Split repository API for module and DS management. Refactor utility usage (#524)
* Split DS management and reduce util usage. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Split sw module and type management. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Sonar issues. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Make sonar listen to the exception! Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Register both beans. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Split JPA implementations. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Revert user details change. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Fix compilation errors. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Fix bean queries. Fix image path. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Document preferred utility usage. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Fix exmaples and revert unintended checkin. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Code cleanup. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Typos, readibility. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Remove unused reference. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Rollouts cache delete aware. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Fix rolloutgroup delete event. Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com> * Add new RolloutGroupDeletedEvent event Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
@@ -25,8 +25,8 @@ import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import com.google.common.cache.Cache;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
import com.github.benmanes.caffeine.cache.Cache;
|
||||
import com.github.benmanes.caffeine.cache.Caffeine;
|
||||
|
||||
/**
|
||||
* Filter for protection against denial of service attacks. It reduces the
|
||||
@@ -42,10 +42,10 @@ public class DosFilter extends OncePerRequestFilter {
|
||||
|
||||
private final Pattern ipAdressBlacklist;
|
||||
|
||||
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder()
|
||||
private final Cache<String, AtomicInteger> readCountCache = Caffeine.newBuilder()
|
||||
.expireAfterAccess(1, TimeUnit.SECONDS).build();
|
||||
|
||||
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder()
|
||||
private final Cache<String, AtomicInteger> writeCountCache = Caffeine.newBuilder()
|
||||
.expireAfterAccess(1, TimeUnit.SECONDS).build();
|
||||
|
||||
private final int maxRead;
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
@@ -22,8 +23,6 @@ import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
|
||||
/**
|
||||
* A {@link TenantAware} implemenation which retrieves the ID of the tenant from
|
||||
* the {@link SecurityContext#getAuthentication()}
|
||||
@@ -40,7 +39,7 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
final Object principal = context.getAuthentication().getPrincipal();
|
||||
if (context.getAuthentication().getDetails() instanceof TenantAwareAuthenticationDetails) {
|
||||
return ((TenantAwareAuthenticationDetails) context.getAuthentication().getDetails()).getTenant();
|
||||
}else if (principal instanceof UserPrincipal) {
|
||||
} else if (principal instanceof UserPrincipal) {
|
||||
return ((UserPrincipal) principal).getTenant();
|
||||
}
|
||||
}
|
||||
@@ -74,13 +73,13 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private static final String SYSTEM_USER = "system";
|
||||
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Lists
|
||||
.newArrayList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
|
||||
private static final Collection<? extends GrantedAuthority> SYSTEM_AUTHORITIES = Arrays
|
||||
.asList(new SimpleGrantedAuthority(SpringEvalExpressions.SYSTEM_ROLE));
|
||||
private final Authentication delegate;
|
||||
|
||||
private final UserPrincipal systemPrincipal;
|
||||
|
||||
private TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
|
||||
private final TenantAwareAuthenticationDetails tenantAwareAuthenticationDetails;
|
||||
|
||||
private AuthenticationDelegate(final Authentication delegate, final String tenant) {
|
||||
this.delegate = delegate;
|
||||
|
||||
@@ -8,9 +8,9 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
|
||||
import org.springframework.security.crypto.keygen.KeyGenerators;
|
||||
|
||||
/**
|
||||
* A security token generator service which can be used to generate security
|
||||
@@ -19,18 +19,16 @@ import org.apache.commons.lang3.RandomStringUtils;
|
||||
*/
|
||||
public class SecurityTokenGenerator {
|
||||
|
||||
private static final boolean LETTERS_GENERATION = true;
|
||||
private static final boolean NUMBER_GENERATION = true;
|
||||
private static final int TOKEN_LENGTH = 32;
|
||||
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||
private static final int TOKEN_LENGTH = 16;
|
||||
private static final BytesKeyGenerator SECURE_RANDOM = KeyGenerators.secureRandom(TOKEN_LENGTH);
|
||||
|
||||
/**
|
||||
* Generates a random secure token of length {@link #TOKEN_LENGTH}
|
||||
* characters with alphanumeric characters {@code A-Z_a-z_0-9}.
|
||||
* Generates a random secure token of {@link #TOKEN_LENGTH} bytes length as
|
||||
* hexadecimal string.
|
||||
*
|
||||
* @return a new generated random alphanumeric string.
|
||||
*/
|
||||
public String generateToken() {
|
||||
return RandomStringUtils.random(TOKEN_LENGTH, 0, 0, LETTERS_GENERATION, NUMBER_GENERATION, null, SECURE_RANDOM);
|
||||
return new String(Hex.encode(SECURE_RANDOM.generateKey()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,8 +24,6 @@ import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
|
||||
import com.google.common.base.Throwables;
|
||||
|
||||
/**
|
||||
* A Service which provide to run system code.
|
||||
*/
|
||||
@@ -89,6 +87,8 @@ public class SystemSecurityContext {
|
||||
* the tenant to act as system code
|
||||
* @return the return value of the {@link Callable#call()} method.
|
||||
*/
|
||||
// The callable API throws a Exception and not a specific one
|
||||
@SuppressWarnings({ "squid:S2221", "squid:S00112" })
|
||||
public <T> T runAsSystemAsTenant(final Callable<T> callable, final String tenant) {
|
||||
final SecurityContext oldContext = SecurityContextHolder.getContext();
|
||||
try {
|
||||
@@ -97,10 +97,9 @@ public class SystemSecurityContext {
|
||||
try {
|
||||
setSystemContext(SecurityContextHolder.getContext());
|
||||
return callable.call();
|
||||
// The callable API throws a Exception and not a specific
|
||||
// one
|
||||
} catch (@SuppressWarnings("squid:S2221") final Exception e) {
|
||||
throw Throwables.propagate(e);
|
||||
|
||||
} catch (final Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -17,8 +17,6 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
||||
|
||||
import com.google.common.net.HttpHeaders;
|
||||
|
||||
/**
|
||||
* A utility which determines the correct IP of a connected {@link Target}. E.g
|
||||
* from a {@link HttpServletRequest}.
|
||||
|
||||
@@ -21,7 +21,6 @@ import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.eclipse.hawkbit.security.ExcludePathAwareShallowETagFilter;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the Eclipse Public License v1.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.eclipse.org/legal/epl-v10.html
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import ru.yandex.qatools.allure.annotations.Features;
|
||||
import ru.yandex.qatools.allure.annotations.Stories;
|
||||
|
||||
@Features("Unit Tests - Security")
|
||||
@Stories("SecurityToken Generator Test")
|
||||
public class SecurityTokenGeneratorTest {
|
||||
|
||||
// FIXME: figure what is this all about??
|
||||
@Test
|
||||
public void test() throws NoSuchAlgorithmException, UnsupportedEncodingException {
|
||||
final SecurityTokenGenerator securityTokenGenerator = new SecurityTokenGenerator();
|
||||
for (int index = 0; index < 1; index++) {
|
||||
System.out.println(securityTokenGenerator.generateToken());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user