diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DdiSecurityProperties.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DdiSecurityProperties.java index 016236e2a..305fb1570 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DdiSecurityProperties.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/DdiSecurityProperties.java @@ -48,12 +48,10 @@ public class DdiSecurityProperties { * HTTP header field for common name of a DDI target client certificate. */ private String cnHeader = "X-Ssl-Client-Cn"; - /** * HTTP header field for issuer hash of a DDI target client certificate. */ private String sslIssuerHashHeader = "X-Ssl-Issuer-Hash-%d"; - /** * List of trusted (reverse proxy) IP addresses for performing DDI * client certificate authentication. @@ -66,6 +64,7 @@ public class DdiSecurityProperties { */ @Data public static class Authentication { + private final Anonymous anonymous = new Anonymous(); private final Targettoken targettoken = new Targettoken(); private final Gatewaytoken gatewaytoken = new Gatewaytoken(); @@ -117,4 +116,4 @@ public class DdiSecurityProperties { private boolean enabled = false; } } -} +} \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java index 54779234d..a01c4f8ed 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java @@ -32,26 +32,21 @@ public class HawkbitSecurityProperties { * Content Security policy Header for Manager UI. */ private String contentSecurityPolicy; - /** * Secure access enforced. */ private boolean requireSsl; - /** * With this property a list of allowed hostnames can be configured. All * requests with different Host headers will be rejected. */ private List allowedHostNames; - /** - * Add paths that will be ignored by {@link StrictHttpFirewall}. + * Add paths that will be ignored by {@link org.springframework.security.web.firewall.StrictHttpFirewall}. */ private List httpFirewallIgnoredPaths; - /** - * Basic authentication realm, see - * https://tools.ietf.org/html/rfc2617#page-3 . + * Basic authentication realm, see https://tools.ietf.org/html/rfc2617#page-3 . */ private String basicRealm = "hawkBit"; @@ -65,22 +60,18 @@ public class HawkbitSecurityProperties { * Flag to enable CORS. */ private boolean enabled = false; - /** * Allowed origins for CORS. */ private List allowedOrigins = Collections.singletonList("http://localhost"); - /** * Allowed headers for CORS. */ private List allowedHeaders = Collections.singletonList("*"); - /** * Allowed methods for CORS. */ private List allowedMethods = Arrays.asList("DELETE", "GET", "POST", "PATCH", "PUT"); - /** * Exposed headers for CORS. */ @@ -94,17 +85,14 @@ public class HawkbitSecurityProperties { public static class Clients { public static final String X_FORWARDED_FOR = "X-Forwarded-For"; - /** * Blacklisted client (IP addresses) for for DDI and Management API. */ private String blacklist = ""; - /** * Name of the http header from which the remote ip is extracted. */ private String remoteIpHeader = X_FORWARDED_FOR; - /** * Set to true if DDI clients remote IP should be stored. */ @@ -122,84 +110,68 @@ public class HawkbitSecurityProperties { * an action (0 to disable). */ private int maxStatusEntriesPerAction = 1000; - /** * Maximum number of attributes that the controller can report; */ private int maxAttributeEntriesPerTarget = 100; - /** * Maximum number of allowed groups per Rollout. */ private int maxRolloutGroupsPerRollout = 500; - /** * Maximum number of messages per ActionStatus */ private int maxMessagesPerActionStatus = 50; - /** * Maximum number of meta data entries per software module */ private int maxMetaDataEntriesPerSoftwareModule = 100; - /** * Maximum number of meta data entries per distribution set */ private int maxMetaDataEntriesPerDistributionSet = 100; - /** * Maximum number of meta data entries per target */ private int maxMetaDataEntriesPerTarget = 100; - /** * Maximum number of software modules per distribution set */ private int maxSoftwareModulesPerDistributionSet = 100; - /** * Maximum number of software modules per distribution set */ private int maxSoftwareModuleTypesPerDistributionSetType = 50; - /** * Maximum number of artifacts per software module */ private int maxArtifactsPerSoftwareModule = 50; - /** * Maximum number of targets per rollout group */ private int maxTargetsPerRolloutGroup = 20000; - /** * Maximum number of overall actions targets per target */ private int maxActionsPerTarget = 2000; - /** * Maximum number of actions resulting from a manual assignment of * distribution sets and targets. Must be greater than 1000. */ private int maxTargetDistributionSetAssignmentsPerManualAssignment = 5000; - /** * Maximum number of targets for an automatic distribution set * assignment */ private int maxTargetsPerAutoAssignment = 20000; - /** * Maximum size of artifacts in bytes. Defaults to 1 GB. */ private long maxArtifactSize = 1_073_741_824; - /** * Maximum size of all artifacts in bytes. Defaults to 20 GB. */ private long maxArtifactStorage = 21_474_836_480L; - /** * Maximum number of distribution set types per target types */ @@ -220,19 +192,16 @@ public class HawkbitSecurityProperties { * True if filter is enabled. */ private boolean enabled = true; - /** * White list of peer IP addresses for DOS filter (regular * expression). */ private String whitelist = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; - /** * # Maximum number of allowed REST read/GET requests per second per * client IP. */ private int maxRead = 200; - /** * Maximum number of allowed REST write/(PUT/POST/etc.) requests per * second per client IP. @@ -240,4 +209,4 @@ public class HawkbitSecurityProperties { private int maxWrite = 50; } } -} +} \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java index 991dbbfaa..8060f8cc8 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityConstants.java @@ -9,17 +9,16 @@ */ package org.eclipse.hawkbit.security; +import lombok.NoArgsConstructor; + /** * Constants related to security. */ +@NoArgsConstructor public final class SecurityConstants { /** * Logger prefix used for security logging. */ public static final String SECURITY_LOG_PREFIX = "server-security"; - - private SecurityConstants() { - - } -} +} \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityTokenGenerator.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityTokenGenerator.java index 28064dc62..600480163 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityTokenGenerator.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SecurityTokenGenerator.java @@ -32,4 +32,4 @@ public class SecurityTokenGenerator { public String generateToken() { return new String(Hex.encode(SECURE_RANDOM.generateKey())); } -} +} \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SpringSecurityAuditorAware.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SpringSecurityAuditorAware.java index cda40e6aa..b12e9719e 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SpringSecurityAuditorAware.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SpringSecurityAuditorAware.java @@ -49,4 +49,4 @@ public class SpringSecurityAuditorAware implements AuditorAware { private static boolean isAuthenticationInvalid(final Authentication authentication) { return authentication == null || !authentication.isAuthenticated() || authentication.getPrincipal() == null; } -} +} \ No newline at end of file diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/IpUtil.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/IpUtil.java index 8fd8d2aec..65167042e 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/IpUtil.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/IpUtil.java @@ -16,13 +16,14 @@ import java.util.regex.Pattern; import jakarta.servlet.http.HttpServletRequest; +import lombok.NoArgsConstructor; import org.eclipse.hawkbit.security.HawkbitSecurityProperties; /** * A utility which determines the correct IP of a connected {@link Target}. E.g * from a {@link HttpServletRequest}. - * */ +@NoArgsConstructor // Exception squid:S2083 - false positive, file paths not handled here @SuppressWarnings("squid:S2083") public final class IpUtil { @@ -39,10 +40,6 @@ public final class IpUtil { // v6 address with [] amd (optionally) port private static final Pattern IPV6_ADDRESS_WITH_PORT_PATTERN = Pattern.compile("\\[(?
([0-9a-f]{1,4}:){7}([0-9a-f]){1,4})](:[0-9]{1,5})?"); - private IpUtil() { - - } - /** * Retrieves the string based IP address from a given * {@link HttpServletRequest} by either the configured {@link HawkbitSecurityProperties.Clients#getRemoteIpHeader()} diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/UrlUtils.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/UrlUtils.java index 992fe3aa3..77a4b5d30 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/UrlUtils.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/UrlUtils.java @@ -9,16 +9,14 @@ */ package org.eclipse.hawkbit.util; +import lombok.NoArgsConstructor; import org.springframework.web.util.UriUtils; import java.nio.charset.StandardCharsets; +@NoArgsConstructor public class UrlUtils { - private UrlUtils() { - // Util classes should not have public constructors - } - public static String decodeUriValue(String value) { return UriUtils.decode(value, StandardCharsets.UTF_8); }