Refactor UserAuthoritiesResolver - to run in tenant context (#2756)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-10-14 17:28:57 +03:00
parent 04cd9fb30d
commit 6ad20252ba
4 changed files with 9 additions and 21 deletions
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java
@@ -18,11 +18,10 @@ import java.util.Collection;
 public interface UserAuthoritiesResolver {

    /**
-     * User authorities/roles lookup based on the tenant and the username
+     * User authorities/roles lookup based on the username and the tenant context
     *
-     * @param tenant The tenant that this user belongs to
     * @param username The username of the user
     * @return a {@link Collection} of authorities/roles for this user
     */
-    Collection<String> getUserAuthorities(String tenant, String username);
+    Collection<String> getUserAuthorities(String username);
 }
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java
@@ -141,7 +141,7 @@ public class TestConfiguration implements AsyncConfigurer {

    @Bean
    UserAuthoritiesResolver authoritiesResolver() {
-        return (tenant, username) -> Collections.emptyList();
+        return username -> Collections.emptyList();
    }

    @Bean
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java
@@ -33,7 +33,7 @@ public class InMemoryUserAuthoritiesResolver implements UserAuthoritiesResolver
    }

    @Override
-    public Collection<String> getUserAuthorities(final String tenant, final String username) {
+    public Collection<String> getUserAuthorities(final String username) {
        // we can ignore the tenant here (no multi-tenancy by default)
        final Collection<String> authorities = usernamesToAuthorities.get(username);
        if (authorities == null) {
--- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java
+++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java
@@ -66,8 +66,7 @@ public class SecurityContextTenantAware implements ContextAware {
     * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
     */
    public SecurityContextTenantAware(
-            final UserAuthoritiesResolver authoritiesResolver,
-            @Nullable final SecurityContextSerializer securityContextSerializer) {
+            final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer) {
        this(authoritiesResolver, securityContextSerializer, null);
    }

@@ -78,8 +77,7 @@ public class SecurityContextTenantAware implements ContextAware {
     * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s.
     */
    public SecurityContextTenantAware(
-            final UserAuthoritiesResolver authoritiesResolver,
-            @Nullable final SecurityContextSerializer securityContextSerializer,
+            final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer,
            @Nullable final TenantResolver tenantResolver) {
        this.authoritiesResolver = authoritiesResolver;
        this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer;
@@ -125,8 +123,9 @@ public class SecurityContextTenantAware implements ContextAware {
        Objects.requireNonNull(tenant);
        Objects.requireNonNull(username);

-        final List<SimpleGrantedAuthority> authorities = runAsSystem(
-                () -> authoritiesResolver.getUserAuthorities(tenant, username).stream()
+        final List<SimpleGrantedAuthority> authorities = runAsTenant(
+                tenant,
+                () -> authoritiesResolver.getUserAuthorities(username).stream()
                        .map(SimpleGrantedAuthority::new)
                        .toList());
        runInContext(buildUserSecurityContext(tenant, username, authorities), () -> {
@@ -164,16 +163,6 @@ public class SecurityContextTenantAware implements ContextAware {
        }
    }

-    private static <T> T runAsSystem(final Callable<T> callable) {
-        final SecurityContext currentContext = SecurityContextHolder.getContext();
-        SystemSecurityContext.setSystemContext(currentContext);
-        try {
-            return MdcHandler.getInstance().callWithAuthRE(callable);
-        } finally {
-            SecurityContextHolder.setContext(currentContext);
-        }
-    }
-
    private static SecurityContext buildUserSecurityContext(
            final String tenant, final String username, final Collection<? extends GrantedAuthority> authorities) {
        final SecurityContext securityContext = SecurityContextHolder.createEmptyContext();