Refactor auto config and detail service
Signed-off-by: SirWayne <dennis.melzer@bosch-si.com>
This commit is contained in:
@@ -0,0 +1,98 @@
|
|||||||
|
package org.eclipse.hawkbit.autoconfigure.security;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
import org.eclipse.hawkbit.im.authentication.MultitenancyIndicator;
|
||||||
|
import org.eclipse.hawkbit.im.authentication.PermissionUtils;
|
||||||
|
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||||
|
import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||||
|
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Auto-configuration for the in-memory-user-management.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
@ConditionalOnMissingBean(UserDetailsService.class)
|
||||||
|
public class InMemoryUserManagementConfiguration extends GlobalAuthenticationConfigurerAdapter {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AuthenticationConfiguration configuration;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||||
|
final DaoAuthenticationProvider userDaoAuthenticationProvider = new TenantDaoAuthenticationProvider();
|
||||||
|
userDaoAuthenticationProvider.setUserDetailsService(userDetailsService());
|
||||||
|
auth.authenticationProvider(userDaoAuthenticationProvider);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the user details service to load a user from memory user manager.
|
||||||
|
*/
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean
|
||||||
|
public UserDetailsService userDetailsService() {
|
||||||
|
final InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager(new ArrayList<>());
|
||||||
|
inMemoryUserDetailsManager.setAuthenticationManager(null);
|
||||||
|
inMemoryUserDetailsManager.createUser(new User("admin", "admin", PermissionUtils.createAllAuthorityList()));
|
||||||
|
return inMemoryUserDetailsManager;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the multi-tenancy indicator to disallow multi-tenancy
|
||||||
|
*/
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean
|
||||||
|
public MultitenancyIndicator multiTenancyIndicator() {
|
||||||
|
return () -> false;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static class TenantDaoAuthenticationProvider extends DaoAuthenticationProvider {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected Authentication createSuccessAuthentication(final Object principal,
|
||||||
|
final Authentication authentication, final UserDetails user) {
|
||||||
|
final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
|
||||||
|
authentication.getCredentials(), user.getAuthorities());
|
||||||
|
result.setDetails(new TenantAwareAuthenticationDetails("DEFAULT", false));
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the {@link UserAuthenticationFilter} to include into the SP
|
||||||
|
* security configuration.
|
||||||
|
* @throws Exception
|
||||||
|
* lazy bean exception maybe if the authentication manager
|
||||||
|
* cannot be instantiated
|
||||||
|
*/
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean
|
||||||
|
public UserAuthenticationFilter userAuthenticationFilter() throws Exception {
|
||||||
|
return new UserAuthenticationFilterBasicAuth(configuration.getAuthenticationManager());
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final class UserAuthenticationFilterBasicAuth extends BasicAuthenticationFilter
|
||||||
|
implements UserAuthenticationFilter {
|
||||||
|
|
||||||
|
private UserAuthenticationFilterBasicAuth(final AuthenticationManager authenticationManager) {
|
||||||
|
super(authenticationManager);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -8,36 +8,17 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.autoconfigure.security;
|
package org.eclipse.hawkbit.autoconfigure.security;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
|
|
||||||
import org.eclipse.hawkbit.im.authentication.MultitenancyIndicator;
|
|
||||||
import org.eclipse.hawkbit.im.authentication.PermissionService;
|
import org.eclipse.hawkbit.im.authentication.PermissionService;
|
||||||
import org.eclipse.hawkbit.im.authentication.PermissionUtils;
|
|
||||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
|
||||||
import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter;
|
|
||||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||||
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
|
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
|
||||||
import org.eclipse.hawkbit.security.SpringSecurityAuditorAware;
|
import org.eclipse.hawkbit.security.SpringSecurityAuditorAware;
|
||||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.data.domain.AuditorAware;
|
import org.springframework.data.domain.AuditorAware;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
||||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
|
||||||
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@link EnableAutoConfiguration Auto-configuration} for security.
|
* {@link EnableAutoConfiguration Auto-configuration} for security.
|
||||||
@@ -81,95 +62,4 @@ public class SecurityAutoConfiguration {
|
|||||||
return new SpringSecurityAuditorAware();
|
return new SpringSecurityAuditorAware();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Auto-configuration for the in-memory-user-management.
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@Configuration
|
|
||||||
@ConditionalOnMissingBean(value = { UserAuthenticationFilter.class })
|
|
||||||
public static class InMemoryUserManagementConfiguration extends GlobalAuthenticationConfigurerAdapter {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private AuthenticationConfiguration configuration;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* (non-Javadoc)
|
|
||||||
*
|
|
||||||
* @see org.springframework.security.config.annotation.authentication.
|
|
||||||
* configurers. GlobalAuthenticationConfigurerAdapter
|
|
||||||
* #configure(org.springframework.security.config.annotation.
|
|
||||||
* authentication.builders.AuthenticationManagerBuilder)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
|
||||||
final DaoAuthenticationProvider userDaoAuthenticationProvider = new TenantDaoAuthenticationProvider();
|
|
||||||
userDaoAuthenticationProvider.setUserDetailsService(userDetailsService());
|
|
||||||
auth.authenticationProvider(userDaoAuthenticationProvider);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the user details service to load a user from memory user
|
|
||||||
* manager.
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public UserDetailsService userDetailsService() {
|
|
||||||
final InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager(
|
|
||||||
new ArrayList<>());
|
|
||||||
inMemoryUserDetailsManager.setAuthenticationManager(null);
|
|
||||||
inMemoryUserDetailsManager.createUser(new User("admin", "admin", PermissionUtils.createAllAuthorityList()));
|
|
||||||
return inMemoryUserDetailsManager;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the multi-tenancy indicator to disallow multi-tenancy
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public MultitenancyIndicator multiTenancyIndicator() {
|
|
||||||
return () -> false;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static class TenantDaoAuthenticationProvider extends DaoAuthenticationProvider {
|
|
||||||
/*
|
|
||||||
* (non-Javadoc)
|
|
||||||
*
|
|
||||||
* @see org.springframework.security.authentication.dao.
|
|
||||||
* AbstractUserDetailsAuthenticationProvider
|
|
||||||
* #createSuccessAuthentication(java.lang.Object,
|
|
||||||
* org.springframework.security.core.Authentication,
|
|
||||||
* org.springframework.security.core.userdetails.UserDetails)
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
protected Authentication createSuccessAuthentication(final Object principal,
|
|
||||||
final Authentication authentication, final UserDetails user) {
|
|
||||||
final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
|
|
||||||
authentication.getCredentials(), user.getAuthorities());
|
|
||||||
result.setDetails(new TenantAwareAuthenticationDetails("DEFAULT", false));
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the {@link UserAuthenticationFilter} to include into the SP
|
|
||||||
* security configuration.
|
|
||||||
* @throws Exception
|
|
||||||
* lazy bean exception maybe if the authentication manager
|
|
||||||
* cannot be instantiated
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public UserAuthenticationFilter userAuthenticationFilter() throws Exception {
|
|
||||||
return new UserAuthenticationFilterBasicAuth(configuration.getAuthenticationManager());
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final class UserAuthenticationFilterBasicAuth extends BasicAuthenticationFilter
|
|
||||||
implements UserAuthenticationFilter {
|
|
||||||
|
|
||||||
private UserAuthenticationFilterBasicAuth(final AuthenticationManager authenticationManager) {
|
|
||||||
super(authenticationManager);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,4 +11,5 @@ org.eclipse.hawkbit.autoconfigure.eventbus.EventBusAutoConfiguration,\
|
|||||||
org.eclipse.hawkbit.autoconfigure.scheduling.AsyncConfigurerAutoConfiguration,\
|
org.eclipse.hawkbit.autoconfigure.scheduling.AsyncConfigurerAutoConfiguration,\
|
||||||
org.eclipse.hawkbit.autoconfigure.cache.RedisAutoConfiguration,\
|
org.eclipse.hawkbit.autoconfigure.cache.RedisAutoConfiguration,\
|
||||||
org.eclipse.hawkbit.autoconfigure.scheduling.ExecutorAutoConfiguration,\
|
org.eclipse.hawkbit.autoconfigure.scheduling.ExecutorAutoConfiguration,\
|
||||||
org.eclipse.hawkbit.autoconfigure.amqp.AmqpAutoConfiguration
|
org.eclipse.hawkbit.autoconfigure.amqp.AmqpAutoConfiguration,\
|
||||||
|
org.eclipse.hawkbit.autoconfigure.security.InMemoryUserManagementConfiguration
|
||||||
|
|||||||
@@ -175,11 +175,7 @@ public final class UserDetailsFormatter {
|
|||||||
private static UserDetails loadUserByUsername(final String username) {
|
private static UserDetails loadUserByUsername(final String username) {
|
||||||
final UserDetailsService userDetailsService = SpringContextHelper.getBean(UserDetailsService.class);
|
final UserDetailsService userDetailsService = SpringContextHelper.getBean(UserDetailsService.class);
|
||||||
try {
|
try {
|
||||||
final UserDetails loadUserByUsername = userDetailsService.loadUserByUsername(username);
|
return userDetailsService.loadUserByUsername(username);
|
||||||
if (loadUserByUsername == null) {
|
|
||||||
throw new UsernameNotFoundException("User not found " + username);
|
|
||||||
}
|
|
||||||
return loadUserByUsername;
|
|
||||||
} catch (final UsernameNotFoundException e) {
|
} catch (final UsernameNotFoundException e) {
|
||||||
return new User(username, "", Collections.emptyList());
|
return new User(username, "", Collections.emptyList());
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user