diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementConfiguration.java index db382dd6c..84846908e 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementConfiguration.java @@ -13,23 +13,18 @@ import java.util.ArrayList; import org.eclipse.hawkbit.im.authentication.MultitenancyIndicator; import org.eclipse.hawkbit.im.authentication.PermissionUtils; import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails; -import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; /** * Auto-configuration for the in-memory-user-management. @@ -39,9 +34,6 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi @ConditionalOnMissingBean(UserDetailsService.class) public class InMemoryUserManagementConfiguration extends GlobalAuthenticationConfigurerAdapter { - @Autowired - private AuthenticationConfiguration configuration; - @Override public void configure(final AuthenticationManagerBuilder auth) throws Exception { final DaoAuthenticationProvider userDaoAuthenticationProvider = new TenantDaoAuthenticationProvider(); @@ -81,26 +73,4 @@ public class InMemoryUserManagementConfiguration extends GlobalAuthenticationCon return result; } } - - /** - * @return the {@link UserAuthenticationFilter} to include into the SP - * security configuration. - * @throws Exception - * lazy bean exception maybe if the authentication manager - * cannot be instantiated - */ - @Bean - @ConditionalOnMissingBean - public UserAuthenticationFilter userAuthenticationFilter() throws Exception { - return new UserAuthenticationFilterBasicAuth(configuration.getAuthenticationManager()); - } - - private static final class UserAuthenticationFilterBasicAuth extends BasicAuthenticationFilter - implements UserAuthenticationFilter { - - private UserAuthenticationFilterBasicAuth(final AuthenticationManager authenticationManager) { - super(authenticationManager); - } - - } } \ No newline at end of file diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index 07aaffe24..fc7a0a1e4 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -50,6 +50,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.boot.context.embedded.FilterRegistrationBean; import org.springframework.boot.context.embedded.ServletListenerRegistrationBean; @@ -61,6 +62,7 @@ import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.WebSecurityConfigurer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -76,6 +78,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode; @@ -103,6 +106,31 @@ public class SecurityManagedConfiguration { @Autowired private HawkbitSecurityProperties securityProperties; + @Autowired + private AuthenticationConfiguration configuration; + + /** + * @return the {@link UserAuthenticationFilter} to include into the SP + * security configuration. + * @throws Exception + * lazy bean exception maybe if the authentication manager + * cannot be instantiated + */ + @Bean + @ConditionalOnMissingBean + public UserAuthenticationFilter userAuthenticationFilter() throws Exception { + return new UserAuthenticationFilterBasicAuth(configuration.getAuthenticationManager()); + } + + private static final class UserAuthenticationFilterBasicAuth extends BasicAuthenticationFilter + implements UserAuthenticationFilter { + + private UserAuthenticationFilterBasicAuth(final AuthenticationManager authenticationManager) { + super(authenticationManager); + } + + } + /** * {@link WebSecurityConfigurer} for the internal SP controller API. */