diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java index 2f0ecaf6a..c3d6bd3bd 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java @@ -20,6 +20,8 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.common.collect.Sets; + /** * An pre-authenticated processing filter which extracts the principal from a * request URI and the credential from a request header in a the @@ -113,7 +115,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont List knownHashes = splitMultiHash(authorityNameConfigurationValue); - Set multiHashes = new HashSet<>(); + Set multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size()); final String cntlId = controllerId; knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem))); return multiHashes; diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java index 78cfdfd47..4abf0deb0 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthTokenSourceTrustAuthenticationProvider.java @@ -110,34 +110,35 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica throw new BadCredentialsException("The provided principal and credentials are not match"); } - + /** - * - * The credentials may either be of type HeaderAuthentication or of type - * Collection depending on the authentication mode in - * use (the latter is used in case of trusted reverse-proxy). It is checked - * whether principal equals credentials (respectively if credentials - * contains principal in case of collection) because we want to check if - * e.g. controllerId containing in the URL equals the controllerId in the - * special header set by the reverse-proxy which extracted the CN from the - * certificate. - * - * @param principal - * @param credentials - * @param tokenDetails - * @return - */ + * + * The credentials may either be of type HeaderAuthentication or of type + * Collection depending on the authentication mode in + * use (the latter is used in case of trusted reverse-proxy). It is checked + * whether principal equals credentials (respectively if credentials + * contains principal in case of collection) because we want to check if + * e.g. controllerId containing in the URL equals the controllerId in the + * special header set by the reverse-proxy which extracted the CN from the + * certificate. + * + * @param principal + * @param credentials + * @param tokenDetails + * @return true if authentication succeeded, otherwise + * false + */ private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) { boolean successAuthentication = false; - if (principal.equals(credentials)) { - successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails); - } else if (Collection.class.isAssignableFrom(credentials.getClass())) { + if (Collection.class.isAssignableFrom(credentials.getClass())) { final Collection multiValueCredentials = (Collection) credentials; if (multiValueCredentials.contains(principal)) { successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails); } + } else if (principal.equals(credentials)) { + successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails); } - + return successAuthentication; } diff --git a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java index dc99df7e7..59605b76d 100644 --- a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java +++ b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java @@ -8,7 +8,10 @@ */ package org.eclipse.hawkbit.security; -import static org.junit.Assert.*; + +//import static org.junit.Assert.*; +import static org.fest.assertions.api.Assertions.assertThat; +import static org.junit.Assert.assertEquals; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.when; @@ -75,7 +78,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) .thenReturn(CONFIG_VALUE_SINGLE_HASH); - assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken)); + assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull(); } @Test @@ -88,7 +91,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) .thenReturn(CONFIG_VALUE_MULTI_HASH); - assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken)); + assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull(); } @Test @@ -101,7 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) .thenReturn(CONFIG_VALUE_MULTI_HASH); - assertNull(underTest.getPreAuthenticatedPrincipal(securityToken)); + assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull(); + ; } @Test @@ -119,7 +123,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1"); Collection credentials = (Collection) underTest .getPreAuthenticatedCredentials(securityToken); - assertTrue(credentials.contains(expected)); + assertThat(credentials.contains(expected)).isTrue(); Object principal = underTest.getPreAuthenticatedPrincipal(securityToken); assertEquals(expected, principal); @@ -128,7 +132,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2"); expected = new HeaderAuthentication("box1", "hash2"); credentials = (Collection) underTest.getPreAuthenticatedCredentials(securityToken); - assertTrue(credentials.contains(expected)); + assertThat(credentials.contains(expected)).isTrue(); principal = underTest.getPreAuthenticatedPrincipal(securityToken); assertEquals(expected, principal);