Remove anonymous download (#2291)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -22,14 +22,10 @@ import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
|||||||
import org.eclipse.hawkbit.security.MdcHandler;
|
import org.eclipse.hawkbit.security.MdcHandler;
|
||||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||||
import org.eclipse.hawkbit.security.controller.AuthenticationFilters;
|
import org.eclipse.hawkbit.security.controller.AuthenticationFilters;
|
||||||
import org.eclipse.hawkbit.security.controller.Authenticator;
|
|
||||||
import org.eclipse.hawkbit.security.controller.ControllerSecurityToken;
|
|
||||||
import org.eclipse.hawkbit.security.controller.GatewayTokenAuthenticator;
|
import org.eclipse.hawkbit.security.controller.GatewayTokenAuthenticator;
|
||||||
import org.eclipse.hawkbit.security.controller.SecurityHeaderAuthenticator;
|
import org.eclipse.hawkbit.security.controller.SecurityHeaderAuthenticator;
|
||||||
import org.eclipse.hawkbit.security.controller.SecurityTokenAuthenticator;
|
import org.eclipse.hawkbit.security.controller.SecurityTokenAuthenticator;
|
||||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||||
@@ -119,10 +115,6 @@ class ControllerDownloadSecurityConfiguration {
|
|||||||
new GatewayTokenAuthenticator(
|
new GatewayTokenAuthenticator(
|
||||||
tenantConfigurationManagement, tenantAware, systemSecurityContext),
|
tenantConfigurationManagement, tenantAware, systemSecurityContext),
|
||||||
ddiSecurityConfiguration), AuthorizationFilter.class)
|
ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||||
.addFilterBefore(new AuthenticationFilters.AbstractAuthenticationFilter(
|
|
||||||
new AnonymousAuthenticator(
|
|
||||||
tenantConfigurationManagement, tenantAware, systemSecurityContext),
|
|
||||||
ddiSecurityConfiguration) {}, AuthorizationFilter.class)
|
|
||||||
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
||||||
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
||||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
@@ -131,31 +123,4 @@ class ControllerDownloadSecurityConfiguration {
|
|||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Slf4j
|
|
||||||
private static class AnonymousAuthenticator extends Authenticator.AbstractAuthenticator {
|
|
||||||
|
|
||||||
protected AnonymousAuthenticator(
|
|
||||||
final TenantConfigurationManagement tenantConfigurationManagement,
|
|
||||||
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
|
|
||||||
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Authentication authenticate(final ControllerSecurityToken controllerSecurityToken) {
|
|
||||||
return isEnabled(controllerSecurityToken)
|
|
||||||
? authenticatedController(controllerSecurityToken.getTenant(), controllerSecurityToken.getControllerId())
|
|
||||||
: null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected String getTenantConfigurationKey() {
|
|
||||||
return TenantConfigurationProperties.TenantConfigurationKey.ANONYMOUS_DOWNLOAD_MODE_ENABLED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Logger log() {
|
|
||||||
return log;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
@@ -104,10 +104,6 @@ public class TenantConfigurationProperties {
|
|||||||
* {@link ControllerPollProperties#getPollingOverdueTime()}.
|
* {@link ControllerPollProperties#getPollingOverdueTime()}.
|
||||||
*/
|
*/
|
||||||
public static final String POLLING_OVERDUE_TIME_INTERVAL = "pollingOverdueTime";
|
public static final String POLLING_OVERDUE_TIME_INTERVAL = "pollingOverdueTime";
|
||||||
/**
|
|
||||||
* If anonymous downloads are enabled
|
|
||||||
*/
|
|
||||||
public static final String ANONYMOUS_DOWNLOAD_MODE_ENABLED = "anonymous.download.enabled";
|
|
||||||
/**
|
/**
|
||||||
* Represents setting if approval for a rollout is needed.
|
* Represents setting if approval for a rollout is needed.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -66,9 +66,9 @@ hawkbit.server.tenant.configuration.maintenance-window-poll-count.keyName=mainte
|
|||||||
hawkbit.server.tenant.configuration.maintenance-window-poll-count.defaultValue=${hawkbit.controller.maintenanceWindowPollCount}
|
hawkbit.server.tenant.configuration.maintenance-window-poll-count.defaultValue=${hawkbit.controller.maintenanceWindowPollCount}
|
||||||
hawkbit.server.tenant.configuration.maintenance-window-poll-count.dataType=java.lang.Integer
|
hawkbit.server.tenant.configuration.maintenance-window-poll-count.dataType=java.lang.Integer
|
||||||
|
|
||||||
hawkbit.server.tenant.configuration.anonymous-download-enabled.keyName=anonymous.download.enabled
|
#hawkbit.server.tenant.configuration.anonymous-download-enabled.keyName=anonymous.download.enabled
|
||||||
hawkbit.server.tenant.configuration.anonymous-download-enabled.defaultValue=${hawkbit.server.download.anonymous.enabled}
|
#hawkbit.server.tenant.configuration.anonymous-download-enabled.defaultValue=${hawkbit.server.download.anonymous.enabled}
|
||||||
hawkbit.server.tenant.configuration.anonymous-download-enabled.dataType=java.lang.Boolean
|
#hawkbit.server.tenant.configuration.anonymous-download-enabled.dataType=java.lang.Boolean
|
||||||
|
|
||||||
hawkbit.server.tenant.configuration.rollout-approval-enabled.keyName=rollout.approval.enabled
|
hawkbit.server.tenant.configuration.rollout-approval-enabled.keyName=rollout.approval.enabled
|
||||||
hawkbit.server.tenant.configuration.rollout-approval-enabled.defaultValue=false
|
hawkbit.server.tenant.configuration.rollout-approval-enabled.defaultValue=false
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ public class JpaTenantConfigurationManagement implements TenantConfigurationMana
|
|||||||
@Transactional
|
@Transactional
|
||||||
@Retryable(retryFor = { ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX,
|
@Retryable(retryFor = { ConcurrencyFailureException.class }, maxAttempts = Constants.TX_RT_MAX,
|
||||||
backoff = @Backoff(delay = Constants.TX_RT_DELAY))
|
backoff = @Backoff(delay = Constants.TX_RT_DELAY))
|
||||||
public <T extends Serializable> Map<String, TenantConfigurationValue<T>> addOrUpdateConfiguration(Map<String, T> configurations) {
|
public <T extends Serializable> Map<String, TenantConfigurationValue<T>> addOrUpdateConfiguration(final Map<String, T> configurations) {
|
||||||
// Register a callback to be invoked after the transaction is committed - for cache eviction
|
// Register a callback to be invoked after the transaction is committed - for cache eviction
|
||||||
afterCommitExecutor.afterCommit(() -> {
|
afterCommitExecutor.afterCommit(() -> {
|
||||||
final Cache cache = cacheManager.getCache("tenantConfiguration");
|
final Cache cache = cacheManager.getCache("tenantConfiguration");
|
||||||
|
|||||||
Reference in New Issue
Block a user