Split repository API for module and DS management. Refactor utility usage (#524)

* Split DS management and reduce util usage.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Split sw module and type management.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Sonar issues.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Make sonar listen to the exception!

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Register both beans.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Split JPA implementations.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Revert user details change.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix compilation errors.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix bean queries. Fix image path.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Document preferred utility usage.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix exmaples and revert unintended checkin.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Code cleanup.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Typos, readibility.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Remove unused reference.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Rollouts cache delete aware.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Fix rolloutgroup delete event.

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>

* Add new RolloutGroupDeletedEvent event

Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
Kai Zimmermann
2017-06-01 06:28:59 +02:00
committed by GitHub
parent 0ab995d1a4
commit 67a4677ef6
203 changed files with 2738 additions and 2320 deletions

View File

@@ -25,8 +25,8 @@ import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.web.filter.OncePerRequestFilter;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
/**
* Filter for protection against denial of service attacks. It reduces the
@@ -42,10 +42,10 @@ public class DosFilter extends OncePerRequestFilter {
private final Pattern ipAdressBlacklist;
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder()
private final Cache<String, AtomicInteger> readCountCache = Caffeine.newBuilder()
.expireAfterAccess(1, TimeUnit.SECONDS).build();
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder()
private final Cache<String, AtomicInteger> writeCountCache = Caffeine.newBuilder()
.expireAfterAccess(1, TimeUnit.SECONDS).build();
private final int maxRead;

View File

@@ -8,6 +8,7 @@
*/
package org.eclipse.hawkbit.security;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -22,8 +23,6 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import com.google.common.collect.Lists;
/**
* A {@link TenantAware} implemenation which retrieves the ID of the tenant from
* the {@link SecurityContext#getAuthentication()}
@@ -40,7 +39,7 @@ public class SecurityContextTenantAware implements TenantAware {
final Object principal = context.getAuthentication().getPrincipal();
if (context.getAuthentication().getDetails() instanceof TenantAwareAuthenticationDetails) {
return ((TenantAwareAuthenticationDetails) context.getAuthentication().getDetails()).getTenant();
}else if (principal instanceof UserPrincipal) {
} else if (principal instanceof UserPrincipal) {
return ((UserPrincipal) principal).getTenant();
}
}
@@ -74,13 +73,13 @@ public class SecurityContextTenantAware implements TenantAware {
private static final long serialVersionUID = 1L;
private static final String SYSTEM_USER = "system";
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Lists
.newArrayList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Arrays
.asList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
private final Authentication delegate;
private final UserPrincipal systemPrincipal;
private TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
private final TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
private AuthenticationDelegate(final Authentication delegate, final String tenant) {
this.delegate = delegate;

View File

@@ -8,9 +8,9 @@
*/
package org.eclipse.hawkbit.security;
import java.security.SecureRandom;
import org.apache.commons.lang3.RandomStringUtils;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
/**
* A security token generator service which can be used to generate security
@@ -19,18 +19,16 @@ import org.apache.commons.lang3.RandomStringUtils;
*/
public class SecurityTokenGenerator {
private static final boolean LETTERS_GENERATION = true;
private static final boolean NUMBER_GENERATION = true;
private static final int TOKEN_LENGTH = 32;
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
private static final int TOKEN_LENGTH = 16;
private static final BytesKeyGenerator SECURE_RANDOM = KeyGenerators.secureRandom(TOKEN_LENGTH);
/**
* Generates a random secure token of length {@link #TOKEN_LENGTH}
* characters with alphanumeric characters {@code A-Z_a-z_0-9}.
* Generates a random secure token of {@link #TOKEN_LENGTH} bytes length as
* hexadecimal string.
*
* @return a new generated random alphanumeric string.
*/
public String generateToken() {
return RandomStringUtils.random(TOKEN_LENGTH, 0, 0, LETTERS_GENERATION, NUMBER_GENERATION, null, SECURE_RANDOM);
return new String(Hex.encode(SECURE_RANDOM.generateKey()));
}
}

View File

@@ -24,8 +24,6 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import com.google.common.base.Throwables;
/**
* A Service which provide to run system code.
*/
@@ -89,6 +87,8 @@ public class SystemSecurityContext {
* the tenant to act as system code
* @return the return value of the {@link Callable#call()} method.
*/
// The callable API throws a Exception and not a specific one
@SuppressWarnings({ "squid:S2221", "squid:S00112" })
public <T> T runAsSystemAsTenant(final Callable<T> callable, final String tenant) {
final SecurityContext oldContext = SecurityContextHolder.getContext();
try {
@@ -97,10 +97,9 @@ public class SystemSecurityContext {
try {
setSystemContext(SecurityContextHolder.getContext());
return callable.call();
// The callable API throws a Exception and not a specific
// one
} catch (@SuppressWarnings("squid:S2221") final Exception e) {
throw Throwables.propagate(e);
} catch (final Exception e) {
throw new RuntimeException(e);
}
});

View File

@@ -17,8 +17,6 @@ import javax.servlet.http.HttpServletRequest;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import com.google.common.net.HttpHeaders;
/**
* A utility which determines the correct IP of a connected {@link Target}. E.g
* from a {@link HttpServletRequest}.

View File

@@ -21,7 +21,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.hawkbit.security.ExcludePathAwareShallowETagFilter;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;

View File

@@ -1,32 +0,0 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.security;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import org.junit.Test;
import ru.yandex.qatools.allure.annotations.Features;
import ru.yandex.qatools.allure.annotations.Stories;
@Features("Unit Tests - Security")
@Stories("SecurityToken Generator Test")
public class SecurityTokenGeneratorTest {
// FIXME: figure what is this all about??
@Test
public void test() throws NoSuchAlgorithmException, UnsupportedEncodingException {
final SecurityTokenGenerator securityTokenGenerator = new SecurityTokenGenerator();
for (int index = 0; index < 1; index++) {
System.out.println(securityTokenGenerator.generateToken());
}
}
}