diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java index 18ae677b9..43d22652e 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java @@ -135,23 +135,6 @@ public class SecurityManagedConfiguration { } - @Bean - @ConditionalOnMissingBean - public HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter( - final DdiSecurityProperties ddiSecurityConfiguration, - final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, - final SystemSecurityContext systemSecurityContext, final AuthenticationManager authenticationManager){ - - final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter( - ddiSecurityConfiguration.getRp().getCnHeader(), - ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), tenantConfigurationManagement, tenantAware, - systemSecurityContext); - securityHeaderFilter.setAuthenticationManager(authenticationManager); - securityHeaderFilter.setCheckForPrincipalChanges(true); - securityHeaderFilter.setAuthenticationDetailsSource(new ControllerTenantAwareAuthenticationDetailsSource()); - return securityHeaderFilter; - } - /** * {@link WebSecurityConfigurer} for the hawkBit server DDI interface. */ @@ -173,27 +156,24 @@ public class SecurityManagedConfiguration { private final DdiSecurityProperties ddiSecurityConfiguration; private final SecurityProperties springSecurityProperties; private final SystemSecurityContext systemSecurityContext; - private final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter; @Autowired ControllerSecurityConfigurationAdapter(final ControllerManagement controllerManagement, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final DdiSecurityProperties ddiSecurityConfiguration, final SecurityProperties springSecurityProperties, - final SystemSecurityContext systemSecurityContext, - final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter) { + final SystemSecurityContext systemSecurityContext) { this.controllerManagement = controllerManagement; this.tenantConfigurationManagement = tenantConfigurationManagement; this.tenantAware = tenantAware; this.ddiSecurityConfiguration = ddiSecurityConfiguration; this.springSecurityProperties = springSecurityProperties; this.systemSecurityContext = systemSecurityContext; - this.securityHeaderFilter = securityHeaderFilter; } /** * Filter to protect the hawkBit server DDI interface against to many * requests. - * + * * @param securityProperties * for filter configuration * @@ -217,7 +197,13 @@ public class SecurityManagedConfiguration { final ControllerTenantAwareAuthenticationDetailsSource authenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource(); + final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter( + ddiSecurityConfiguration.getRp().getCnHeader(), + ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), tenantConfigurationManagement, + tenantAware, systemSecurityContext); securityHeaderFilter.setAuthenticationManager(authenticationManager()); + securityHeaderFilter.setCheckForPrincipalChanges(true); + securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource); final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter( tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext); @@ -286,27 +272,24 @@ public class SecurityManagedConfiguration { private final DdiSecurityProperties ddiSecurityConfiguration; private final SecurityProperties springSecurityProperties; private final SystemSecurityContext systemSecurityContext; - private final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter; @Autowired ControllerDownloadSecurityConfigurationAdapter(final ControllerManagement controllerManagement, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final DdiSecurityProperties ddiSecurityConfiguration, final SecurityProperties springSecurityProperties, - final SystemSecurityContext systemSecurityContext, - final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter) { + final SystemSecurityContext systemSecurityContext) { this.controllerManagement = controllerManagement; this.tenantConfigurationManagement = tenantConfigurationManagement; this.tenantAware = tenantAware; this.ddiSecurityConfiguration = ddiSecurityConfiguration; this.springSecurityProperties = springSecurityProperties; this.systemSecurityContext = systemSecurityContext; - this.securityHeaderFilter = securityHeaderFilter; } /** * Filter to protect the hawkBit server DDI download interface against * to many requests. - * + * * @param securityProperties * for filter configuration * @@ -330,7 +313,13 @@ public class SecurityManagedConfiguration { final ControllerTenantAwareAuthenticationDetailsSource authenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource(); + final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter( + ddiSecurityConfiguration.getRp().getCnHeader(), + ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), tenantConfigurationManagement, + tenantAware, systemSecurityContext); securityHeaderFilter.setAuthenticationManager(authenticationManager()); + securityHeaderFilter.setCheckForPrincipalChanges(true); + securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource); final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter( tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext); @@ -390,7 +379,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server system management interface against * to many requests. - * + * * @param securityProperties * for filter configuration * @@ -484,7 +473,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit server Management interface against to * many requests. - * + * * @param securityProperties * for filter configuration * @@ -564,7 +553,7 @@ public class SecurityManagedConfiguration { /** * Filter to protect the hawkBit management UI against to many requests. - * + * * @param securityProperties * for filter configuration *