Changes requested within pull request review.

Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
This commit is contained in:
Ammar Bikic
2021-01-08 19:28:26 +01:00
parent 7434293e27
commit adeabbd442
3 changed files with 16 additions and 10 deletions

View File

@@ -190,7 +190,7 @@ public class SecurityManagedConfiguration {
/** /**
* Filter to protect the hawkBit server DDI interface against to many * Filter to protect the hawkBit server DDI interface against to many
* requests. * requests.
* *
* @param securityProperties * @param securityProperties
* for filter configuration * for filter configuration
* *
@@ -306,7 +306,7 @@ public class SecurityManagedConfiguration {
/** /**
* Filter to protect the hawkBit server DDI download interface against * Filter to protect the hawkBit server DDI download interface against
* to many requests. * to many requests.
* *
* @param securityProperties * @param securityProperties
* for filter configuration * for filter configuration
* *
@@ -396,7 +396,7 @@ public class SecurityManagedConfiguration {
/** /**
* Filter to protect the hawkBit server system management interface against * Filter to protect the hawkBit server system management interface against
* to many requests. * to many requests.
* *
* @param securityProperties * @param securityProperties
* for filter configuration * for filter configuration
* *
@@ -497,7 +497,7 @@ public class SecurityManagedConfiguration {
/** /**
* Filter to protect the hawkBit server Management interface against to * Filter to protect the hawkBit server Management interface against to
* many requests. * many requests.
* *
* @param securityProperties * @param securityProperties
* for filter configuration * for filter configuration
* *
@@ -625,7 +625,7 @@ public class SecurityManagedConfiguration {
/** /**
* Filter to protect the hawkBit management UI against to many requests. * Filter to protect the hawkBit management UI against to many requests.
* *
* @param securityProperties * @param securityProperties
* for filter configuration * for filter configuration
* *
@@ -727,6 +727,11 @@ public class SecurityManagedConfiguration {
.logoutSuccessHandler(logoutSuccessHandler); .logoutSuccessHandler(logoutSuccessHandler);
} }
/**
* HttpFirewall which enables to define a list of allowed host names.
*
* @return the http firewall.
*/
@Bean @Bean
public HttpFirewall httpFirewall() { public HttpFirewall httpFirewall() {
final List<String> allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames(); final List<String> allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames();
@@ -736,7 +741,8 @@ public class SecurityManagedConfiguration {
if (!CollectionUtils.isEmpty(allowedHostNames)) { if (!CollectionUtils.isEmpty(allowedHostNames)) {
firewall.setAllowedHostnames(hostName -> { firewall.setAllowedHostnames(hostName -> {
LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName)); LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName));
return allowedHostNames.contains(hostName);}); return allowedHostNames.contains(hostName);
});
} }
return firewall; return firewall;
} }

View File

@@ -24,10 +24,6 @@
<groupId>org.springframework.hateoas</groupId> <groupId>org.springframework.hateoas</groupId>
<artifactId>spring-hateoas</artifactId> <artifactId>spring-hateoas</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-json</artifactId> <artifactId>spring-boot-starter-json</artifactId>

View File

@@ -12,6 +12,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import io.qameta.allure.Description;
import org.junit.Test; import org.junit.Test;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.security.web.firewall.RequestRejectedException; import org.springframework.security.web.firewall.RequestRejectedException;
@@ -27,17 +28,20 @@ import org.springframework.test.context.TestPropertySource;
public class AllowedHostNamesTest extends AbstractSecurityTest { public class AllowedHostNamesTest extends AbstractSecurityTest {
@Test @Test
@Description("Tests whether a RequestRejectedException is thrown when not allowed host is used")
public void allowedHostNameWithNotAllowedHost() { public void allowedHostNameWithNotAllowedHost() {
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy( assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(
() -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com"))); () -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com")));
} }
@Test @Test
@Description("Tests whether request is redirected when allowed host is used")
public void allowedHostNameWithAllowedHost() throws Exception { public void allowedHostNameWithAllowedHost() throws Exception {
mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection()); mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection());
} }
@Test @Test
@Description("Tests whether request without allowed host name and with ignored path end up with a client error")
public void notAllowedHostnameWithIgnoredPath() throws Exception { public void notAllowedHostnameWithIgnoredPath() throws Exception {
mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com")) mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com"))
.andExpect(status().is4xxClientError()); .andExpect(status().is4xxClientError());