Remove unused TenantUserPasswordAuthenticationToken (#1966)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -23,6 +23,11 @@ public interface BaseEntity extends Serializable, Identifiable<Long> {
|
|||||||
return entity == null ? null : entity.getId();
|
return entity == null ? null : entity.getId();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return user that created the {@link BaseEntity}.
|
||||||
|
*/
|
||||||
|
String getCreatedBy();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return time in {@link TimeUnit#MILLISECONDS} when the {@link BaseEntity}
|
* @return time in {@link TimeUnit#MILLISECONDS} when the {@link BaseEntity}
|
||||||
* was created.
|
* was created.
|
||||||
@@ -30,9 +35,9 @@ public interface BaseEntity extends Serializable, Identifiable<Long> {
|
|||||||
long getCreatedAt();
|
long getCreatedAt();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return user that created the {@link BaseEntity}.
|
* @return user that updated the {@link BaseEntity} last.
|
||||||
*/
|
*/
|
||||||
String getCreatedBy();
|
String getLastModifiedBy();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return time in {@link TimeUnit#MILLISECONDS} when the {@link BaseEntity}
|
* @return time in {@link TimeUnit#MILLISECONDS} when the {@link BaseEntity}
|
||||||
@@ -40,14 +45,8 @@ public interface BaseEntity extends Serializable, Identifiable<Long> {
|
|||||||
*/
|
*/
|
||||||
long getLastModifiedAt();
|
long getLastModifiedAt();
|
||||||
|
|
||||||
/**
|
|
||||||
* @return user that updated the {@link BaseEntity} last.
|
|
||||||
*/
|
|
||||||
String getLastModifiedBy();
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return version of the {@link BaseEntity}.
|
* @return version of the {@link BaseEntity}.
|
||||||
*/
|
*/
|
||||||
int getOptLockRevision();
|
int getOptLockRevision();
|
||||||
|
}
|
||||||
}
|
|
||||||
@@ -9,6 +9,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.repository.jpa.model;
|
package org.eclipse.hawkbit.repository.jpa.model;
|
||||||
|
|
||||||
|
import java.io.Serial;
|
||||||
|
|
||||||
import jakarta.persistence.Access;
|
import jakarta.persistence.Access;
|
||||||
import jakarta.persistence.AccessType;
|
import jakarta.persistence.AccessType;
|
||||||
import jakarta.persistence.Column;
|
import jakarta.persistence.Column;
|
||||||
@@ -19,6 +21,9 @@ import jakarta.persistence.Id;
|
|||||||
import jakarta.persistence.MappedSuperclass;
|
import jakarta.persistence.MappedSuperclass;
|
||||||
import jakarta.persistence.Version;
|
import jakarta.persistence.Version;
|
||||||
|
|
||||||
|
import lombok.AccessLevel;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
import lombok.Setter;
|
||||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||||
import org.eclipse.hawkbit.repository.model.BaseEntity;
|
import org.eclipse.hawkbit.repository.model.BaseEntity;
|
||||||
import org.springframework.data.annotation.CreatedBy;
|
import org.springframework.data.annotation.CreatedBy;
|
||||||
@@ -31,32 +36,38 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
|||||||
/**
|
/**
|
||||||
* Holder of the base attributes common to all entities.
|
* Holder of the base attributes common to all entities.
|
||||||
*/
|
*/
|
||||||
|
@NoArgsConstructor(access = AccessLevel.PROTECTED) // Default constructor needed for JPA entities.
|
||||||
@MappedSuperclass
|
@MappedSuperclass
|
||||||
@Access(AccessType.FIELD)
|
@Access(AccessType.FIELD)
|
||||||
@EntityListeners({ AuditingEntityListener.class, EntityPropertyChangeListener.class, EntityInterceptorListener.class })
|
@EntityListeners({ AuditingEntityListener.class, EntityPropertyChangeListener.class, EntityInterceptorListener.class })
|
||||||
public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
||||||
|
|
||||||
protected static final int USERNAME_FIELD_LENGTH = 64;
|
protected static final int USERNAME_FIELD_LENGTH = 64;
|
||||||
|
|
||||||
|
@Serial
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Setter
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||||
@Column(name = "id")
|
@Column(name = "id")
|
||||||
private Long id;
|
private Long id;
|
||||||
|
|
||||||
private String createdBy;
|
private String createdBy;
|
||||||
private String lastModifiedBy;
|
|
||||||
private long createdAt;
|
private long createdAt;
|
||||||
|
private String lastModifiedBy;
|
||||||
private long lastModifiedAt;
|
private long lastModifiedAt;
|
||||||
|
|
||||||
|
@Setter
|
||||||
@Version
|
@Version
|
||||||
@Column(name = "optlock_revision")
|
@Column(name = "optlock_revision")
|
||||||
private int optLockRevision;
|
private int optLockRevision;
|
||||||
|
|
||||||
/**
|
@Override
|
||||||
* Default constructor needed for JPA entities.
|
@Access(AccessType.PROPERTY)
|
||||||
*/
|
@Column(name = "created_by", updatable = false, nullable = false, length = USERNAME_FIELD_LENGTH)
|
||||||
protected AbstractJpaBaseEntity() {
|
public String getCreatedBy() {
|
||||||
// Default constructor needed for JPA entities.
|
return createdBy;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -68,9 +79,9 @@ public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Access(AccessType.PROPERTY)
|
@Access(AccessType.PROPERTY)
|
||||||
@Column(name = "created_by", updatable = false, nullable = false, length = USERNAME_FIELD_LENGTH)
|
@Column(name = "last_modified_by", nullable = false, length = USERNAME_FIELD_LENGTH)
|
||||||
public String getCreatedBy() {
|
public String getLastModifiedBy() {
|
||||||
return createdBy;
|
return lastModifiedBy;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -80,41 +91,11 @@ public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
|||||||
return lastModifiedAt;
|
return lastModifiedAt;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
@Access(AccessType.PROPERTY)
|
|
||||||
@Column(name = "last_modified_by", nullable = false, length = USERNAME_FIELD_LENGTH)
|
|
||||||
public String getLastModifiedBy() {
|
|
||||||
return lastModifiedBy;
|
|
||||||
}
|
|
||||||
|
|
||||||
@LastModifiedBy
|
|
||||||
public void setLastModifiedBy(final String lastModifiedBy) {
|
|
||||||
if (isController()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.lastModifiedBy = lastModifiedBy;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getOptLockRevision() {
|
public int getOptLockRevision() {
|
||||||
return optLockRevision;
|
return optLockRevision;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setOptLockRevision(final int optLockRevision) {
|
|
||||||
this.optLockRevision = optLockRevision;
|
|
||||||
}
|
|
||||||
|
|
||||||
@LastModifiedDate
|
|
||||||
public void setLastModifiedAt(final long lastModifiedAt) {
|
|
||||||
|
|
||||||
if (isController()) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.lastModifiedAt = lastModifiedAt;
|
|
||||||
}
|
|
||||||
|
|
||||||
@CreatedBy
|
@CreatedBy
|
||||||
public void setCreatedBy(final String createdBy) {
|
public void setCreatedBy(final String createdBy) {
|
||||||
if (isController()) {
|
if (isController()) {
|
||||||
@@ -142,15 +123,29 @@ public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@LastModifiedBy
|
||||||
|
public void setLastModifiedBy(final String lastModifiedBy) {
|
||||||
|
if (isController()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.lastModifiedBy = lastModifiedBy;
|
||||||
|
}
|
||||||
|
|
||||||
|
@LastModifiedDate
|
||||||
|
public void setLastModifiedAt(final long lastModifiedAt) {
|
||||||
|
if (isController()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.lastModifiedAt = lastModifiedAt;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Long getId() {
|
public Long getId() {
|
||||||
return id;
|
return id;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setId(final Long id) {
|
|
||||||
this.id = id;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Defined equals/hashcode strategy for the repository in general is that an
|
* Defined equals/hashcode strategy for the repository in general is that an
|
||||||
* entity is equal if it has the same {@link #getId()} and
|
* entity is equal if it has the same {@link #getId()} and
|
||||||
@@ -206,10 +201,7 @@ public abstract class AbstractJpaBaseEntity implements BaseEntity {
|
|||||||
|
|
||||||
private boolean isController() {
|
private boolean isController() {
|
||||||
return SecurityContextHolder.getContext().getAuthentication() != null
|
return SecurityContextHolder.getContext().getAuthentication() != null
|
||||||
&& SecurityContextHolder.getContext().getAuthentication()
|
&& SecurityContextHolder.getContext().getAuthentication().getDetails() instanceof TenantAwareAuthenticationDetails tenantAwareDetails
|
||||||
.getDetails() instanceof TenantAwareAuthenticationDetails
|
&& tenantAwareDetails.isController();
|
||||||
&& ((TenantAwareAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication()
|
|
||||||
.getDetails()).isController();
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
|
||||||
@@ -154,7 +154,7 @@ public class SecurityContextSwitch {
|
|||||||
authorities = annotation.authorities();
|
authorities = annotation.authorities();
|
||||||
}
|
}
|
||||||
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
|
final TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(
|
||||||
new TenantAwareUser(annotation.principal(), annotation.tenantId()),
|
new TenantAwareUser(annotation.principal(), "***", null, annotation.tenantId()),
|
||||||
annotation.credentials(), authorities);
|
annotation.credentials(), authorities);
|
||||||
testingAuthenticationToken.setDetails(
|
testingAuthenticationToken.setDetails(
|
||||||
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));
|
new TenantAwareAuthenticationDetails(annotation.tenantId(), annotation.controller()));
|
||||||
|
|||||||
@@ -22,15 +22,13 @@ import org.springframework.security.core.GrantedAuthority;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* Software provisioning permissions that are technically available as
|
* Software provisioning permissions that are technically available as {@linkplain GrantedAuthority} based on
|
||||||
* {@linkplain GrantedAuthority} based on the authenticated users identity
|
* the authenticated users identity context.
|
||||||
* context.
|
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
* The permissions cover CRUD operations for various areas within eclipse
|
* The permissions cover CRUD operations for various areas within eclipse hawkBit, like targets, software-artifacts,
|
||||||
* hawkBit, like targets, software-artifacts, distribution sets, config-options
|
* distribution sets, config-options etc.
|
||||||
* etc.
|
|
||||||
* </p>
|
* </p>
|
||||||
*/
|
*/
|
||||||
@NoArgsConstructor(access = AccessLevel.PRIVATE)
|
@NoArgsConstructor(access = AccessLevel.PRIVATE)
|
||||||
@@ -167,8 +165,7 @@ public final class SpPermission {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* Contains all the spring security evaluation expressions for the
|
* Contains all the spring security evaluation expressions for the {@link PreAuthorize} annotation for method security.
|
||||||
* {@link PreAuthorize} annotation for method security.
|
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
@@ -199,6 +196,7 @@ public final class SpPermission {
|
|||||||
public static final String HAS_AUTH_PREFIX = "hasAuthority" + BRACKET_OPEN + "'";
|
public static final String HAS_AUTH_PREFIX = "hasAuthority" + BRACKET_OPEN + "'";
|
||||||
public static final String HAS_AUTH_SUFFIX = "'" + BRACKET_CLOSE;
|
public static final String HAS_AUTH_SUFFIX = "'" + BRACKET_CLOSE;
|
||||||
public static final String HAS_AUTH_AND = " and ";
|
public static final String HAS_AUTH_AND = " and ";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The role which contains the spring security context in case the
|
* The role which contains the spring security context in case the
|
||||||
* system is executing code which is necessary to be privileged.
|
* system is executing code which is necessary to be privileged.
|
||||||
|
|||||||
@@ -24,44 +24,45 @@ public final class SpRole {
|
|||||||
public static final String REPOSITORY_ADMIN = "ROLE_REPOSITORY_ADMIN";
|
public static final String REPOSITORY_ADMIN = "ROLE_REPOSITORY_ADMIN";
|
||||||
public static final String ROLLOUT_ADMIN = "ROLE_ROLLOUT_ADMIN";
|
public static final String ROLLOUT_ADMIN = "ROLE_ROLLOUT_ADMIN";
|
||||||
public static final String TENANT_ADMIN = "ROLE_TENANT_ADMIN";
|
public static final String TENANT_ADMIN = "ROLE_TENANT_ADMIN";
|
||||||
|
|
||||||
private static final String IMPLIES = " > ";
|
private static final String IMPLIES = " > ";
|
||||||
private static final String LINE_BREAK = "\n";
|
private static final String LINE_BREAK = "\n";
|
||||||
public static final String TARGET_ADMIN_HIERARCHY =
|
public static final String TARGET_ADMIN_HIERARCHY =
|
||||||
TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET + LINE_BREAK +
|
TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET + LINE_BREAK +
|
||||||
TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_SEC_TOKEN + LINE_BREAK +
|
TARGET_ADMIN + IMPLIES + SpPermission.READ_TARGET_SEC_TOKEN + LINE_BREAK +
|
||||||
TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET + LINE_BREAK +
|
TARGET_ADMIN + IMPLIES + SpPermission.UPDATE_TARGET + LINE_BREAK +
|
||||||
TARGET_ADMIN + IMPLIES + SpPermission.CREATE_TARGET + LINE_BREAK +
|
TARGET_ADMIN + IMPLIES + SpPermission.CREATE_TARGET + LINE_BREAK +
|
||||||
TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET + LINE_BREAK;
|
TARGET_ADMIN + IMPLIES + SpPermission.DELETE_TARGET + LINE_BREAK;
|
||||||
public static final String REPOSITORY_ADMIN_HIERARCHY =
|
public static final String REPOSITORY_ADMIN_HIERARCHY =
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.READ_REPOSITORY + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.UPDATE_REPOSITORY + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.CREATE_REPOSITORY + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.DELETE_REPOSITORY + LINE_BREAK +
|
||||||
REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;
|
REPOSITORY_ADMIN + IMPLIES + SpPermission.DOWNLOAD_REPOSITORY_ARTIFACT + LINE_BREAK;
|
||||||
public static final String ROLLOUT_ADMIN_HIERARCHY =
|
public static final String ROLLOUT_ADMIN_HIERARCHY =
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK +
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.READ_ROLLOUT + LINE_BREAK +
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.CREATE_ROLLOUT + LINE_BREAK +
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.CREATE_ROLLOUT + LINE_BREAK +
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.UPDATE_ROLLOUT + LINE_BREAK +
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.UPDATE_ROLLOUT + LINE_BREAK +
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.DELETE_ROLLOUT + LINE_BREAK +
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.DELETE_ROLLOUT + LINE_BREAK +
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.HANDLE_ROLLOUT + LINE_BREAK +
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.HANDLE_ROLLOUT + LINE_BREAK +
|
||||||
ROLLOUT_ADMIN + IMPLIES + SpPermission.APPROVE_ROLLOUT + LINE_BREAK;
|
ROLLOUT_ADMIN + IMPLIES + SpPermission.APPROVE_ROLLOUT + LINE_BREAK;
|
||||||
public static final String TENANT_CONFIGURATION_HIERARCHY =
|
public static final String TENANT_CONFIGURATION_HIERARCHY =
|
||||||
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_TENANT_CONFIGURATION + LINE_BREAK +
|
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_TENANT_CONFIGURATION + LINE_BREAK +
|
||||||
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_GATEWAY_SEC_TOKEN + LINE_BREAK;
|
SpPermission.TENANT_CONFIGURATION + IMPLIES + SpPermission.READ_GATEWAY_SEC_TOKEN + LINE_BREAK;
|
||||||
public static final String TENANT_ADMIN_HIERARCHY =
|
public static final String TENANT_ADMIN_HIERARCHY =
|
||||||
TENANT_ADMIN + IMPLIES + TARGET_ADMIN + LINE_BREAK +
|
TENANT_ADMIN + IMPLIES + TARGET_ADMIN + LINE_BREAK +
|
||||||
TENANT_ADMIN + IMPLIES + REPOSITORY_ADMIN + LINE_BREAK +
|
TENANT_ADMIN + IMPLIES + REPOSITORY_ADMIN + LINE_BREAK +
|
||||||
TENANT_ADMIN + IMPLIES + ROLLOUT_ADMIN + LINE_BREAK +
|
TENANT_ADMIN + IMPLIES + ROLLOUT_ADMIN + LINE_BREAK +
|
||||||
TENANT_ADMIN + IMPLIES + SpPermission.TENANT_CONFIGURATION + LINE_BREAK;
|
TENANT_ADMIN + IMPLIES + SpPermission.TENANT_CONFIGURATION + LINE_BREAK;
|
||||||
|
|
||||||
public static final String SYSTEM_ADMIN_HIERARCHY =
|
public static final String SYSTEM_ADMIN_HIERARCHY =
|
||||||
SpPermission.SYSTEM_ADMIN + IMPLIES + TENANT_ADMIN + LINE_BREAK;
|
SpPermission.SYSTEM_ADMIN + IMPLIES + TENANT_ADMIN + LINE_BREAK;
|
||||||
|
|
||||||
public static String DEFAULT_ROLE_HIERARCHY =
|
public static String DEFAULT_ROLE_HIERARCHY =
|
||||||
TARGET_ADMIN_HIERARCHY +
|
TARGET_ADMIN_HIERARCHY +
|
||||||
REPOSITORY_ADMIN_HIERARCHY +
|
REPOSITORY_ADMIN_HIERARCHY +
|
||||||
ROLLOUT_ADMIN_HIERARCHY +
|
ROLLOUT_ADMIN_HIERARCHY +
|
||||||
TENANT_CONFIGURATION_HIERARCHY +
|
TENANT_CONFIGURATION_HIERARCHY +
|
||||||
TENANT_ADMIN_HIERARCHY +
|
TENANT_ADMIN_HIERARCHY +
|
||||||
SYSTEM_ADMIN_HIERARCHY;
|
SYSTEM_ADMIN_HIERARCHY;
|
||||||
}
|
}
|
||||||
@@ -31,40 +31,36 @@ import org.springframework.util.ObjectUtils;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentication provider for configured via spring application properties users.
|
* Authentication provider for configured via spring application properties users.
|
||||||
* The users could be tenant scoped or global.
|
* The users could be tenant scoped ({@link TenantAwareUserProperties}) or global ({@link SecurityProperties}).
|
||||||
*/
|
*/
|
||||||
public class StaticAuthenticationProvider extends DaoAuthenticationProvider {
|
public class StaticAuthenticationProvider extends DaoAuthenticationProvider {
|
||||||
|
|
||||||
public StaticAuthenticationProvider(
|
public StaticAuthenticationProvider(
|
||||||
final TenantAwareUserProperties tenantAwareUserProperties, final SecurityProperties securityProperties) {
|
final TenantAwareUserProperties tenantAwareUserProperties, final SecurityProperties securityProperties) {
|
||||||
setUserDetailsService(userDetailsService(securityProperties, tenantAwareUserProperties));
|
setUserDetailsService(userDetailsService(tenantAwareUserProperties, securityProperties));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Authentication createSuccessAuthentication(final Object principal,
|
protected Authentication createSuccessAuthentication(final Object principal, final Authentication authentication, final UserDetails user) {
|
||||||
final Authentication authentication, final UserDetails user) {
|
|
||||||
final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
|
final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
|
||||||
principal, authentication.getCredentials(), user.getAuthorities());
|
principal, authentication.getCredentials(), user.getAuthorities());
|
||||||
result.setDetails(
|
result.setDetails(user instanceof TenantAwareUser tenantAwareUser
|
||||||
user instanceof TenantAwareUser tenantAwareUser ?
|
? new TenantAwareAuthenticationDetails(tenantAwareUser.getTenant(), false)
|
||||||
new TenantAwareAuthenticationDetails(tenantAwareUser.getTenant(), false) :
|
: user);
|
||||||
user);
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static UserDetailsService userDetailsService(
|
private static UserDetailsService userDetailsService(
|
||||||
final SecurityProperties securityProperties,
|
final TenantAwareUserProperties tenantAwareUserProperties, final SecurityProperties securityProperties) {
|
||||||
final TenantAwareUserProperties tenantAwareUserProperties) {
|
|
||||||
final List<User> userPrincipals = new ArrayList<>();
|
final List<User> userPrincipals = new ArrayList<>();
|
||||||
tenantAwareUserProperties.getUser().forEach((username, user) -> {
|
tenantAwareUserProperties.getUser().forEach((username, user) -> {
|
||||||
final String password = password(user.getPassword());
|
final String password = password(user.getPassword());
|
||||||
|
|
||||||
final List<GrantedAuthority> credentials =
|
final List<GrantedAuthority> credentials =
|
||||||
createAuthorities(user.getRoles(), user.getPermissions(), Collections::emptyList);
|
createAuthorities(user.getRoles(), user.getPermissions(), Collections::emptyList);
|
||||||
if (ObjectUtils.isEmpty(user.getTenant())) {
|
userPrincipals.add(ObjectUtils.isEmpty(user.getTenant())
|
||||||
userPrincipals.add(new User(username, password, credentials));
|
? new User(username, password, credentials)
|
||||||
} else {
|
: new TenantAwareUser(username, password, credentials, user.getTenant()));
|
||||||
userPrincipals.add(new TenantAwareUser(username, password, credentials, user.getTenant()));
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
|
|
||||||
if (securityProperties != null && securityProperties.getUser() != null &&
|
if (securityProperties != null && securityProperties.getUser() != null &&
|
||||||
@@ -130,8 +126,7 @@ public class StaticAuthenticationProvider extends DaoAuthenticationProvider {
|
|||||||
|
|
||||||
private static User clone(final User user) {
|
private static User clone(final User user) {
|
||||||
if (user instanceof TenantAwareUser) {
|
if (user instanceof TenantAwareUser) {
|
||||||
return new TenantAwareUser(user.getUsername(), user.getPassword(), user.getAuthorities(),
|
return new TenantAwareUser(user.getUsername(), user.getPassword(), user.getAuthorities(), ((TenantAwareUser) user).getTenant());
|
||||||
((TenantAwareUser) user).getTenant());
|
|
||||||
} else {
|
} else {
|
||||||
return new User(user.getUsername(), user.getPassword(), user.getAuthorities());
|
return new User(user.getUsername(), user.getPassword(), user.getAuthorities());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,6 +9,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.im.authentication;
|
package org.eclipse.hawkbit.im.authentication;
|
||||||
|
|
||||||
|
import java.io.Serial;
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
@@ -25,6 +26,7 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
|
|||||||
@ToString
|
@ToString
|
||||||
public class TenantAwareAuthenticationDetails implements Serializable {
|
public class TenantAwareAuthenticationDetails implements Serializable {
|
||||||
|
|
||||||
|
@Serial
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
private final String tenant;
|
private final String tenant;
|
||||||
@@ -32,8 +34,7 @@ public class TenantAwareAuthenticationDetails implements Serializable {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @param tenant the current tenant
|
* @param tenant the current tenant
|
||||||
* @param controller boolean flag to indicate if this authenticated token is a
|
* @param controller boolean flag to indicate if this authenticated token is a controller authentication. {@code true} in case of
|
||||||
* controller authentication. {@code true} in case of
|
|
||||||
* authenticated controller otherwise {@code false}
|
* authenticated controller otherwise {@code false}
|
||||||
*/
|
*/
|
||||||
public TenantAwareAuthenticationDetails(final String tenant, final boolean controller) {
|
public TenantAwareAuthenticationDetails(final String tenant, final boolean controller) {
|
||||||
|
|||||||
@@ -21,8 +21,7 @@ import org.springframework.security.core.context.SecurityContext;
|
|||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A software provisioning user principal definition stored in the
|
* A software provisioning user principal definition stored in the {@link SecurityContext} which contains the user specific attributes.
|
||||||
* {@link SecurityContext} which contains the user specific attributes.
|
|
||||||
*/
|
*/
|
||||||
@Getter
|
@Getter
|
||||||
@EqualsAndHashCode(callSuper = true)
|
@EqualsAndHashCode(callSuper = true)
|
||||||
@@ -34,28 +33,13 @@ public class TenantAwareUser extends User {
|
|||||||
|
|
||||||
private final String tenant;
|
private final String tenant;
|
||||||
|
|
||||||
/**
|
public TenantAwareUser(
|
||||||
* @param username the username of the user
|
final String username, final String password, final Collection<? extends GrantedAuthority> authorities,
|
||||||
* @param password the password of the user
|
final String tenant) {
|
||||||
* @param authorities the authorities which the user has
|
|
||||||
* @param tenant the tenant of the user
|
|
||||||
*/
|
|
||||||
public TenantAwareUser(final String username, final String password,
|
|
||||||
final Collection<? extends GrantedAuthority> authorities, final String tenant) {
|
|
||||||
super(username, password, authorities == null ? Collections.emptyList() : authorities);
|
super(username, password, authorities == null ? Collections.emptyList() : authorities);
|
||||||
this.tenant = tenant;
|
this.tenant = tenant;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Create user without password and any credentials. For test purposes only.
|
|
||||||
*
|
|
||||||
* @param username the username of the user
|
|
||||||
* @param tenant the tenant of the user
|
|
||||||
*/
|
|
||||||
public TenantAwareUser(final String username, String tenant) {
|
|
||||||
this(username, "***", null, tenant);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isEnabled() {
|
public boolean isEnabled() {
|
||||||
return true;
|
return true;
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ import lombok.ToString;
|
|||||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Configuration for hawwkBit static users.
|
* Configuration for hawkBit static users.
|
||||||
*/
|
*/
|
||||||
@Data
|
@Data
|
||||||
@ToString
|
@ToString
|
||||||
|
|||||||
@@ -1,94 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
|
||||||
*
|
|
||||||
* This program and the accompanying materials are made
|
|
||||||
* available under the terms of the Eclipse Public License 2.0
|
|
||||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
||||||
*
|
|
||||||
* SPDX-License-Identifier: EPL-2.0
|
|
||||||
*/
|
|
||||||
package org.eclipse.hawkbit.im.authentication;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The authentication token which transports the username, password and the
|
|
||||||
* tenant information for authentication.
|
|
||||||
*/
|
|
||||||
public class TenantUserPasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {
|
|
||||||
|
|
||||||
// Exception squid:S1948 - no need to be Serializable
|
|
||||||
@SuppressWarnings({ "squid:S1948" })
|
|
||||||
final Object tenant;
|
|
||||||
private static final long serialVersionUID = 1L;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creating a new {@link TenantUserPasswordAuthenticationToken} as
|
|
||||||
* {@link #isAuthenticated()} will return {@code false}.
|
|
||||||
*
|
|
||||||
* @param tenant the tenant to authenticate against
|
|
||||||
* @param principal the principal to authenticate
|
|
||||||
* @param credentials the credentials of the principal
|
|
||||||
*/
|
|
||||||
public TenantUserPasswordAuthenticationToken(final Object tenant, final Object principal,
|
|
||||||
final Object credentials) {
|
|
||||||
super(principal, credentials);
|
|
||||||
this.tenant = tenant;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creating a new {@link TenantUserPasswordAuthenticationToken} as
|
|
||||||
* {@link #isAuthenticated()} will return {@code true}.
|
|
||||||
*
|
|
||||||
* @param tenant the tenant to authenticate against
|
|
||||||
* @param principal the principal to authenticate
|
|
||||||
* @param credentials the credentials of the principal
|
|
||||||
* @param authorities the principal's authorities
|
|
||||||
*/
|
|
||||||
public TenantUserPasswordAuthenticationToken(final Object tenant, final Object principal, final Object credentials,
|
|
||||||
final List<GrantedAuthority> authorities) {
|
|
||||||
super(principal, credentials, authorities);
|
|
||||||
this.tenant = tenant;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the tenant
|
|
||||||
*/
|
|
||||||
public Object getTenant() {
|
|
||||||
return tenant;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean equals(final Object obj) {
|
|
||||||
if (this == obj) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if (!super.equals(obj)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (getClass() != obj.getClass()) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
final TenantUserPasswordAuthenticationToken other = (TenantUserPasswordAuthenticationToken) obj;
|
|
||||||
if (tenant == null) {
|
|
||||||
if (other.tenant != null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
} else if (!tenant.equals(other.tenant)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int hashCode() {
|
|
||||||
final int prime = 31;
|
|
||||||
int result = super.hashCode();
|
|
||||||
result = prime * result + ((tenant == null) ? 0 : tenant.hashCode());
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user