From 6ad20252ba2863edba6bcfebe866df052215f45f Mon Sep 17 00:00:00 2001 From: Avgustin Marinov Date: Tue, 14 Oct 2025 17:28:57 +0300 Subject: [PATCH] Refactor UserAuthoritiesResolver - to run in tenant context (#2756) Signed-off-by: Avgustin Marinov --- .../tenancy/UserAuthoritiesResolver.java | 5 ++--- .../repository/test/TestConfiguration.java | 2 +- .../InMemoryUserAuthoritiesResolver.java | 2 +- .../security/SecurityContextTenantAware.java | 21 +++++-------------- 4 files changed, 9 insertions(+), 21 deletions(-) diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java index 4a8c23a20..3b6a4e382 100644 --- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java +++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/tenancy/UserAuthoritiesResolver.java @@ -18,11 +18,10 @@ import java.util.Collection; public interface UserAuthoritiesResolver { /** - * User authorities/roles lookup based on the tenant and the username + * User authorities/roles lookup based on the username and the tenant context * - * @param tenant The tenant that this user belongs to * @param username The username of the user * @return a {@link Collection} of authorities/roles for this user */ - Collection getUserAuthorities(String tenant, String username); + Collection getUserAuthorities(String username); } \ No newline at end of file diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java index 1336efbad..cf8f63a3d 100644 --- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java +++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/TestConfiguration.java @@ -141,7 +141,7 @@ public class TestConfiguration implements AsyncConfigurer { @Bean UserAuthoritiesResolver authoritiesResolver() { - return (tenant, username) -> Collections.emptyList(); + return username -> Collections.emptyList(); } @Bean diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java index eb21431a4..97d00b303 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/InMemoryUserAuthoritiesResolver.java @@ -33,7 +33,7 @@ public class InMemoryUserAuthoritiesResolver implements UserAuthoritiesResolver } @Override - public Collection getUserAuthorities(final String tenant, final String username) { + public Collection getUserAuthorities(final String username) { // we can ignore the tenant here (no multi-tenancy by default) final Collection authorities = usernamesToAuthorities.get(username); if (authorities == null) { diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java index 31be06859..5cca8b524 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityContextTenantAware.java @@ -66,8 +66,7 @@ public class SecurityContextTenantAware implements ContextAware { * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s. */ public SecurityContextTenantAware( - final UserAuthoritiesResolver authoritiesResolver, - @Nullable final SecurityContextSerializer securityContextSerializer) { + final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer) { this(authoritiesResolver, securityContextSerializer, null); } @@ -78,8 +77,7 @@ public class SecurityContextTenantAware implements ContextAware { * @param securityContextSerializer Serializer that is used to serialize / deserialize {@link SecurityContext}s. */ public SecurityContextTenantAware( - final UserAuthoritiesResolver authoritiesResolver, - @Nullable final SecurityContextSerializer securityContextSerializer, + final UserAuthoritiesResolver authoritiesResolver, @Nullable final SecurityContextSerializer securityContextSerializer, @Nullable final TenantResolver tenantResolver) { this.authoritiesResolver = authoritiesResolver; this.securityContextSerializer = securityContextSerializer == null ? SecurityContextSerializer.NOP : securityContextSerializer; @@ -125,8 +123,9 @@ public class SecurityContextTenantAware implements ContextAware { Objects.requireNonNull(tenant); Objects.requireNonNull(username); - final List authorities = runAsSystem( - () -> authoritiesResolver.getUserAuthorities(tenant, username).stream() + final List authorities = runAsTenant( + tenant, + () -> authoritiesResolver.getUserAuthorities(username).stream() .map(SimpleGrantedAuthority::new) .toList()); runInContext(buildUserSecurityContext(tenant, username, authorities), () -> { @@ -164,16 +163,6 @@ public class SecurityContextTenantAware implements ContextAware { } } - private static T runAsSystem(final Callable callable) { - final SecurityContext currentContext = SecurityContextHolder.getContext(); - SystemSecurityContext.setSystemContext(currentContext); - try { - return MdcHandler.getInstance().callWithAuthRE(callable); - } finally { - SecurityContextHolder.setContext(currentContext); - } - } - private static SecurityContext buildUserSecurityContext( final String tenant, final String username, final Collection authorities) { final SecurityContext securityContext = SecurityContextHolder.createEmptyContext();