Completed migration to ConfigurationProperties annotation. Added boot metadata generation to build.
This commit is contained in:
@@ -10,25 +10,34 @@ package org.eclipse.hawkbit.security;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* The common properties for DDI security.
|
||||
*/
|
||||
@Component
|
||||
@ConfigurationProperties("hawkbit.server.ddi.security")
|
||||
public class DdiSecurityProperties {
|
||||
|
||||
private final Rp rp = new Rp();
|
||||
private final Authentication authentication = new Authentication();
|
||||
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public Rp getRp() {
|
||||
return rp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Inner class for reverse proxy configuration. Defines the security
|
||||
* properties for authenticating controllers behind a reverse proxy which
|
||||
* terminates the SSL session at the reverse proxy but adding request header
|
||||
* which contains the CN of the certificate.
|
||||
* Reverse proxy configuration. Defines the security properties for
|
||||
* authenticating controllers behind a reverse proxy which terminates the
|
||||
* SSL session at the reverse proxy but adding request header which contains
|
||||
* the CN of the certificate.
|
||||
*/
|
||||
@Component
|
||||
@ConfigurationProperties("hawkbit.server.ddi.security.rp")
|
||||
public static class RpProperties {
|
||||
public static class Rp {
|
||||
|
||||
/**
|
||||
* HTTP header field for common name of a DDI target client certificate.
|
||||
@@ -94,54 +103,119 @@ public class DdiSecurityProperties {
|
||||
}
|
||||
|
||||
/**
|
||||
* Inner class for anonymous enable configuration.
|
||||
* DDI Authentication options.
|
||||
*/
|
||||
@Component
|
||||
@ConfigurationProperties("hawkbit.server.ddi.security.authentication.anonymous")
|
||||
public static class AnoymousAuthenticationProperties {
|
||||
public static class Authentication {
|
||||
private final Anonymous anonymous = new Anonymous();
|
||||
private final Targettoken targettoken = new Targettoken();
|
||||
private final Gatewaytoken gatewaytoken = new Gatewaytoken();
|
||||
|
||||
/**
|
||||
* Set to true to enable anonymous DDI client authentication.
|
||||
*/
|
||||
private Boolean enabled = Boolean.FALSE;
|
||||
public Anonymous getAnonymous() {
|
||||
return anonymous;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param enabled
|
||||
* the enabled to set
|
||||
*/
|
||||
public void setEnabled(final Boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
public Gatewaytoken getGatewaytoken() {
|
||||
return gatewaytoken;
|
||||
}
|
||||
|
||||
public Targettoken getTargettoken() {
|
||||
return targettoken;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the enabled
|
||||
* Target token authentication. Tokens are defined per target.
|
||||
*
|
||||
*/
|
||||
public Boolean getEnabled() {
|
||||
return enabled;
|
||||
public static class Targettoken {
|
||||
/**
|
||||
* Set to true to enable target token authentication.
|
||||
*/
|
||||
private boolean enabled = false;
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(final boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
/**
|
||||
* Gateway token authentication. Tokens are defined per tenant. Use with
|
||||
* care!
|
||||
*
|
||||
*/
|
||||
public static class Gatewaytoken {
|
||||
|
||||
@Autowired
|
||||
private RpProperties rppProperties;
|
||||
/**
|
||||
* Gateway token based authentication enabled.
|
||||
*/
|
||||
private boolean enabled = false;
|
||||
|
||||
@Autowired
|
||||
private AnoymousAuthenticationProperties authenticationsProperties;
|
||||
/**
|
||||
* Default gateway token name.
|
||||
*/
|
||||
private String name = "";
|
||||
|
||||
public String getRpCnHeader() {
|
||||
return rppProperties.getCnHeader();
|
||||
}
|
||||
/**
|
||||
* Default gateway token itself.
|
||||
*/
|
||||
private String key = "";
|
||||
|
||||
public String getRpSslIssuerHashHeader() {
|
||||
return rppProperties.getSslIssuerHashHeader();
|
||||
}
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public List<String> getRpTrustedIPs() {
|
||||
return rppProperties.getTrustedIPs();
|
||||
}
|
||||
public void setEnabled(final boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(final String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getKey() {
|
||||
return key;
|
||||
}
|
||||
|
||||
public void setKey(final String key) {
|
||||
this.key = key;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Anonymous authentication.
|
||||
*/
|
||||
public static class Anonymous {
|
||||
|
||||
/**
|
||||
* Set to true to enable anonymous DDI client authentication.
|
||||
*/
|
||||
private boolean enabled = false;
|
||||
|
||||
/**
|
||||
* @param enabled
|
||||
* the enabled to set
|
||||
*/
|
||||
public void setEnabled(final boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the enabled
|
||||
*/
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
}
|
||||
|
||||
public Boolean getAnonymousEnabled() {
|
||||
return authenticationsProperties.getEnabled();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,16 +1,25 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the Eclipse Public License v1.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.eclipse.org/legal/epl-v10.html
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* Security related hawkbit configuration.
|
||||
*
|
||||
*/
|
||||
@Component
|
||||
@ConfigurationProperties("hawkbit.server.security")
|
||||
public class SecurityProperties {
|
||||
public class HawkbitSecurityProperties {
|
||||
|
||||
private final Clients clients = new Clients();
|
||||
|
||||
private final Dos dos = new Dos();
|
||||
private final Xframe xframe = new Xframe();
|
||||
|
||||
@@ -100,11 +109,6 @@ public class SecurityProperties {
|
||||
*/
|
||||
public static class Dos {
|
||||
|
||||
/**
|
||||
* White list of peer IP addresses for DOS filter (regular expression).
|
||||
*/
|
||||
private String whitelist = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
|
||||
|
||||
/**
|
||||
* Maximum number of status updates that the controller can report for
|
||||
* an action (0 to disable).
|
||||
@@ -122,14 +126,6 @@ public class SecurityProperties {
|
||||
return filter;
|
||||
}
|
||||
|
||||
public String getWhitelist() {
|
||||
return whitelist;
|
||||
}
|
||||
|
||||
public void setWhitelist(final String whitelist) {
|
||||
this.whitelist = whitelist;
|
||||
}
|
||||
|
||||
public int getMaxStatusEntriesPerAction() {
|
||||
return maxStatusEntriesPerAction;
|
||||
}
|
||||
@@ -148,6 +144,12 @@ public class SecurityProperties {
|
||||
|
||||
public static class Filter {
|
||||
|
||||
/**
|
||||
* White list of peer IP addresses for DOS filter (regular
|
||||
* expression).
|
||||
*/
|
||||
private String whitelist = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
|
||||
|
||||
/**
|
||||
* # Maximum number of allowed REST read/GET requests per second per
|
||||
* client.
|
||||
@@ -160,6 +162,14 @@ public class SecurityProperties {
|
||||
*/
|
||||
int maxWrite = 50;
|
||||
|
||||
public String getWhitelist() {
|
||||
return whitelist;
|
||||
}
|
||||
|
||||
public void setWhitelist(final String whitelist) {
|
||||
this.whitelist = whitelist;
|
||||
}
|
||||
|
||||
public int getMaxRead() {
|
||||
return maxRead;
|
||||
}
|
||||
Reference in New Issue
Block a user