Splitting monolith app to micro services (#1490)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
50
hawkbit-runtime/hawkbit-mgmt-server/README.md
Normal file
50
hawkbit-runtime/hawkbit-mgmt-server/README.md
Normal file
@@ -0,0 +1,50 @@
|
||||
# hawkBit Management Server
|
||||
The hawkBit Management Server is a standalone spring-boot application with an embedded servlet container. It should be started with at least one (or both) of the device interface servers - hawkbit-ddi-server or/and hawkbit-dmf-server.
|
||||
|
||||
## On your own workstation
|
||||
|
||||
### Run
|
||||
|
||||
```bash
|
||||
java -jar hawkbit-runtime/hawkbit-mgmt-server/target/hawkbit-mgmt-server-*-SNAPSHOT.jar
|
||||
```
|
||||
|
||||
_(Note: you have to add the JDBC driver also to your class path if you intend to use another database than H2.)_
|
||||
|
||||
Or:
|
||||
|
||||
```bash
|
||||
run org.eclipse.hawkbit.app.mgmt.MgmtServerStart
|
||||
```
|
||||
|
||||
### Usage
|
||||
The Management API can be accessed via http://localhost:8080/rest/v1
|
||||
The root url http://localhost:8080 will redirect directly to the Swagger Management UI
|
||||
|
||||
### Clustering (Experimental!!!)
|
||||
The micro-service instances are configured to communicate via Spring Cloud Bus. You could run multiple instances of any micro-service but hawkbit-mgmt-server. Management server run some schedulers which shall not run simultaneously - e.g. auto assignment checker and rollouts executor. To run multiple management server instances you shall do some extensions of hawkbit to ensure that they wont run schedulers simultaneously or you shall configure all instances but one to do not run schedulers!
|
||||
|
||||
## Optional Protostuff for Sprign cloud bus
|
||||
The micro-service instances are configured to communicate via Spring Cloud Bus. Optionally, you could use [Protostuff](https://github.com/protostuff/protostuff) based message payload serialization for improved performance.
|
||||
|
||||
**Note**: If Protostuff is enabled it shall be enabled on all microservices!
|
||||
|
||||
Add/Uncomment to/in your `application.properties` :
|
||||
|
||||
```properties
|
||||
spring.cloud.stream.bindings.springCloudBusInput.content-type=application/binary+protostuff
|
||||
spring.cloud.stream.bindings.springCloudBusOutput.content-type=application/binary+protostuff
|
||||
```
|
||||
|
||||
Add to your `pom.xml` :
|
||||
|
||||
```xml
|
||||
<dependency>
|
||||
<groupId>io.protostuff</groupId>
|
||||
<artifactId>protostuff-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.protostuff</groupId>
|
||||
<artifactId>protostuff-runtime</artifactId>
|
||||
</dependency>
|
||||
```
|
||||
39
hawkbit-runtime/hawkbit-mgmt-server/pom.xml
Normal file
39
hawkbit-runtime/hawkbit-mgmt-server/pom.xml
Normal file
@@ -0,0 +1,39 @@
|
||||
<!--
|
||||
|
||||
Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
|
||||
This program and the accompanying materials are made
|
||||
available under the terms of the Eclipse Public License 2.0
|
||||
which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
|
||||
SPDX-License-Identifier: EPL-2.0
|
||||
|
||||
-->
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.eclipse.hawkbit</groupId>
|
||||
<artifactId>hawkbit-runtime-parent</artifactId>
|
||||
<version>${revision}</version>
|
||||
</parent>
|
||||
<artifactId>hawkbit-mgmt-server</artifactId>
|
||||
<name>hawkBit :: Runtime :: Management Server</name>
|
||||
|
||||
<properties>
|
||||
<spring.app.class>org.eclipse.hawkbit.app.mgmt.UpdateServerStart</spring.app.class>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.hawkbit</groupId>
|
||||
<artifactId>hawkbit-boot-starter-mgmt-api</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.cloud</groupId>
|
||||
<artifactId>spring-cloud-stream-binder-rabbit</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
@@ -0,0 +1,70 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.app.mgmt;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.boot.autoconfigure.web.ServerProperties;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController;
|
||||
import org.springframework.boot.web.servlet.error.ErrorAttributes;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
/**
|
||||
* Error page controller that ensures that ocet stream does not return text in
|
||||
* case of an error.
|
||||
*/
|
||||
@Controller
|
||||
// Exception squid:S3752 - errors need handling for all methods
|
||||
@SuppressWarnings("squid:S3752")
|
||||
public class ErrorController extends BasicErrorController {
|
||||
|
||||
private static final String PATH = "path";
|
||||
|
||||
/**
|
||||
* A new {@link ErrorController}.
|
||||
*
|
||||
* @param errorAttributes
|
||||
* the error attributes
|
||||
* @param serverProperties
|
||||
* configuration properties
|
||||
*/
|
||||
public ErrorController(final ErrorAttributes errorAttributes, final ServerProperties serverProperties) {
|
||||
super(errorAttributes, serverProperties.getError());
|
||||
}
|
||||
|
||||
@RequestMapping(produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
|
||||
public ResponseEntity<Void> errorStream(final HttpServletRequest request, final HttpServletResponse response) {
|
||||
final HttpStatus status = getStatus(request);
|
||||
return new ResponseEntity<>(status);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RequestMapping
|
||||
public ResponseEntity<Map<String, Object>> error(final HttpServletRequest request) {
|
||||
final HttpStatus status = getStatus(request);
|
||||
final Map<String, Object> body = getErrorAttributesWithoutPath(request);
|
||||
return new ResponseEntity<>(body, status);
|
||||
}
|
||||
|
||||
private Map<String, Object> getErrorAttributesWithoutPath(final HttpServletRequest request) {
|
||||
final Map<String, Object> body = getErrorAttributes(request, getErrorAttributeOptions(request, MediaType.ALL));
|
||||
if (body != null && body.containsKey(PATH)) {
|
||||
body.remove(PATH);
|
||||
}
|
||||
return body;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,49 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.app.mgmt;
|
||||
|
||||
import org.eclipse.hawkbit.autoconfigure.security.EnableHawkbitManagedSecurityConfiguration;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
|
||||
import org.springframework.web.servlet.view.RedirectView;
|
||||
|
||||
/**
|
||||
* A {@link SpringBootApplication} annotated class with a main method to start.
|
||||
* The minimal configuration for the stand alone hawkBit server.
|
||||
*
|
||||
*/
|
||||
@SpringBootApplication
|
||||
@EnableHawkbitManagedSecurityConfiguration
|
||||
public class MgmtServerStart {
|
||||
|
||||
/**
|
||||
* Main method to start the spring-boot application.
|
||||
*
|
||||
* @param args the VM arguments.
|
||||
*/
|
||||
public static void main(final String[] args) {
|
||||
SpringApplication.run(MgmtServerStart.class, args);
|
||||
}
|
||||
|
||||
@Controller
|
||||
public static class RedirectController {
|
||||
|
||||
@GetMapping("/")
|
||||
public RedirectView redirectToSwagger(
|
||||
RedirectAttributes attributes) {
|
||||
attributes.addFlashAttribute("flashAttribute", "redirectWithRedirectView");
|
||||
attributes.addAttribute("attribute", "redirectWithRedirectView");
|
||||
return new RedirectView("swagger-ui/index.html");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
#
|
||||
# Copyright (c) 2019 Bosch Software Innovations GmbH and others
|
||||
#
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
|
||||
# This profile adds basic configurations for a DB2 DB usage.
|
||||
# Keep in mind that you need the DB2 driver in your classpath on compile.
|
||||
# see https://www.eclipse.org/hawkbit/guides/runhawkbit/
|
||||
|
||||
spring.jpa.database=DB2
|
||||
spring.datasource.url=jdbc:db2://localhost:50000/hawkbit
|
||||
spring.datasource.username=db2inst1
|
||||
spring.datasource.password=db2inst1-pwd
|
||||
spring.datasource.driverClassName=com.ibm.db2.jcc.DB2Driver
|
||||
@@ -0,0 +1,19 @@
|
||||
#
|
||||
# Copyright (c) 2018 Bosch Software Innovations GmbH and others
|
||||
#
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
|
||||
# This profile adds basic configurations for a Microsoft SQL Server DB usage.
|
||||
# Keep in mind that you need the SQL server driver in your classpath on compile.
|
||||
# see https://www.eclipse.org/hawkbit/guides/runhawkbit/
|
||||
|
||||
spring.jpa.database=SQL_SERVER
|
||||
spring.datasource.url=jdbc:sqlserver://localhost:1433;database=hawkbit
|
||||
spring.datasource.username=SA
|
||||
spring.datasource.password=
|
||||
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
|
||||
@@ -0,0 +1,19 @@
|
||||
#
|
||||
# Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
#
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
|
||||
# This profile adds basic configurations for a MySQL DB usage.
|
||||
# Keep in mind that you need the MariaDB driver in your classpath on compile.
|
||||
# see https://www.eclipse.org/hawkbit/guides/runhawkbit/
|
||||
|
||||
spring.jpa.database=MYSQL
|
||||
spring.datasource.url=jdbc:mariadb://localhost:3306/hawkbit
|
||||
spring.datasource.username=root
|
||||
spring.datasource.password=
|
||||
spring.datasource.driverClassName=org.mariadb.jdbc.Driver
|
||||
@@ -0,0 +1,19 @@
|
||||
#
|
||||
# Copyright (c) 2020 Enapter Co.,Ltd
|
||||
#
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
|
||||
# This profile adds basic configurations for a PostgreSQL usage.
|
||||
# Keep in mind that you need the PostgreSQL driver in your classpath on compile.
|
||||
# see https://www.eclipse.org/hawkbit/guides/runhawkbit/
|
||||
|
||||
spring.jpa.database=POSTGRESQL
|
||||
spring.datasource.url=jdbc:postgresql://localhost:5432/hawkbit
|
||||
spring.datasource.username=postgres
|
||||
spring.datasource.password=admin
|
||||
spring.datasource.driverClassName=org.postgresql.Driver
|
||||
@@ -0,0 +1,72 @@
|
||||
#
|
||||
# Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
#
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
|
||||
spring.application.name=mgmt-server
|
||||
spring.port=8080
|
||||
|
||||
# User Security
|
||||
spring.security.user.name=admin
|
||||
spring.security.user.password={noop}admin
|
||||
spring.main.allow-bean-definition-overriding=true
|
||||
|
||||
# Http Encoding
|
||||
server.servlet.encoding.charset=UTF-8
|
||||
server.servlet.encoding.enabled=true
|
||||
server.servlet.encoding.force=true
|
||||
|
||||
# Optional events
|
||||
hawkbit.server.repository.publish-target-poll-event=false
|
||||
|
||||
## Configuration for DMF/RabbitMQ integration
|
||||
spring.rabbitmq.username=guest
|
||||
spring.rabbitmq.password=guest
|
||||
spring.rabbitmq.virtual-host=/
|
||||
spring.rabbitmq.host=localhost
|
||||
spring.rabbitmq.port=5672
|
||||
|
||||
# Define own users instead of default "admin" user:
|
||||
#hawkbit.server.im.users[0].username=hawkbit
|
||||
#hawkbit.server.im.users[0].password={noop}isAwesome!
|
||||
#hawkbit.server.im.users[0].firstname=Eclipse
|
||||
#hawkbit.server.im.users[0].lastname=HawkBit
|
||||
#hawkbit.server.im.users[0].permissions=ALL
|
||||
|
||||
# Enable CORS and specify the allowed origins:
|
||||
#hawkbit.server.security.cors.enabled=true
|
||||
#hawkbit.server.security.cors.allowedOrigins=http://localhost
|
||||
|
||||
hawkbit.server.swagger.mgmt.api.group.enabled=true
|
||||
hawkbit.server.swagger.ddi.api.group.enabled=false
|
||||
|
||||
# Swagger Configuration
|
||||
#springdoc.swagger-ui.path=/update-server-documentation
|
||||
#springdoc.api-docs.path=/update-server-api-docs
|
||||
springdoc.show-oauth2-endpoints=true
|
||||
springdoc.api-docs.version=openapi_3_0
|
||||
springdoc.show-login-endpoint=true
|
||||
springdoc.packages-to-scan=org.eclipse.hawkbit.mgmt
|
||||
springdoc.swagger-ui.oauth2RedirectUrl=/login/oauth2/code/suite
|
||||
springdoc.paths-to-exclude=/system/**
|
||||
|
||||
# Disable discovery client of spring-cloud-commons
|
||||
spring.cloud.discovery.enabled=false
|
||||
# Enable communication between services
|
||||
spring.cloud.bus.enabled=true
|
||||
spring.cloud.bus.ack.enabled=false
|
||||
spring.cloud.bus.refresh.enabled=false
|
||||
spring.cloud.bus.env.enabled=false
|
||||
endpoints.spring.cloud.bus.refresh.enabled=false
|
||||
endpoints.spring.cloud.bus.env.enabled=false
|
||||
spring.cloud.stream.bindings.springCloudBusInput.group=mgmt-server
|
||||
|
||||
# To use protostuff (for instance fot improved performance) you shall uncomment
|
||||
# the following two lines and add io.protostuff:protostuff-core and io.protostuff:protostuff-runtime to dependencies
|
||||
#spring.cloud.stream.bindings.springCloudBusInput.content-type=application/binary+protostuff
|
||||
#spring.cloud.stream.bindings.springCloudBusOutput.content-type=application/binary+protostuff
|
||||
@@ -0,0 +1,14 @@
|
||||
______ _ _ _ _ ____ _ _ __ __ _
|
||||
| ____| | (_) | | | | | _ \(_) | | \/ | | |
|
||||
| |__ ___| |_ _ __ ___ ___ | |__ __ ___ _| | _| |_) |_| |_ | \ / | __ _ _ __ ___ | |_
|
||||
| __| / __| | | '_ \/ __|/ _ \ | '_ \ / _` \ \ /\ / / |/ / _ <| | __| | |\/| |/ _` | '_ ` _ \| __|
|
||||
| |___| (__| | | |_) \__ \ __/ | | | | (_| |\ V V /| <| |_) | | |_ | | | | (_| | | | | | | |_
|
||||
|______\___|_|_| .__/|___/\___| |_| |_|\__,_| \_/\_/ |_|\_\____/|_|\__| |_| |_|\__, |_| |_| |_|\__|
|
||||
| | __/ |
|
||||
|_| |___/
|
||||
|
||||
Eclipse hawkBit Management Server ${application.formatted-version}
|
||||
using Spring Boot ${spring-boot.formatted-version}
|
||||
|
||||
Go to https://www.eclipse.org/hawkbit for more information.
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
|
||||
This program and the accompanying materials are made
|
||||
available under the terms of the Eclipse Public License 2.0
|
||||
which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
|
||||
SPDX-License-Identifier: EPL-2.0
|
||||
|
||||
-->
|
||||
<configuration>
|
||||
<include resource="org/springframework/boot/logging/logback/base.xml" />
|
||||
|
||||
<logger name="org.eclipse.hawkbit.eventbus.DeadEventListener" level="WARN" />
|
||||
<Logger name="org.springframework.boot.actuate.audit.listener.AuditListener" level="WARN" />
|
||||
|
||||
<Logger name="org.hibernate.validator.internal.util.Version" level="WARN" />
|
||||
|
||||
<!-- Security Log with hints on potential attacks -->
|
||||
<logger name="server-security" level="INFO" />
|
||||
|
||||
<Root level="INFO">
|
||||
<appender-ref ref="CONSOLE" />
|
||||
</Root>
|
||||
|
||||
</configuration>
|
||||
@@ -0,0 +1,39 @@
|
||||
/**
|
||||
* Copyright (c) 2020 Bosch.IO GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.app.mgmt;
|
||||
|
||||
import org.eclipse.hawkbit.repository.test.util.SharedSqlTestDatabaseExtension;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
@SpringBootTest(properties = { "hawkbit.dmf.rabbitmq.enabled=false" })
|
||||
@ExtendWith(SharedSqlTestDatabaseExtension.class)
|
||||
public abstract class AbstractSecurityTest {
|
||||
|
||||
@Autowired
|
||||
private WebApplicationContext context;
|
||||
|
||||
protected MockMvc mvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
final DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(context)
|
||||
.apply(SecurityMockMvcConfigurers.springSecurity()).dispatchOptions(true);
|
||||
mvc = builder.build();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
/**
|
||||
* Copyright (c) 2019 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.app.mgmt;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.security.web.firewall.RequestRejectedException;
|
||||
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
import org.springframework.test.context.TestPropertySource;
|
||||
|
||||
@TestPropertySource(properties = { "hawkbit.server.security.allowedHostNames=localhost",
|
||||
"hawkbit.server.security.httpFirewallIgnoredPaths=/index.html" })
|
||||
@Feature("Integration Test - Security")
|
||||
@Story("Allowed Host Names")
|
||||
public class AllowedHostNamesTest extends AbstractSecurityTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests whether a RequestRejectedException is thrown when not allowed host is used")
|
||||
public void allowedHostNameWithNotAllowedHost() {
|
||||
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(
|
||||
() -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests whether request is redirected when allowed host is used")
|
||||
public void allowedHostNameWithAllowedHost() throws Exception {
|
||||
mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests whether request without allowed host name and with ignored path end up with a client error")
|
||||
public void notAllowedHostnameWithIgnoredPath() throws Exception {
|
||||
mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com"))
|
||||
.andExpect(status().is4xxClientError());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
/**
|
||||
* Copyright (c) 2019 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.app.mgmt;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.security.test.context.support.WithUserDetails;
|
||||
import org.springframework.test.web.servlet.ResultActions;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
|
||||
@SpringBootTest(properties = {
|
||||
"hawkbit.dmf.rabbitmq.enabled=false",
|
||||
"hawkbit.server.security.cors.enabled=true",
|
||||
"hawkbit.server.security.cors.allowedOrigins="
|
||||
+ CorsTest.ALLOWED_ORIGIN_FIRST + ","
|
||||
+ CorsTest.ALLOWED_ORIGIN_SECOND,
|
||||
"hawkbit.server.security.cors.exposedHeaders="
|
||||
+ HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN})
|
||||
@Feature("Integration Test - Security")
|
||||
@Story("CORS")
|
||||
public class CorsTest extends AbstractSecurityTest {
|
||||
|
||||
final static String ALLOWED_ORIGIN_FIRST = "http://test.first.origin";
|
||||
final static String ALLOWED_ORIGIN_SECOND = "http://test.second.origin";
|
||||
|
||||
private final static String INVALID_ORIGIN = "http://test.invalid.origin";
|
||||
private final static String INVALID_CORS_REQUEST = "Invalid CORS request";
|
||||
|
||||
@WithUserDetails("admin")
|
||||
@Test
|
||||
@Description("Ensures that Cors is working.")
|
||||
public void validateCorsRequest() throws Exception {
|
||||
performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_FIRST).andExpect(status().isOk())
|
||||
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_FIRST));
|
||||
performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_SECOND).andExpect(status().isOk())
|
||||
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_SECOND));
|
||||
|
||||
final String invalidOriginResponseBody = performOptionsRequestToRestWithOrigin(INVALID_ORIGIN)
|
||||
.andExpect(status().isForbidden())
|
||||
.andExpect(header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).andReturn().getResponse()
|
||||
.getContentAsString();
|
||||
assertThat(invalidOriginResponseBody).isEqualTo(INVALID_CORS_REQUEST);
|
||||
|
||||
final String invalidCorsUrlResponseBody = performOptionsRequestToUrlWithOrigin(
|
||||
MgmtRestConstants.BASE_SYSTEM_MAPPING, ALLOWED_ORIGIN_FIRST).andExpect(status().isForbidden())
|
||||
.andExpect(header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).andReturn()
|
||||
.getResponse().getContentAsString();
|
||||
assertThat(invalidCorsUrlResponseBody).isEqualTo(INVALID_CORS_REQUEST);
|
||||
}
|
||||
|
||||
private ResultActions performOptionsRequestToRestWithOrigin(final String origin) throws Exception {
|
||||
return performOptionsRequestToUrlWithOrigin(MgmtRestConstants.BASE_V1_REQUEST_MAPPING, origin);
|
||||
}
|
||||
|
||||
private ResultActions performOptionsRequestToUrlWithOrigin(final String url, final String origin) throws Exception {
|
||||
return mvc.perform(options(url).header("Access-Control-Request-Method", "GET").header("Origin", origin));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user