Apply controller security config to all /{tenant}/controller/v1 but downloads (#2022)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -91,7 +91,7 @@ class ControllerDownloadSecurityConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(301)
|
@Order(300) // higher priority than HawkBit DDI security, so that the DDI DL security is applied first
|
||||||
protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws Exception {
|
protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws Exception {
|
||||||
final AuthenticationManager authenticationManager = ControllerSecurityConfiguration.setAuthenticationManager(
|
final AuthenticationManager authenticationManager = ControllerSecurityConfiguration.setAuthenticationManager(
|
||||||
http, ddiSecurityConfiguration);
|
http, ddiSecurityConfiguration);
|
||||||
|
|||||||
@@ -54,13 +54,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi
|
|||||||
class ControllerSecurityConfiguration {
|
class ControllerSecurityConfiguration {
|
||||||
|
|
||||||
private static final String[] DDI_ANT_MATCHERS = {
|
private static final String[] DDI_ANT_MATCHERS = {
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}",
|
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/**" };
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/confirmationBase/**",
|
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/deploymentBase/**",
|
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/installedBase/**",
|
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/cancelAction/**",
|
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/configData",
|
|
||||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/softwaremodules/{softwareModuleId}/artifacts" };
|
|
||||||
|
|
||||||
private final ControllerManagement controllerManagement;
|
private final ControllerManagement controllerManagement;
|
||||||
private final TenantConfigurationManagement tenantConfigurationManagement;
|
private final TenantConfigurationManagement tenantConfigurationManagement;
|
||||||
@@ -101,7 +95,7 @@ class ControllerSecurityConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(300)
|
@Order(301)
|
||||||
protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exception {
|
protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exception {
|
||||||
final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration);
|
final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration);
|
||||||
|
|
||||||
@@ -146,15 +140,13 @@ class ControllerSecurityConfiguration {
|
|||||||
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||||
|
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests(amrmRegistry ->
|
.authorizeHttpRequests(amrmRegistry -> amrmRegistry.anyRequest().authenticated())
|
||||||
amrmRegistry.anyRequest().authenticated())
|
|
||||||
.anonymous(AbstractHttpConfigurer::disable)
|
.anonymous(AbstractHttpConfigurer::disable)
|
||||||
.addFilter(securityHeaderFilter)
|
.addFilter(securityHeaderFilter)
|
||||||
.addFilter(securityTokenFilter)
|
.addFilter(securityTokenFilter)
|
||||||
.addFilter(gatewaySecurityTokenFilter)
|
.addFilter(gatewaySecurityTokenFilter)
|
||||||
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
||||||
(request, response, authException) ->
|
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
||||||
response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
|
||||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -175,4 +167,4 @@ class ControllerSecurityConfiguration {
|
|||||||
http.authenticationManager(authenticationManager);
|
http.authenticationManager(authenticationManager);
|
||||||
return authenticationManager;
|
return authenticationManager;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user