Merge branch 'master' into feature_boot_13_sec_41

Conflicts:
	hawkbit-artifact-repository-mongo/src/test/java/org/eclipse/hawkbit/artifact/FreePortFileWriter.java
	hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/FreePortFileWriter.java


Signed-off-by: Kai Zimmermann <kai.zimmermann@bosch-si.com>
This commit is contained in:
Kai Zimmermann
2016-08-19 08:35:58 +02:00
211 changed files with 3171 additions and 2044 deletions

View File

@@ -185,18 +185,22 @@ public final class SpPermission {
field.setAccessible(true);
try {
final String role = (String) field.get(null);
if (!(exclusionRoles.contains(role))) {
allPermissions.add(role);
}
addIfNotExcluded(exclusionRoles, allPermissions, role);
} catch (final IllegalAccessException e) {
LOGGER.error(e.getMessage(), e);
}
}
}
return allPermissions;
}
private static void addIfNotExcluded(final Collection<String> exclusionRoles, final List<String> allPermissions,
final String role) {
if (!(exclusionRoles.contains(role))) {
allPermissions.add(role);
}
}
/**
* Contains all the spring security evaluation expressions for the
* {@link PreAuthorize} annotation for method security.
@@ -290,6 +294,14 @@ public final class SpPermission {
public static final String HAS_AUTH_READ_TARGET = HAS_AUTH_PREFIX + READ_TARGET + HAS_AUTH_SUFFIX + HAS_AUTH_OR
+ IS_SYSTEM_CODE;
/**
* Spring security eval hasAuthority expression to check if spring
* context contains {@link SpPermission#READ_TARGET_SEC_TOKEN} or
* {@link #IS_SYSTEM_CODE}.
*/
public static final String HAS_AUTH_READ_TARGET_SEC_TOKEN = HAS_AUTH_PREFIX + READ_TARGET_SEC_TOKEN
+ HAS_AUTH_SUFFIX + HAS_AUTH_OR + IS_SYSTEM_CODE;
/**
* Spring security eval hasAuthority expression to check if spring
* context contains {@link SpPermission#CREATE_TARGET} or

View File

@@ -51,7 +51,9 @@ public interface UserAuthenticationFilter {
* @throws ServletException
* servlet exception
*/
// this declaration of multiple checked exception is necessary so it's
// aligned with the servlet API.
@SuppressWarnings("squid:S1160")
void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException;

View File

@@ -28,11 +28,6 @@ import org.springframework.security.core.context.SecurityContextImpl;
*/
public class SecurityContextTenantAware implements TenantAware {
/*
* (non-Javadoc)
*
* @see org.eclipse.hawkbit.server.tenancy.TenantAware#getCurrentTenantId()
*/
@Override
public String getCurrentTenant() {
final SecurityContext context = SecurityContextHolder.getContext();
@@ -56,7 +51,7 @@ public class SecurityContextTenantAware implements TenantAware {
}
}
private SecurityContext buildSecurityContext(final String tenant) {
private static SecurityContext buildSecurityContext(final String tenant) {
final SecurityContextImpl securityContext = new SecurityContextImpl();
securityContext.setAuthentication(
new AuthenticationDelegate(SecurityContextHolder.getContext().getAuthentication(), tenant));
@@ -68,7 +63,7 @@ public class SecurityContextTenantAware implements TenantAware {
* {@link Authentication} object except setting the details specifically for
* a specific tenant.
*/
private class AuthenticationDelegate implements Authentication {
private static final class AuthenticationDelegate implements Authentication {
private static final long serialVersionUID = 1L;
private final Authentication delegate;

View File

@@ -29,12 +29,12 @@ import org.springframework.stereotype.Service;
import com.google.common.base.Throwables;
/**
*
* A Service which provide to run system code.
*/
@Service
public class SystemSecurityContext {
private static final Logger logger = LoggerFactory.getLogger(SystemSecurityContext.class);
private static final Logger LOG = LoggerFactory.getLogger(SystemSecurityContext.class);
private final TenantAware tenantAware;
@@ -96,19 +96,21 @@ public class SystemSecurityContext {
public <T> T runAsSystemAsTenant(final Callable<T> callable, final String tenant) {
final SecurityContext oldContext = SecurityContextHolder.getContext();
try {
logger.debug("entering system code execution");
LOG.debug("entering system code execution");
return tenantAware.runAsTenant(tenant, () -> {
try {
setSystemContext(SecurityContextHolder.getContext());
return callable.call();
} catch (final Exception e) {
// The callable API throws a Exception and not a specific
// one
} catch (@SuppressWarnings("squid:S2221") final Exception e) {
throw Throwables.propagate(e);
}
});
} finally {
SecurityContextHolder.setContext(oldContext);
logger.debug("leaving system code execution");
LOG.debug("leaving system code execution");
}
}
@@ -134,7 +136,7 @@ public class SystemSecurityContext {
* {@link SpringEvalExpressions#SYSTEM_ROLE} which is allowed to execute all
* secured methods.
*/
public static class SystemCodeAuthentication implements Authentication {
public static final class SystemCodeAuthentication implements Authentication {
private static final long serialVersionUID = 1L;
private static final List<SimpleGrantedAuthority> AUTHORITIES = Collections