Merge branch 'master' into feature_boot_13_sec_41
Conflicts: hawkbit-artifact-repository-mongo/src/test/java/org/eclipse/hawkbit/artifact/FreePortFileWriter.java hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/FreePortFileWriter.java Signed-off-by: Kai Zimmermann <kai.zimmermann@bosch-si.com>
This commit is contained in:
@@ -185,18 +185,22 @@ public final class SpPermission {
|
||||
field.setAccessible(true);
|
||||
try {
|
||||
final String role = (String) field.get(null);
|
||||
if (!(exclusionRoles.contains(role))) {
|
||||
allPermissions.add(role);
|
||||
}
|
||||
addIfNotExcluded(exclusionRoles, allPermissions, role);
|
||||
} catch (final IllegalAccessException e) {
|
||||
LOGGER.error(e.getMessage(), e);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
return allPermissions;
|
||||
}
|
||||
|
||||
private static void addIfNotExcluded(final Collection<String> exclusionRoles, final List<String> allPermissions,
|
||||
final String role) {
|
||||
if (!(exclusionRoles.contains(role))) {
|
||||
allPermissions.add(role);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Contains all the spring security evaluation expressions for the
|
||||
* {@link PreAuthorize} annotation for method security.
|
||||
@@ -290,6 +294,14 @@ public final class SpPermission {
|
||||
public static final String HAS_AUTH_READ_TARGET = HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX + HAS_AUTH_OR
|
||||
+ IS_SYSTEM_CODE;
|
||||
|
||||
/**
|
||||
* Spring security eval hasAuthority expression to check if spring
|
||||
* context contains {@link SpPermission#READ_TARGET_SEC_TOKEN} or
|
||||
* {@link #IS_SYSTEM_CODE}.
|
||||
*/
|
||||
public static final String HAS_AUTH_READ_TARGET_SEC_TOKEN = HAS_AUTH_PREFIX + READ_TARGET_SEC_TOKEN
|
||||
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
|
||||
|
||||
/**
|
||||
* Spring security eval hasAuthority expression to check if spring
|
||||
* context contains {@link SpPermission#CREATE_TARGET} or
|
||||
|
||||
@@ -51,7 +51,9 @@ public interface UserAuthenticationFilter {
|
||||
* @throws ServletException
|
||||
* servlet exception
|
||||
*/
|
||||
|
||||
// this declaration of multiple checked exception is necessary so it's
|
||||
// aligned with the servlet API.
|
||||
@SuppressWarnings("squid:S1160")
|
||||
void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException;
|
||||
|
||||
|
||||
@@ -28,11 +28,6 @@ import org.springframework.security.core.context.SecurityContextImpl;
|
||||
*/
|
||||
public class SecurityContextTenantAware implements TenantAware {
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
* @see org.eclipse.hawkbit.server.tenancy.TenantAware#getCurrentTenantId()
|
||||
*/
|
||||
@Override
|
||||
public String getCurrentTenant() {
|
||||
final SecurityContext context = SecurityContextHolder.getContext();
|
||||
@@ -56,7 +51,7 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
}
|
||||
}
|
||||
|
||||
private SecurityContext buildSecurityContext(final String tenant) {
|
||||
private static SecurityContext buildSecurityContext(final String tenant) {
|
||||
final SecurityContextImpl securityContext = new SecurityContextImpl();
|
||||
securityContext.setAuthentication(
|
||||
new AuthenticationDelegate(SecurityContextHolder.getContext().getAuthentication(), tenant));
|
||||
@@ -68,7 +63,7 @@ public class SecurityContextTenantAware implements TenantAware {
|
||||
* {@link Authentication} object except setting the details specifically for
|
||||
* a specific tenant.
|
||||
*/
|
||||
private class AuthenticationDelegate implements Authentication {
|
||||
private static final class AuthenticationDelegate implements Authentication {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final Authentication delegate;
|
||||
|
||||
@@ -29,12 +29,12 @@ import org.springframework.stereotype.Service;
|
||||
import com.google.common.base.Throwables;
|
||||
|
||||
/**
|
||||
*
|
||||
* A Service which provide to run system code.
|
||||
*/
|
||||
@Service
|
||||
public class SystemSecurityContext {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(SystemSecurityContext.class);
|
||||
private static final Logger LOG = LoggerFactory.getLogger(SystemSecurityContext.class);
|
||||
|
||||
private final TenantAware tenantAware;
|
||||
|
||||
@@ -96,19 +96,21 @@ public class SystemSecurityContext {
|
||||
public <T> T runAsSystemAsTenant(final Callable<T> callable, final String tenant) {
|
||||
final SecurityContext oldContext = SecurityContextHolder.getContext();
|
||||
try {
|
||||
logger.debug("entering system code execution");
|
||||
LOG.debug("entering system code execution");
|
||||
return tenantAware.runAsTenant(tenant, () -> {
|
||||
try {
|
||||
setSystemContext(SecurityContextHolder.getContext());
|
||||
return callable.call();
|
||||
} catch (final Exception e) {
|
||||
// The callable API throws a Exception and not a specific
|
||||
// one
|
||||
} catch (@SuppressWarnings("squid:S2221") final Exception e) {
|
||||
throw Throwables.propagate(e);
|
||||
}
|
||||
});
|
||||
|
||||
} finally {
|
||||
SecurityContextHolder.setContext(oldContext);
|
||||
logger.debug("leaving system code execution");
|
||||
LOG.debug("leaving system code execution");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -134,7 +136,7 @@ public class SystemSecurityContext {
|
||||
* {@link SpringEvalExpressions#SYSTEM_ROLE} which is allowed to execute all
|
||||
* secured methods.
|
||||
*/
|
||||
public static class SystemCodeAuthentication implements Authentication {
|
||||
public static final class SystemCodeAuthentication implements Authentication {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
private static final List<SimpleGrantedAuthority> AUTHORITIES = Collections
|
||||
|
||||
Reference in New Issue
Block a user