Merge branch 'master' into feature_configurable_mgmt_sim_scenario

Conflicts:
	hawkbit-repository/hawkbit-repository-jpa/src/main/java/org/eclipse/hawkbit/RepositoryApplicationConfiguration.java


Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
This commit is contained in:
kaizimmerm
2016-06-21 12:18:32 +02:00
38 changed files with 743 additions and 331 deletions

View File

@@ -17,7 +17,7 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
/**
*
* Service to check permissions.
*
*/
public class PermissionService {

View File

@@ -0,0 +1,52 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.im.authentication;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* Utility method for creation of <tt>GrantedAuthority</tt> collections etc.
*/
public final class PermissionUtils {
private PermissionUtils() {
}
/**
* Create {@link GrantedAuthority} by a special role.
*
* @param roles
* the roles
* @return a list of {@link GrantedAuthority}
*/
public static List<GrantedAuthority> createAuthorityList(final Collection<String> roles) {
final List<GrantedAuthority> authorities = new ArrayList<>(roles.size());
for (final String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
/**
* Returns all authorities.
*
* @return a list of {@link GrantedAuthority}
*/
public static List<GrantedAuthority> createAllAuthorityList() {
return createAuthorityList(SpPermission.getAllAuthorities());
}
}

View File

@@ -9,7 +9,16 @@
package org.eclipse.hawkbit.im.authentication;
import java.lang.annotation.Target;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
@@ -35,6 +44,8 @@ import org.springframework.security.core.GrantedAuthority;
*/
public final class SpPermission {
private static final Logger LOGGER = LoggerFactory.getLogger(SpPermission.class);
/**
* Permission to read the targets from the
* {@link ProvisioningTargetRepository} including their meta information,
@@ -139,6 +150,53 @@ public final class SpPermission {
// Constants only
}
/**
* Return all permission.
*
* @return all permission
*/
public static Collection<String> getAllAuthorities() {
return getAllAuthorities(Collections.emptyList());
}
/**
* Return all permission.
*
* @param exclusionRoles
* roles which will excluded
* @return all permissions
*/
public static Collection<String> getAllAuthorities(final String... exclusionRoles) {
return getAllAuthorities(Arrays.asList(exclusionRoles));
}
/**
* Return all permission.
*
* @param exclusionRoles
* roles which will excluded
* @return all permissions
*/
public static Collection<String> getAllAuthorities(final Collection<String> exclusionRoles) {
final List<String> allPermissions = new ArrayList<>();
final Field[] declaredFields = SpPermission.class.getDeclaredFields();
for (final Field field : declaredFields) {
if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers())) {
field.setAccessible(true);
try {
final String role = (String) field.get(null);
if (!(exclusionRoles.contains(role))) {
allPermissions.add(role);
}
} catch (final IllegalAccessException e) {
LOGGER.error(e.getMessage(), e);
}
}
}
return allPermissions;
}
/**
* Contains all the spring security evaluation expressions for the
* {@link PreAuthorize} annotation for method security.

View File

@@ -8,8 +8,10 @@
*/
package org.eclipse.hawkbit.security;
import static java.util.concurrent.TimeUnit.SECONDS;
import static org.eclipse.hawkbit.security.SecurityConstants.SECURITY_LOG_PREFIX;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
@@ -31,25 +33,21 @@ import com.google.common.cache.CacheBuilder;
/**
* Filter for protection against denial of service attacks. It reduces the
* maximum number of request per seconds which can be separately configured for
* read (GET) and write (PUT/POST/DELETE) requests. requests
*
*
*
*
* read (GET) and write (PUT/POST/DELETE) requests.
*/
public class DosFilter extends OncePerRequestFilter {
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class);
private static final Logger LOG_DOS = LoggerFactory.getLogger("server-security.dos");
private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger("server-security.blacklist");
private static final Logger LOG_DOS = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".dos");
private static final Logger LOG_BLACKLIST = LoggerFactory.getLogger(SECURITY_LOG_PREFIX + ".blacklist");
private final Pattern ipAdressBlacklist;
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder()
.expireAfterAccess(1, TimeUnit.SECONDS).build();
private final Cache<String, AtomicInteger> readCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS)
.build();
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder()
.expireAfterAccess(1, TimeUnit.SECONDS).build();
private final Cache<String, AtomicInteger> writeCountCache = CacheBuilder.newBuilder().expireAfterAccess(1, SECONDS)
.build();
private final Integer maxRead;
private final Integer maxWrite;
@@ -78,7 +76,7 @@ public class DosFilter extends OncePerRequestFilter {
*/
public DosFilter(final Integer maxRead, final Integer maxWrite, final String ipDosWhiteListPattern,
final String ipBlackListPattern, final String forwardHeader) {
super();
this.maxRead = maxRead;
this.maxWrite = maxWrite;
this.forwardHeader = forwardHeader;
@@ -96,14 +94,6 @@ public class DosFilter extends OncePerRequestFilter {
}
}
/*
* (non-Javadoc)
*
* @see
* org.springframework.web.filter.OncePerRequestFilter#doFilterInternal(
* javax.servlet.http. HttpServletRequest,
* javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain)
*/
@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
final FilterChain filterChain) throws ServletException, IOException {
@@ -152,11 +142,9 @@ public class DosFilter extends OncePerRequestFilter {
}
private static boolean handleMissingIpAddress(final HttpServletResponse response) {
boolean processChain;
LOG.error("Failed to get peer IP adress");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
processChain = false;
return processChain;
return false;
}
private boolean handleWriteRequest(final HttpServletResponse response, final String ip) {

View File

@@ -0,0 +1,24 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.security;
/**
* Constants related to security.
*/
public final class SecurityConstants {
/**
* Logger prefix used for security logging.
*/
public static final String SECURITY_LOG_PREFIX = "server-security";
private SecurityConstants() {
}
}

View File

@@ -14,12 +14,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
/**
* Auditor class that allows {@link BaseEntity}s to insert currenlt logged in
* user for repository changes.
*
*
*
*
* Auditor class that allows BaseEntitys to insert current logged in user for
* repository changes.
*
*/
public class SpringSecurityAuditorAware implements AuditorAware<String> {
@@ -29,16 +25,21 @@ public class SpringSecurityAuditorAware implements AuditorAware<String> {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
if (isAuthenticationInvalid(authentication)) {
return null;
}
if (authentication.getPrincipal() != null) {
if (authentication.getPrincipal() instanceof UserDetails) {
return ((UserDetails) authentication.getPrincipal()).getUsername();
}
return authentication.getPrincipal().toString();
return getCurrentAuditor(authentication);
}
private String getCurrentAuditor(final Authentication authentication) {
if (authentication.getPrincipal() instanceof UserDetails) {
return ((UserDetails) authentication.getPrincipal()).getUsername();
}
return null;
return authentication.getPrincipal().toString();
}
private static boolean isAuthenticationInvalid(final Authentication authentication) {
return authentication == null || !authentication.isAuthenticated() || authentication.getPrincipal() == null;
}
}

View File

@@ -0,0 +1,54 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.im.authentication;
import static org.fest.assertions.api.Assertions.assertThat;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.junit.Test;
import org.springframework.context.annotation.Description;
import org.springframework.security.core.GrantedAuthority;
import ru.yandex.qatools.allure.annotations.Features;
import ru.yandex.qatools.allure.annotations.Stories;
/**
* Test {@link SpPermission}.
*/
@Features("Unit Tests - Security")
@Stories("Permission Test")
public final class PermissionTest {
@Test
@Description("Verify the get permission function")
public void testGetPermissions() {
final int allPermission = 15;
final int permissionWithoutSystem = allPermission - 3;
final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
assertThat(allAuthorities).hasSize(allPermission);
assertThat(allAuthoritiesList).hasSize(allPermission);
assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList()))
.containsAll(allAuthorities);
final Collection<String> authoritiesWithoutSystem = SpPermission.getAllAuthorities(SpPermission.SYSTEM_ADMIN,
SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR);
final List<GrantedAuthority> authoritiesListWithoutSystem = PermissionUtils.createAuthorityList(SpPermission
.getAllAuthorities(SpPermission.SYSTEM_ADMIN, SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR));
assertThat(authoritiesWithoutSystem).hasSize(permissionWithoutSystem);
assertThat(authoritiesListWithoutSystem).hasSize(permissionWithoutSystem);
assertThat(authoritiesListWithoutSystem.stream().map(authority -> authority.getAuthority())
.collect(Collectors.toList())).containsAll(authoritiesWithoutSystem);
}
}