Apply controller security config to all /{tenant}/controller/v1 but downloads (#2022)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-11-12 17:10:22 +02:00
committed by GitHub
parent 7902b89268
commit ca59da85b2
2 changed files with 6 additions and 14 deletions

View File

@@ -91,7 +91,7 @@ class ControllerDownloadSecurityConfiguration {
} }
@Bean @Bean
@Order(301) @Order(300) // higher priority than HawkBit DDI security, so that the DDI DL security is applied first
protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws Exception { protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws Exception {
final AuthenticationManager authenticationManager = ControllerSecurityConfiguration.setAuthenticationManager( final AuthenticationManager authenticationManager = ControllerSecurityConfiguration.setAuthenticationManager(
http, ddiSecurityConfiguration); http, ddiSecurityConfiguration);

View File

@@ -54,13 +54,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi
class ControllerSecurityConfiguration { class ControllerSecurityConfiguration {
private static final String[] DDI_ANT_MATCHERS = { private static final String[] DDI_ANT_MATCHERS = {
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}", DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/**" };
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/confirmationBase/**",
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/deploymentBase/**",
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/installedBase/**",
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/cancelAction/**",
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/configData",
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/softwaremodules/{softwareModuleId}/artifacts" };
private final ControllerManagement controllerManagement; private final ControllerManagement controllerManagement;
private final TenantConfigurationManagement tenantConfigurationManagement; private final TenantConfigurationManagement tenantConfigurationManagement;
@@ -101,7 +95,7 @@ class ControllerSecurityConfiguration {
} }
@Bean @Bean
@Order(300) @Order(301)
protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exception { protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exception {
final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration); final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration);
@@ -146,15 +140,13 @@ class ControllerSecurityConfiguration {
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource); gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
http http
.authorizeHttpRequests(amrmRegistry -> .authorizeHttpRequests(amrmRegistry -> amrmRegistry.anyRequest().authenticated())
amrmRegistry.anyRequest().authenticated())
.anonymous(AbstractHttpConfigurer::disable) .anonymous(AbstractHttpConfigurer::disable)
.addFilter(securityHeaderFilter) .addFilter(securityHeaderFilter)
.addFilter(securityTokenFilter) .addFilter(securityTokenFilter)
.addFilter(gatewaySecurityTokenFilter) .addFilter(gatewaySecurityTokenFilter)
.exceptionHandling(configurer -> configurer.authenticationEntryPoint( .exceptionHandling(configurer -> configurer.authenticationEntryPoint(
(request, response, authException) -> (request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
response.setStatus(HttpStatus.UNAUTHORIZED.value())))
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
} }