Swagger/Oauth add http bearer auth (#3118)
+ disable unsupported OAuth 2 flows Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -10,7 +10,7 @@
|
|||||||
package org.eclipse.hawkbit.mgmt.rest.resource;
|
package org.eclipse.hawkbit.mgmt.rest.resource;
|
||||||
|
|
||||||
import java.util.Comparator;
|
import java.util.Comparator;
|
||||||
import java.util.HashMap;
|
import java.util.LinkedHashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
@@ -43,6 +43,8 @@ public class MgmtOpenApiConfiguration {
|
|||||||
|
|
||||||
private static final String BASIC_AUTH_SEC_SCHEME_NAME = "Basic";
|
private static final String BASIC_AUTH_SEC_SCHEME_NAME = "Basic";
|
||||||
private static final String BEARER_AUTH_SEC_SCHEME_NAME = "Bearer";
|
private static final String BEARER_AUTH_SEC_SCHEME_NAME = "Bearer";
|
||||||
|
private static final String OAUTH2_AUTH_SEC_SCHEME_NAME = "OAuth2";
|
||||||
|
private static final String DESCRIPTION_SUFFIX = " Authentication";
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(
|
@ConditionalOnProperty(
|
||||||
@@ -54,28 +56,36 @@ public class MgmtOpenApiConfiguration {
|
|||||||
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
||||||
final HawkbitSecurityProperties hawkbitSecurityProperties
|
final HawkbitSecurityProperties hawkbitSecurityProperties
|
||||||
) {
|
) {
|
||||||
boolean oauth2Enabled = oauth2ResourceServerCustomizer != null;
|
final boolean oauth2Enabled = oauth2ResourceServerCustomizer != null;
|
||||||
Map<String, SecurityScheme> securitySchemeMap = new HashMap<>();
|
final Map<String, SecurityScheme> securitySchemeMap = new LinkedHashMap<>(); // linked map to keep the order
|
||||||
final SecurityRequirement securityRequirement = new SecurityRequirement();
|
final SecurityRequirement securityRequirement = new SecurityRequirement();
|
||||||
if (!oauth2Enabled || hawkbitSecurityProperties.isAllowHttpBasicOnOAuthEnabled()) {
|
if (!oauth2Enabled || hawkbitSecurityProperties.isAllowHttpBasicOnOAuthEnabled()) {
|
||||||
securityRequirement.addList(BASIC_AUTH_SEC_SCHEME_NAME);
|
securityRequirement.addList(BASIC_AUTH_SEC_SCHEME_NAME);
|
||||||
securitySchemeMap.put(BASIC_AUTH_SEC_SCHEME_NAME,
|
securitySchemeMap.put(BASIC_AUTH_SEC_SCHEME_NAME, new SecurityScheme()
|
||||||
new SecurityScheme()
|
.description(BASIC_AUTH_SEC_SCHEME_NAME + DESCRIPTION_SUFFIX)
|
||||||
.description(BASIC_AUTH_SEC_SCHEME_NAME + " Authentication")
|
.type(SecurityScheme.Type.HTTP)
|
||||||
.type(SecurityScheme.Type.HTTP)
|
.scheme("basic"));
|
||||||
.scheme("basic"));
|
|
||||||
}
|
}
|
||||||
if (oauth2Enabled) {
|
if (oauth2Enabled) {
|
||||||
securityRequirement.addList(BEARER_AUTH_SEC_SCHEME_NAME);
|
securityRequirement.addList(BEARER_AUTH_SEC_SCHEME_NAME);
|
||||||
securitySchemeMap.put(BEARER_AUTH_SEC_SCHEME_NAME,
|
securitySchemeMap.put(BEARER_AUTH_SEC_SCHEME_NAME, new SecurityScheme()
|
||||||
new SecurityScheme()
|
.description(BEARER_AUTH_SEC_SCHEME_NAME + DESCRIPTION_SUFFIX)
|
||||||
.description(BEARER_AUTH_SEC_SCHEME_NAME + " Authentication")
|
.type(SecurityScheme.Type.HTTP)
|
||||||
.type(SecurityScheme.Type.OAUTH2)
|
.bearerFormat("JWT")
|
||||||
.flows(new OAuthFlows()
|
.scheme("bearer"));
|
||||||
.authorizationCode(new OAuthFlow().authorizationUrl(authorizationUrl).tokenUrl(tokenUrl))
|
if (!tokenUrl.isBlank()) {
|
||||||
.clientCredentials(new OAuthFlow().tokenUrl(tokenUrl)))
|
securityRequirement.addList(BEARER_AUTH_SEC_SCHEME_NAME);
|
||||||
.bearerFormat("JWT")
|
securitySchemeMap.put(OAUTH2_AUTH_SEC_SCHEME_NAME, new SecurityScheme()
|
||||||
.scheme("bearer"));
|
.description(OAUTH2_AUTH_SEC_SCHEME_NAME + DESCRIPTION_SUFFIX)
|
||||||
|
.type(SecurityScheme.Type.OAUTH2)
|
||||||
|
.flows(authorizationUrl.isBlank()
|
||||||
|
? new OAuthFlows().clientCredentials(new OAuthFlow().tokenUrl(tokenUrl))
|
||||||
|
: new OAuthFlows()
|
||||||
|
.authorizationCode(new OAuthFlow().tokenUrl(tokenUrl).authorizationUrl(authorizationUrl))
|
||||||
|
.clientCredentials(new OAuthFlow().tokenUrl(tokenUrl)))
|
||||||
|
.bearerFormat("JWT")
|
||||||
|
.scheme("bearer"));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
return GroupedOpenApi
|
return GroupedOpenApi
|
||||||
@@ -99,10 +109,7 @@ public class MgmtOpenApiConfiguration {
|
|||||||
new Server().url("/"))
|
new Server().url("/"))
|
||||||
: List.of(new Server().url("/")))
|
: List.of(new Server().url("/")))
|
||||||
.addSecurityItem(securityRequirement)
|
.addSecurityItem(securityRequirement)
|
||||||
.components(
|
.components(openApi.getComponents().securitySchemes(securitySchemeMap))
|
||||||
openApi
|
|
||||||
.getComponents()
|
|
||||||
.securitySchemes(securitySchemeMap))
|
|
||||||
.tags(sort(openApi.getTags())))
|
.tags(sort(openApi.getTags())))
|
||||||
.build();
|
.build();
|
||||||
// @formatter:on
|
// @formatter:on
|
||||||
|
|||||||
Reference in New Issue
Block a user