Host header attack implementation improvements and tests

Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>

hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java

@@ -35,8 +35,17 @@ public class HawkbitSecurityProperties {
      */
     private boolean requireSsl;
 
+    /**
+     * With this property a list of allowed hostnames can be configured. All
+     * requests with different Host headers will be rejected.
+     */
     private List<String> allowedHostNames;
 
+    /**
+     * Add paths that will be ignored by {@link StrictHttpFirewall}.
+     */
+    private List<String> httpFirewallIgnoredPaths;
+
     /**
      * Basic authentication realm, see
      * https://tools.ietf.org/html/rfc2617#page-3 .
@@ -59,6 +68,14 @@ public class HawkbitSecurityProperties {
         this.allowedHostNames = allowedHostNames;
     }
 
+    public List<String> getHttpFirewallIgnoredPaths() {
+        return httpFirewallIgnoredPaths;
+    }
+
+    public void setHttpFirewallIgnoredPaths(final List<String> httpFirewallIgnoredPaths) {
+        this.httpFirewallIgnoredPaths = httpFirewallIgnoredPaths;
+    }
+
     public String getBasicRealm() {
         return basicRealm;
     }