Improved AccessContext (#3029)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
@@ -130,7 +130,7 @@ class DdiRootControllerTest extends AbstractDDiApiIntegrationTest {
|
||||
final Target findTargetByControllerID = targetManagement.getByControllerId(knownTargetControllerId);
|
||||
assertThat(findTargetByControllerID.getCreatedBy()).isEqualTo(knownCreatedBy);
|
||||
// make a poll, audit information should not be changed, run as controller principal!
|
||||
callAs(withController("controller", CONTROLLER_ROLE), () -> {
|
||||
callAs(withController("controller"), () -> {
|
||||
mvc.perform(get(CONTROLLER_BASE, AccessContext.tenant(), knownTargetControllerId))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().isOk());
|
||||
@@ -376,7 +376,7 @@ class DdiRootControllerTest extends AbstractDDiApiIntegrationTest {
|
||||
final String knownControllerId1 = "0815";
|
||||
final long create = System.currentTimeMillis();
|
||||
// make a poll, audit information should be set on plug and play
|
||||
callAs(withController("controller", CONTROLLER_ROLE), () -> {
|
||||
callAs(withController("controller"), () -> {
|
||||
mvc.perform(get(CONTROLLER_BASE, AccessContext.tenant(), knownControllerId1))
|
||||
.andDo(MockMvcResultPrinter.print())
|
||||
.andExpect(status().isOk());
|
||||
@@ -385,9 +385,9 @@ class DdiRootControllerTest extends AbstractDDiApiIntegrationTest {
|
||||
// verify
|
||||
assertThat(targetManagement.getByControllerId(knownControllerId1)).satisfies(target -> {
|
||||
assertThat(target.getAddress()).isEqualTo(IpUtil.createHttpUri("127.0.0.1").toString());
|
||||
assertThat(target.getCreatedBy()).isEqualTo("CONTROLLER_PLUG_AND_PLAY");
|
||||
assertThat(target.getCreatedBy()).isEqualTo(CONTROLLER_PLUG_AND_PLAY);
|
||||
assertThat(target.getCreatedAt()).isGreaterThanOrEqualTo(create);
|
||||
assertThat(target.getLastModifiedBy()).isEqualTo("CONTROLLER_PLUG_AND_PLAY");
|
||||
assertThat(target.getLastModifiedBy()).isEqualTo(CONTROLLER_PLUG_AND_PLAY);
|
||||
assertThat(target.getLastModifiedAt()).isGreaterThanOrEqualTo(create);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
#
|
||||
|
||||
# Logging START - activate to see request/response details
|
||||
logging.level.root=WARN
|
||||
#logging.level.org.eclipse.hawkbit.rest.util.MockMvcResultPrinter=DEBUG
|
||||
# Logging END
|
||||
|
||||
|
||||
@@ -12,19 +12,15 @@ package org.eclipse.hawkbit.security.controller;
|
||||
import static org.eclipse.hawkbit.context.AccessContext.asTenant;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import lombok.EqualsAndHashCode;
|
||||
import org.eclipse.hawkbit.auth.SpRole;
|
||||
import org.eclipse.hawkbit.context.Principal;
|
||||
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
|
||||
import org.slf4j.Logger;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
||||
/**
|
||||
* Interface for Authentication mechanism.
|
||||
@@ -65,14 +61,11 @@ public interface Authenticator {
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private static final Collection<GrantedAuthority> CONTROLLER_AUTHORITY =
|
||||
List.of(new SimpleGrantedAuthority(SpRole.CONTROLLER_ROLE));
|
||||
private final String controllerId;
|
||||
private final Principal principal;
|
||||
|
||||
AuthenticatedController(final String tenant, final String controllerId) {
|
||||
super(CONTROLLER_AUTHORITY);
|
||||
super.setDetails(new TenantAwareAuthenticationDetails(tenant, true));
|
||||
this.controllerId = controllerId;
|
||||
super(SpRole.CONTROLLER_AUTHORITIES);
|
||||
this.principal = new Principal(tenant, controllerId);
|
||||
setAuthenticated(true);
|
||||
}
|
||||
|
||||
@@ -83,7 +76,7 @@ public interface Authenticator {
|
||||
|
||||
@Override
|
||||
public Object getPrincipal() {
|
||||
return controllerId;
|
||||
return principal;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationPrope
|
||||
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import org.eclipse.hawkbit.context.Principal;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
|
||||
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
|
||||
@@ -66,7 +67,7 @@ class GatewayTokenAuthenticatorTest {
|
||||
|
||||
assertThat(authenticator.authenticate(securityToken))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CONTROLLER_ID);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CONTROLLER_ID));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -14,6 +14,7 @@ import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationPrope
|
||||
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_HEADER_ENABLED;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import org.eclipse.hawkbit.context.Principal;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
|
||||
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
|
||||
@@ -77,7 +78,7 @@ class SecurityHeaderAuthenticatorTest {
|
||||
|
||||
assertThat(authenticator.authenticate(securityToken))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CA_COMMON_NAME_VALUE);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CA_COMMON_NAME_VALUE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -92,13 +93,13 @@ class SecurityHeaderAuthenticatorTest {
|
||||
|
||||
assertThat(authenticator.authenticate(prepareSecurityToken(SINGLE_AUTHORITY)))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CA_COMMON_NAME_VALUE);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CA_COMMON_NAME_VALUE));
|
||||
assertThat(authenticator.authenticate(prepareSecurityToken(SECOND_AUTHORITY)))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CA_COMMON_NAME_VALUE);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CA_COMMON_NAME_VALUE));
|
||||
assertThat(authenticator.authenticate(prepareSecurityToken(THIRD_AUTHORITY)))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CA_COMMON_NAME_VALUE);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CA_COMMON_NAME_VALUE));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,6 +15,7 @@ import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.eclipse.hawkbit.context.Principal;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
|
||||
@@ -72,7 +73,7 @@ class SecurityTokenAuthenticatorTest {
|
||||
|
||||
assertThat(authenticator.authenticate(securityToken))
|
||||
.isNotNull()
|
||||
.hasFieldOrPropertyWithValue("principal", CONTROLLER_ID);
|
||||
.hasFieldOrPropertyWithValue("principal", new Principal("DEFAULT", CONTROLLER_ID));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user