diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java index 10ca05119..2cc95d581 100644 --- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java +++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerDownloadSecurityConfiguration.java @@ -91,7 +91,7 @@ class ControllerDownloadSecurityConfiguration { } @Bean - @Order(301) + @Order(300) // higher priority than HawkBit DDI security, so that the DDI DL security is applied first protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws Exception { final AuthenticationManager authenticationManager = ControllerSecurityConfiguration.setAuthenticationManager( http, ddiSecurityConfiguration); diff --git a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java index 5717cc774..09331da82 100644 --- a/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java +++ b/hawkbit-ddi/hawkbit-ddi-starter/src/main/java/org/eclipse/hawkbit/autoconfigure/ddi/ControllerSecurityConfiguration.java @@ -54,13 +54,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi class ControllerSecurityConfiguration { private static final String[] DDI_ANT_MATCHERS = { - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/confirmationBase/**", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/deploymentBase/**", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/installedBase/**", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/cancelAction/**", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/configData", - DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/softwaremodules/{softwareModuleId}/artifacts" }; + DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/**" }; private final ControllerManagement controllerManagement; private final TenantConfigurationManagement tenantConfigurationManagement; @@ -101,7 +95,7 @@ class ControllerSecurityConfiguration { } @Bean - @Order(300) + @Order(301) protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exception { final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration); @@ -146,15 +140,13 @@ class ControllerSecurityConfiguration { gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource); http - .authorizeHttpRequests(amrmRegistry -> - amrmRegistry.anyRequest().authenticated()) + .authorizeHttpRequests(amrmRegistry -> amrmRegistry.anyRequest().authenticated()) .anonymous(AbstractHttpConfigurer::disable) .addFilter(securityHeaderFilter) .addFilter(securityTokenFilter) .addFilter(gatewaySecurityTokenFilter) .exceptionHandling(configurer -> configurer.authenticationEntryPoint( - (request, response, authException) -> - response.setStatus(HttpStatus.UNAUTHORIZED.value()))) + (request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value()))) .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); } @@ -175,4 +167,4 @@ class ControllerSecurityConfiguration { http.authenticationManager(authenticationManager); return authenticationManager; } -} +} \ No newline at end of file