From adeabbd442b5119c4146e007478b187776113f48 Mon Sep 17 00:00:00 2001 From: Ammar Bikic Date: Fri, 8 Jan 2021 19:28:26 +0100 Subject: [PATCH] Changes requested within pull request review. Signed-off-by: Ammar Bikic --- .../security/SecurityManagedConfiguration.java | 18 ++++++++++++------ hawkbit-rest/hawkbit-mgmt-api/pom.xml | 4 ---- .../hawkbit/app/AllowedHostNamesTest.java | 4 ++++ 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index 58fe5851e..c8b6f8794 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -190,7 +190,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server DDI interface against to many * requests. - * + * * @param securityProperties * for filter configuration * @@ -306,7 +306,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server DDI download interface against * to many requests. - * + * * @param securityProperties * for filter configuration * @@ -396,7 +396,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server system management interface against * to many requests. - * + * * @param securityProperties * for filter configuration * @@ -497,7 +497,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server Management interface against to * many requests. - * + * * @param securityProperties * for filter configuration * @@ -625,7 +625,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit management UI against to many requests. - * + * * @param securityProperties * for filter configuration * @@ -727,6 +727,11 @@ public class SecurityManagedConfiguration { .logoutSuccessHandler(logoutSuccessHandler); } + /** + * HttpFirewall which enables to define a list of allowed host names. + * + * @return the http firewall. + */ @Bean public HttpFirewall httpFirewall() { final List allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames(); @@ -736,7 +741,8 @@ public class SecurityManagedConfiguration { if (!CollectionUtils.isEmpty(allowedHostNames)) { firewall.setAllowedHostnames(hostName -> { LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName)); - return allowedHostNames.contains(hostName);}); + return allowedHostNames.contains(hostName); + }); } return firewall; } diff --git a/hawkbit-rest/hawkbit-mgmt-api/pom.xml b/hawkbit-rest/hawkbit-mgmt-api/pom.xml index e90580d92..59defdc9d 100644 --- a/hawkbit-rest/hawkbit-mgmt-api/pom.xml +++ b/hawkbit-rest/hawkbit-mgmt-api/pom.xml @@ -24,10 +24,6 @@ org.springframework.hateoas spring-hateoas - - org.springframework - spring-webmvc - org.springframework.boot spring-boot-starter-json diff --git a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/AllowedHostNamesTest.java b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/AllowedHostNamesTest.java index 165d96fbd..057ef1760 100644 --- a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/AllowedHostNamesTest.java +++ b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/AllowedHostNamesTest.java @@ -12,6 +12,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import io.qameta.allure.Description; import org.junit.Test; import org.springframework.http.HttpHeaders; import org.springframework.security.web.firewall.RequestRejectedException; @@ -27,17 +28,20 @@ import org.springframework.test.context.TestPropertySource; public class AllowedHostNamesTest extends AbstractSecurityTest { @Test + @Description("Tests whether a RequestRejectedException is thrown when not allowed host is used") public void allowedHostNameWithNotAllowedHost() { assertThatExceptionOfType(RequestRejectedException.class).isThrownBy( () -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com"))); } @Test + @Description("Tests whether request is redirected when allowed host is used") public void allowedHostNameWithAllowedHost() throws Exception { mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection()); } @Test + @Description("Tests whether request without allowed host name and with ignored path end up with a client error") public void notAllowedHostnameWithIgnoredPath() throws Exception { mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com")) .andExpect(status().is4xxClientError());