Added Permission for TenantConfiguration changes

- created SpringEvalExpression for the right to change tenant configuration - added this authorization filter to every tenant configuration related method Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
2016-01-29 16:28:46 +01:00
parent ec79e9bd19
commit 6a88f2a3f4
2 changed files with 15 additions and 0 deletions
--- a/hawkbit-repository/src/main/java/org/eclipse/hawkbit/repository/TenantConfigurationManagement.java
+++ b/hawkbit-repository/src/main/java/org/eclipse/hawkbit/repository/TenantConfigurationManagement.java
@@ -1,5 +1,6 @@
 package org.eclipse.hawkbit.repository;

+import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.repository.model.TenantConfiguration;
 import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
 import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
@@ -14,6 +15,7 @@ import org.springframework.core.convert.support.ConfigurableConversionService;
 import org.springframework.core.convert.support.DefaultConversionService;
 import org.springframework.core.env.Environment;
 import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;

@@ -69,7 +71,9 @@ public class TenantConfigurationManagement implements EnvironmentAware {
     *             if the property cannot be converted to the given
     *             {@code propertyType}
     */
+
    @Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
+    @PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
    public <T> TenantConfigurationValue<T> getConfigurationValue(final TenantConfigurationKey configurationKey,
            final Class<T> propertyType) throws TenantConfigurationValidatorException {

@@ -116,6 +120,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
     *             if the property cannot be converted to the given
     *             {@code propertyType}
     */
+    @PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
    public TenantConfigurationValue<?> getConfigurationValue(final TenantConfigurationKey configurationKey)
            throws TenantConfigurationValidatorException {
        return getConfigurationValue(configurationKey, configurationKey.getDataType());
@@ -142,6 +147,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
     *             {@code propertyType}
     */
    @Cacheable(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
+    @PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
    public <T> T getGlobalConfigurationValue(final TenantConfigurationKey configurationKey, final Class<T> propertyType)
            throws TenantConfigurationValidatorException {

@@ -178,6 +184,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
    @CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
    @Transactional
    @Modifying
+    @PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
    public <T> TenantConfigurationValue<T> addOrUpdateConfiguration(final TenantConfigurationKey configurationKey,
            final T value) {

@@ -223,6 +230,7 @@ public class TenantConfigurationManagement implements EnvironmentAware {
    @CacheEvict(value = "tenantConfiguration", key = "#configurationKey.getKeyName()")
    @Transactional
    @Modifying
+    @PreAuthorize(value = SpringEvalExpressions.HAS_AUTH_TENANT_CONFIGURATION)
    public void deleteConfiguration(final TenantConfigurationKey configurationKey) {
        tenantConfigurationRepository.deleteByKey(configurationKey.getKeyName());
    }
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java
@@ -308,6 +308,13 @@ public final class SpPermission {
        public static final String HAS_AUTH_ROLLOUT_MANAGEMENT_WRITE = HAS_AUTH_PREFIX + ROLLOUT_MANAGEMENT
                + HAS_AUTH_SUFFIX + HAS_AUTH_AND + HAS_AUTH_PREFIX + UPDATE_TARGET + HAS_AUTH_SUFFIX;

+        /**
+         * Spring security eval hasAuthority expression to check if spring
+         * context contains {@link SpPermission#TENANT_CONFIGURATION}
+         */
+        public static final String HAS_AUTH_TENANT_CONFIGURATION = HAS_AUTH_PREFIX + TENANT_CONFIGURATION
+                + HAS_AUTH_SUFFIX;
+
        private SpringEvalExpressions() {
            // utility class
        }