Fix EntityMatcher when for Identifiable.getId (#2724)

* Fix EntityMatcher to process properly filters of type targetType.id - to resolve correctly the getter return type Long not T
* Add AutoAsssignTest access control test
* Simplify rest of the ACM tests

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-10-07 15:26:04 +03:00
committed by GitHub
parent 6907931eb6
commit cc36ca8801
18 changed files with 508 additions and 297 deletions

View File

@@ -9,9 +9,9 @@
*/
package org.eclipse.hawkbit.im.authentication;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.HashSet;
import java.util.Set;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
@@ -124,8 +124,11 @@ public final class SpPermission {
TENANT_CONFIGURATION + IMPLY + READ_GATEWAY_SECURITY_TOKEN + LINE_BREAK;
// @formatter:on
private static final SingletonSupplier<List<String>> ALL_AUTHORITIES = SingletonSupplier.of(() -> {
final List<String> allPermissions = new ArrayList<>();
private static final SingletonSupplier<Set<String>> ALL_AUTHORITIES = SingletonSupplier.of(() -> getAuthorities(false));
private static final SingletonSupplier<Set<String>> ALL_TENANT_AUTHORITIES = SingletonSupplier.of(() -> getAuthorities(true));
private static Set<String> getAuthorities(final boolean tenant) {
final Set<String> allPermissions = new HashSet<>();
// groups with access, canonical
for (final String group : new String[] {
@@ -150,18 +153,19 @@ public final class SpPermission {
}
allPermissions.add(TENANT_CONFIGURATION);
// system permission, (!) take care with
allPermissions.add(SYSTEM_ADMIN);
if (!tenant) {
// system permission, (!) take care with
allPermissions.add(SYSTEM_ADMIN);
}
return Collections.unmodifiableList(allPermissions);
});
return Collections.unmodifiableSet(allPermissions);
}
/**
* Return all permission.
*
* @return all permissions
*/
public static List<String> getAllAuthorities() {
public static Set<String> getAllAuthorities() {
return ALL_AUTHORITIES.get();
}
public static Set<String> getAllTenantAuthorities() {
return ALL_TENANT_AUTHORITIES.get();
}
}

View File

@@ -12,8 +12,9 @@ package org.eclipse.hawkbit.security;
import static org.assertj.core.api.Assertions.assertThat;
import static org.eclipse.hawkbit.security.SecurityContextSerializer.JSON_SERIALIZATION;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
@@ -27,7 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
class SecurityContextSerializerTest {
private static final List<String> AUTHORITIES = SpPermission.getAllAuthorities();
private static final Set<String> AUTHORITIES = SpPermission.getAllAuthorities();
@Test
void testJsonSerialization() {
@@ -42,7 +43,7 @@ class SecurityContextSerializerTest {
final SecurityContext deserialized = JSON_SERIALIZATION.deserialize(serialized);
final Authentication authentication = deserialized.getAuthentication();
assertThat(SpringSecurityAuditorAware.resolveAuditor(authentication)).hasToString("user");
assertThat(authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList()).isEqualTo(AUTHORITIES);
assertThat(authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())).isEqualTo(AUTHORITIES);
assertThat(authentication.isAuthenticated()).isTrue();
assertThat(authentication.getDetails()).isEqualTo(details);
}
@@ -75,7 +76,7 @@ class SecurityContextSerializerTest {
final SecurityContext deserialized = JSON_SERIALIZATION.deserialize(serialized);
final Authentication authentication = deserialized.getAuthentication();
assertThat(SpringSecurityAuditorAware.resolveAuditor(authentication)).hasToString("user");
assertThat(authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).toList()).isEqualTo(AUTHORITIES);
assertThat(authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet())).isEqualTo(AUTHORITIES);
assertThat(authentication.isAuthenticated()).isTrue();
assertThat(authentication.getDetails()).isEqualTo(details);
}