Rename DMF model classes to avoid name clashes with the repository.
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
@@ -8,7 +8,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.slf4j.Logger;
|
||||
@@ -41,7 +41,7 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
|
||||
protected abstract String getTenantConfigurationKey();
|
||||
|
||||
@Override
|
||||
public boolean isEnable(final TenantSecurityToken secruityToken) {
|
||||
public boolean isEnable(final DmfTenantSecurityToken secruityToken) {
|
||||
return tenantAware.runAsTenant(secruityToken.getTenant(), configurationKeyTenantRunner);
|
||||
}
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.repository.model.Target;
|
||||
@@ -62,9 +62,9 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken secruityToken) {
|
||||
final String controllerId = resolveControllerId(secruityToken);
|
||||
final String authHeader = secruityToken.getHeader(TenantSecurityToken.AUTHORIZATION_HEADER);
|
||||
final String authHeader = secruityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER);
|
||||
if ((authHeader != null) && authHeader.startsWith(TARGET_SECURITY_TOKEN_AUTH_SCHEME)) {
|
||||
LOGGER.debug("found authorization header with scheme {} using target security token for authentication",
|
||||
TARGET_SECURITY_TOKEN_AUTH_SCHEME);
|
||||
@@ -77,7 +77,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final TenantSecurityToken securityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
|
||||
final Optional<Target> target = systemSecurityContext.runAsSystemAsTenant(() -> {
|
||||
if (securityToken.getTargetId() != null) {
|
||||
return controllerManagement.findByTargetId(securityToken.getTargetId());
|
||||
@@ -90,7 +90,7 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
|
||||
.orElse(null);
|
||||
}
|
||||
|
||||
private String resolveControllerId(final TenantSecurityToken securityToken) {
|
||||
private String resolveControllerId(final DmfTenantSecurityToken securityToken) {
|
||||
if (securityToken.getControllerId() != null) {
|
||||
return securityToken.getControllerId();
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
@@ -48,12 +48,12 @@ public class ControllerPreAuthenticatedAnonymousDownload extends AbstractControl
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken secruityToken) {
|
||||
return new HeaderAuthentication(secruityToken.getControllerId(), secruityToken.getControllerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken secruityToken) {
|
||||
return new HeaderAuthentication(secruityToken.getControllerId(), secruityToken.getControllerId());
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
|
||||
/**
|
||||
* An anonymous controller filter which is only enabled in case of anonymous
|
||||
@@ -30,17 +30,17 @@ public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthentific
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken secruityToken) {
|
||||
return new HeaderAuthentication(secruityToken.getControllerId(), secruityToken.getControllerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken secruityToken) {
|
||||
return new HeaderAuthentication(secruityToken.getControllerId(), secruityToken.getControllerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnable(final TenantSecurityToken secruityToken) {
|
||||
public boolean isEnable(final DmfTenantSecurityToken secruityToken) {
|
||||
return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled();
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
|
||||
@@ -56,8 +56,8 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
|
||||
final String authHeader = secruityToken.getHeader(TenantSecurityToken.AUTHORIZATION_HEADER);
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken secruityToken) {
|
||||
final String authHeader = secruityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER);
|
||||
if ((authHeader != null) && authHeader.startsWith(GATEWAY_SECURITY_TOKEN_AUTH_SCHEME)) {
|
||||
LOGGER.debug("found authorization header with scheme {} using target security token for authentication",
|
||||
GATEWAY_SECURITY_TOKEN_AUTH_SCHEME);
|
||||
@@ -71,7 +71,7 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken secruityToken) {
|
||||
final String gatewayToken = tenantAware.runAsTenant(secruityToken.getTenant(),
|
||||
gatewaySecurityTokenKeyConfigRunner);
|
||||
return new HeaderAuthentication(secruityToken.getControllerId(), gatewayToken);
|
||||
|
||||
@@ -12,7 +12,7 @@ import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
|
||||
@@ -22,7 +22,7 @@ import org.slf4j.LoggerFactory;
|
||||
/**
|
||||
* An pre-authenticated processing filter which extracts the principal from a
|
||||
* request URI and the credential from a request header in a the
|
||||
* {@link TenantSecurityToken}.
|
||||
* {@link DmfTenantSecurityToken}.
|
||||
*
|
||||
*/
|
||||
public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
|
||||
@@ -77,7 +77,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
|
||||
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken secruityToken) {
|
||||
// retrieve the common name header and the authority name header from
|
||||
// the http request and combine them together
|
||||
final String commonNameValue = secruityToken.getHeader(caCommonNameHeader);
|
||||
@@ -98,7 +98,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getPreAuthenticatedCredentials(final TenantSecurityToken secruityToken) {
|
||||
public Object getPreAuthenticatedCredentials(final DmfTenantSecurityToken secruityToken) {
|
||||
final String authorityNameConfigurationValue = tenantAware.runAsTenant(secruityToken.getTenant(),
|
||||
sslIssuerNameConfigTenantRunner);
|
||||
String controllerId = secruityToken.getControllerId();
|
||||
@@ -121,7 +121,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
||||
* It's ok if we find the the hash in any the trusted CA chain to accept
|
||||
* this request for this tenant.
|
||||
*/
|
||||
private String getIssuerHashHeader(final TenantSecurityToken secruityToken, final String knownIssuerHashes) {
|
||||
private String getIssuerHashHeader(final DmfTenantSecurityToken secruityToken, final String knownIssuerHashes) {
|
||||
// there may be several knownIssuerHashes configured for the tenant
|
||||
final List<String> knownHashes = splitMultiHashBySemicolon(knownIssuerHashes);
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ package org.eclipse.hawkbit.security;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
@@ -27,7 +27,7 @@ public interface PreAuthentificationFilter {
|
||||
* the secruity info
|
||||
* @return <true> is enabled <false> diabled
|
||||
*/
|
||||
boolean isEnable(TenantSecurityToken secruityToken);
|
||||
boolean isEnable(DmfTenantSecurityToken secruityToken);
|
||||
|
||||
/**
|
||||
* Extract the principal information from the current secruityToken.
|
||||
@@ -36,7 +36,7 @@ public interface PreAuthentificationFilter {
|
||||
* the secruityToken
|
||||
* @return the extracted tenant and controller id
|
||||
*/
|
||||
HeaderAuthentication getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken);
|
||||
HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken secruityToken);
|
||||
|
||||
/**
|
||||
* Extract the principal credentials from the current secruityToken.
|
||||
@@ -45,7 +45,7 @@ public interface PreAuthentificationFilter {
|
||||
* the secruityToken
|
||||
* @return the extracted tenant and controller id
|
||||
*/
|
||||
Object getPreAuthenticatedCredentials(TenantSecurityToken secruityToken);
|
||||
Object getPreAuthenticatedCredentials(DmfTenantSecurityToken secruityToken);
|
||||
|
||||
/**
|
||||
* Allows to add additional authorities to the successful authenticated
|
||||
|
||||
@@ -15,8 +15,8 @@ import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken.FileResource;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfTenantSecurityToken.FileResource;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
|
||||
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
|
||||
@@ -41,7 +41,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
private TenantConfigurationManagement tenantConfigurationManagementMock;
|
||||
|
||||
@Mock
|
||||
private TenantSecurityToken tenantSecurityTokenMock;
|
||||
private DmfTenantSecurityToken tenantSecurityTokenMock;
|
||||
|
||||
private final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware();
|
||||
|
||||
@@ -71,7 +71,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
@Test
|
||||
@Description("Tests the filter for issuer hash based authentication with a single known hash")
|
||||
public void testIssuerHashBasedAuthenticationWithSingleKnownHash() {
|
||||
final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
|
||||
final DmfTenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
|
||||
// use single known hash
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
@@ -82,7 +82,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
@Test
|
||||
@Description("Tests the filter for issuer hash based authentication with multiple known hashes")
|
||||
public void testIssuerHashBasedAuthenticationWithMultipleKnownHashes() {
|
||||
final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
|
||||
final DmfTenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
|
||||
// use multiple known hashes
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
@@ -93,7 +93,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
@Test
|
||||
@Description("Tests the filter for issuer hash based authentication with unknown hash")
|
||||
public void testIssuerHashBasedAuthenticationWithUnknownHash() {
|
||||
final TenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
|
||||
final DmfTenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
|
||||
// use single known hash
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
@@ -104,8 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
@Test
|
||||
@Description("Tests different values for issuer hash header and inspects the credentials")
|
||||
public void useDifferentValuesForIssuerHashHeader() {
|
||||
final TenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
|
||||
final TenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
|
||||
final DmfTenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
|
||||
final DmfTenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
|
||||
|
||||
final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH);
|
||||
final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH);
|
||||
@@ -130,8 +130,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
|
||||
}
|
||||
|
||||
private static TenantSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) {
|
||||
final TenantSecurityToken securityToken = new TenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE,
|
||||
private static DmfTenantSecurityToken prepareSecurityToken(final String issuerHashHeaderValue) {
|
||||
final DmfTenantSecurityToken securityToken = new DmfTenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE,
|
||||
FileResource.createFileResourceBySha1("12345"));
|
||||
securityToken.putHeader(CA_COMMON_NAME, CA_COMMON_NAME_VALUE);
|
||||
securityToken.putHeader(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue);
|
||||
|
||||
Reference in New Issue
Block a user