectors;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
import org.slf4j.Logger; import org.slf4j.Logger;
@@ -23,7 +24,7 @@ import org.slf4j.LoggerFactory;
/** /**
* A pre-authenticated processing filter which extracts the principal from a * A pre-authenticated processing filter which extracts the principal from a
* request URI and the credential from a request header in a the * request URI and the credential from a request header in a the
* {@link DmfTenantSecurityToken}. * {@link ControllerSecurityToken}.
*/ */
@Slf4j @Slf4j
public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter { public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
@@ -71,7 +72,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
} }
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final ControllerSecurityToken securityToken) {
// retrieve the common name header and the authority name header from // retrieve the common name header and the authority name header from
// the http request and combine them together // the http request and combine them together
final String commonNameValue = securityToken.getHeader(caCommonNameHeader); final String commonNameValue = securityToken.getHeader(caCommonNameHeader);
@@ -92,7 +93,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
} }
@Override @Override
public Object getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public Object getPreAuthenticatedCredentials(final ControllerSecurityToken securityToken) {
final String authorityNameConfigurationValue = tenantAware.runAsTenant(securityToken.getTenant(), final String authorityNameConfigurationValue = tenantAware.runAsTenant(securityToken.getTenant(),
sslIssuerNameConfigTenantRunner); sslIssuerNameConfigTenantRunner);
@@ -124,7 +125,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
* this tenant. * this tenant.
*/ */
@SuppressWarnings("java:S2629") // check if debug is enabled is maybe heavier then evaluation @SuppressWarnings("java:S2629") // check if debug is enabled is maybe heavier then evaluation
private String getIssuerHashHeader(final DmfTenantSecurityToken securityToken, final String knownIssuerHashes) { private String getIssuerHashHeader(final ControllerSecurityToken securityToken, final String knownIssuerHashes) {
// there may be several knownIssuerHashes configured for the tenant // there may be several knownIssuerHashes configured for the tenant
final List<String> knownHashes = splitMultiHashBySemicolon(knownIssuerHashes); final List<String> knownHashes = splitMultiHashBySemicolon(knownIssuerHashes);

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.Map; import java.util.Map;
import java.util.TreeMap; import java.util.TreeMap;
@@ -25,16 +25,17 @@ import lombok.Data;
@Data @Data
@JsonInclude(Include.NON_NULL) @JsonInclude(Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public class DmfTenantSecurityToken { public class ControllerSecurityToken {
public static final String AUTHORIZATION_HEADER = "Authorization"; public static final String AUTHORIZATION_HEADER = "Authorization";
@JsonProperty @JsonProperty
private final Long tenantId; private final Long tenantId;
@JsonProperty @JsonProperty
private final String controllerId;
@JsonProperty
private final Long targetId; private final Long targetId;
@JsonProperty @JsonProperty
private final String controllerId;
@JsonProperty
private String tenant; private String tenant;
@JsonProperty @JsonProperty
private Map<String, String> headers; private Map<String, String> headers;
@@ -48,7 +49,8 @@ public class DmfTenantSecurityToken {
* @param targetId alternative target identification by technical ID * @param targetId alternative target identification by technical ID
*/ */
@JsonCreator @JsonCreator
public DmfTenantSecurityToken(@JsonProperty("tenant") final String tenant, public ControllerSecurityToken(
@JsonProperty("tenant") final String tenant,
@JsonProperty("tenantId") final Long tenantId, @JsonProperty("controllerId") final String controllerId, @JsonProperty("tenantId") final Long tenantId, @JsonProperty("controllerId") final String controllerId,
@JsonProperty("targetId") final Long targetId) { @JsonProperty("targetId") final Long targetId) {
this.tenant = tenant; this.tenant = tenant;
@@ -63,20 +65,10 @@ public class DmfTenantSecurityToken {
* @param tenant the tenant for the security token * @param tenant the tenant for the security token
* @param controllerId the ID of the controller for the security token * @param controllerId the ID of the controller for the security token
*/ */
public DmfTenantSecurityToken(final String tenant, final String controllerId) { public ControllerSecurityToken(final String tenant, final String controllerId) {
this(tenant, null, controllerId, null); this(tenant, null, controllerId, null);
} }
/**
* Constructor.
*
* @param tenantId the tenant for the security token
* @param targetId target identification by technical ID
*/
public DmfTenantSecurityToken(final Long tenantId, final Long targetId) {
this(null, tenantId, null, targetId);
}
/** /**
* Gets a header value. * Gets a header value.
* *
@@ -96,12 +88,12 @@ public class DmfTenantSecurityToken {
* *
* @param name of the header * @param name of the header
* @param value of the header * @param value of the header
* @return the previous value associated with the <tt>name</tt>, or <tt>null</tt> if there was no mapping for <tt>name</tt>.
*/ */
public String putHeader(final String name, final String value) { public void putHeader(final String name, final String value) {
if (headers == null) { if (headers == null) {
headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); headers = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
} }
return headers.put(name, value);
headers.put(name, value);
} }
} }

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
/** /**
* The authentication principal and credentials object which holds the * The authentication principal and credentials object which holds the

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
@@ -26,7 +26,7 @@ public interface PreAuthenticationFilter {
* @param securityToken the secruity info * @param securityToken the secruity info
* @return <code>true</code> is enabled <code>false</code> diabled * @return <code>true</code> is enabled <code>false</code> diabled
*/ */
boolean isEnable(DmfTenantSecurityToken securityToken); boolean isEnable(ControllerSecurityToken securityToken);
/** /**
* Extract the principal information from the current securityToken. * Extract the principal information from the current securityToken.
@@ -34,7 +34,7 @@ public interface PreAuthenticationFilter {
* @param securityToken the securityToken * @param securityToken the securityToken
* @return the extracted tenant and controller id * @return the extracted tenant and controller id
*/ */
HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken securityToken); HeaderAuthentication getPreAuthenticatedPrincipal(ControllerSecurityToken securityToken);
/** /**
* Extract the principal credentials from the current securityToken. * Extract the principal credentials from the current securityToken.
@@ -42,7 +42,7 @@ public interface PreAuthenticationFilter {
* @param securityToken the securityToken * @param securityToken the securityToken
* @return the extracted tenant and controller id * @return the extracted tenant and controller id
*/ */
Object getPreAuthenticatedCredentials(DmfTenantSecurityToken securityToken); Object getPreAuthenticatedCredentials(ControllerSecurityToken securityToken);
/** /**
* Allows to add additional authorities to the successful authenticated token. * Allows to add additional authorities to the successful authenticated token.

View File

@@ -7,7 +7,9 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import java.io.Serial;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@@ -22,7 +24,9 @@ import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
*/ */
public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticationDetails { public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticationDetails {
@Serial
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
private final String remoteAddress; private final String remoteAddress;
/** /**

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@@ -15,6 +15,7 @@ import io.qameta.allure.Feature;
import io.qameta.allure.Story; import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;

View File

@@ -7,7 +7,7 @@
* *
* SPDX-License-Identifier: EPL-2.0 * SPDX-License-Identifier: EPL-2.0
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security.controller;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@@ -19,6 +19,9 @@ import io.qameta.allure.Feature;
import io.qameta.allure.Story; import io.qameta.allure.Story;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue; import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.security.SecurityContextSerializer;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver; import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey; import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
@@ -62,14 +65,15 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@BeforeEach @BeforeEach
public void before() { public void before() {
final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer); final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer);
underTest = new ControllerPreAuthenticatedSecurityHeaderFilter(CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d", underTest = new ControllerPreAuthenticatedSecurityHeaderFilter(
CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d",
tenantConfigurationManagementMock, tenantAware, new SystemSecurityContext(tenantAware)); tenantConfigurationManagementMock, tenantAware, new SystemSecurityContext(tenantAware));
} }
@Test @Test
@Description("Tests the filter for issuer hash based authentication with a single known hash") @Description("Tests the filter for issuer hash based authentication with a single known hash")
public void testIssuerHashBasedAuthenticationWithSingleKnownHash() { public void testIssuerHashBasedAuthenticationWithSingleKnownHash() {
final DmfTenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH); final ControllerSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
@@ -92,7 +96,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests the filter for issuer hash based authentication with unknown hash") @Description("Tests the filter for issuer hash based authentication with unknown hash")
public void testIssuerHashBasedAuthenticationWithUnknownHash() { public void testIssuerHashBasedAuthenticationWithUnknownHash() {
final DmfTenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH); final ControllerSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
@@ -103,8 +107,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests different values for issuer hash header and inspects the credentials") @Description("Tests different values for issuer hash header and inspects the credentials")
public void useDifferentValuesForIssuerHashHeader() { public void useDifferentValuesForIssuerHashHeader() {
final DmfTenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH); final ControllerSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
final DmfTenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH); final ControllerSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH); final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH);
final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH); final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH);
@@ -129,8 +133,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
} }
private static DmfTenantSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) { private static ControllerSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) {
final DmfTenantSecurityToken securityToken = new DmfTenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE); final ControllerSecurityToken securityToken = new ControllerSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE);
securityToken.putHeader(CA_COMMON_NAME, CA_COMMON_NAME_VALUE); securityToken.putHeader(CA_COMMON_NAME, CA_COMMON_NAME_VALUE);
securityToken.putHeader(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue); securityToken.putHeader(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue);
return securityToken; return securityToken;

View File

@@ -33,7 +33,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-controller</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>

View File

@@ -134,7 +134,7 @@
<modules> <modules>
<module>hawkbit-core</module> <module>hawkbit-core</module>
<module>hawkbit-security-core</module> <module>hawkbit-security-core</module>
<module>hawkbit-security-integration</module> <module>hawkbit-security-controller</module>
<module>hawkbit-artifact</module> <module>hawkbit-artifact</module>
<module>hawkbit-repository</module> <module>hawkbit-repository</module>
<module>hawkbit-autoconfigure</module> <module>hawkbit-autoconfigure</module>