Feature/add tenant and user into mdc (#1806)

* Add MDC

* Add tenant/user into MDC in order to be possible to be used in logging

Enabled by default. Could be disabled via hawkbit.logging.mdchandler.enable=false

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>

---------

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-08-09 14:27:07 +03:00
committed by GitHub
parent bcafdbdb86
commit c8321fdb44
5 changed files with 189 additions and 33 deletions

View File

@@ -178,8 +178,7 @@ public class OidcUserManagementAutoConfiguration {
}
/**
* Utility class to extract authorities out of the jwt. It interprets the user's
* role as their authorities.
* Utility class to extract authorities out of the jwt. It interprets the user's role as their authorities.
*/
private record DefaultJwtAuthoritiesExtractor(GrantedAuthoritiesMapper authoritiesMapper) implements JwtAuthoritiesExtractor {
@@ -220,4 +219,4 @@ public class OidcUserManagementAutoConfiguration {
return new LinkedHashSet<>(authorities);
}
}
}
}

View File

@@ -21,6 +21,7 @@ import org.eclipse.hawkbit.im.authentication.TenantAwareUserProperties.User;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.security.InMemoryUserAuthoritiesResolver;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import org.eclipse.hawkbit.security.MDCHandler;
import org.eclipse.hawkbit.security.SecurityContextSerializer;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SecurityTokenGenerator;
@@ -121,36 +122,30 @@ public class SecurityAutoConfiguration {
return new SystemSecurityContext(tenantAware, roleHierarchy);
}
/**
* @return {@link SecurityTokenGenerator} bean
*/
@Bean
@ConditionalOnMissingBean
public MDCHandler mdcHandler() {
return MDCHandler.getInstance();
}
@Bean
@ConditionalOnMissingBean
public SecurityTokenGenerator securityTokenGenerator() {
return new SecurityTokenGenerator();
}
/**
* @return {@link AuthenticationSuccessHandler} bean
*/
@Bean
@ConditionalOnMissingBean
public AuthenticationSuccessHandler authenticationSuccessHandler() {
return new SimpleUrlAuthenticationSuccessHandler();
}
/**
* @return {@link LogoutHandler} bean
*/
@Bean
@ConditionalOnMissingBean
public LogoutHandler logoutHandler() {
return new SecurityContextLogoutHandler();
}
/**
* @return {@link LogoutSuccessHandler} bean
*/
@Bean
@ConditionalOnMissingBean
public LogoutSuccessHandler logoutSuccessHandler() {

View File

@@ -35,6 +35,7 @@ import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateSecurityTokenFi
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedGatewaySecurityTokenFilter;
import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedSecurityHeaderFilter;
import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
import org.eclipse.hawkbit.security.MDCHandler;
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
@@ -57,7 +58,6 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
@@ -206,6 +206,8 @@ public class SecurityManagedConfiguration {
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
}
MDCHandler.getInstance().addLoggingFilter(http);
return http.build();
}
}
@@ -321,6 +323,8 @@ public class SecurityManagedConfiguration {
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
}
MDCHandler.getInstance().addLoggingFilter(http);
return http.build();
}
}
@@ -383,6 +387,8 @@ public class SecurityManagedConfiguration {
.addFilterBefore(downloadIdAuthenticationFilter, AuthorizationFilter.class)
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
MDCHandler.getInstance().addLoggingFilter(http);
return http.build();
}
}
@@ -485,6 +491,8 @@ public class SecurityManagedConfiguration {
httpSecurityCustomizer.customize(http);
}
MDCHandler.getInstance().addLoggingFilter(http);
return http.build();
}
@@ -521,7 +529,6 @@ public class SecurityManagedConfiguration {
return firewall;
}
private static class IgnorePathsStrictHttpFirewall extends StrictHttpFirewall {
private final Collection<String> pathsToIgnore;