Spring Boot 2.0 (#721)

* Migration to Boot 2.0.

Signed-off-by: Kai Zimmermann <kai.zimmermann@microsoft.com>

hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/PermissionUtils.java

@@ -8,9 +8,8 @@
  */
 package org.eclipse.hawkbit.im.authentication;
 
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.List;
+import java.util.stream.Collectors;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -20,36 +19,16 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
  */
 public final class PermissionUtils {
 
-    private PermissionUtils() {
+	private PermissionUtils() {
 
-    }
+	}
 
-    /**
-     * Create {@link GrantedAuthority} by a special role.
-     * 
-     * @param roles
-     *            the roles
-     * @return a list of {@link GrantedAuthority}
-     */
-    public static List<GrantedAuthority> createAuthorityList(final Collection<String> roles) {
-        final List<GrantedAuthority> authorities = new ArrayList<>(roles.size());
-
-        for (final String role : roles) {
-            authorities.add(new SimpleGrantedAuthority(role));
-            // add spring security ROLE authority which is indicated by the
-            // `ROLE_` prefix
-            authorities.add(new SimpleGrantedAuthority("ROLE_" + role));
-        }
-
-        return authorities;
-    }
-
-    /**
-     * Returns all authorities.
-     * 
-     * @return a list of {@link GrantedAuthority}
-     */
-    public static List<GrantedAuthority> createAllAuthorityList() {
-        return createAuthorityList(SpPermission.getAllAuthorities());
-    }
+	/**
+	 * Returns all authorities.
+	 * 
+	 * @return a list of {@link GrantedAuthority}
+	 */
+	public static List<GrantedAuthority> createAllAuthorityList() {
+		return SpPermission.getAllAuthorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
+	}
 }

hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/HawkbitSecurityProperties.java

@@ -25,6 +25,33 @@ public class HawkbitSecurityProperties {
      */
     private String contentSecurityPolicy;
 
+    /**
+     * Secure access enforced.
+     */
+    private boolean requireSsl;
+
+    /**
+     * Basic authentication realm, see
+     * https://tools.ietf.org/html/rfc2617#page-3 .
+     */
+    private String basicRealm = "hawkBit";
+
+    public boolean isRequireSsl() {
+        return requireSsl;
+    }
+
+    public void setRequireSsl(final boolean requireSsl) {
+        this.requireSsl = requireSsl;
+    }
+
+    public String getBasicRealm() {
+        return basicRealm;
+    }
+
+    public void setBasicRealm(final String basicRealm) {
+        this.basicRealm = basicRealm;
+    }
+
     public String getContentSecurityPolicy() {
         return contentSecurityPolicy;
     }

hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/SpringSecurityAuditorAware.java

@@ -8,6 +8,8 @@
  */
 package org.eclipse.hawkbit.security;
 
+import java.util.Optional;
+
 import org.springframework.data.domain.AuditorAware;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -21,18 +23,18 @@ import org.springframework.security.core.userdetails.UserDetails;
 public class SpringSecurityAuditorAware implements AuditorAware<String> {
 
     @Override
-    public String getCurrentAuditor() {
+    public Optional<String> getCurrentAuditor() {
 
         final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
         if (isAuthenticationInvalid(authentication)) {
-            return null;
+            return Optional.empty();
         }
 
-        return getCurrentAuditor(authentication);
+        return Optional.ofNullable(getCurrentAuditor(authentication));
     }
 
-    private String getCurrentAuditor(final Authentication authentication) {
+    private static String getCurrentAuditor(final Authentication authentication) {
         if (authentication.getPrincipal() instanceof UserDetails) {
             return ((UserDetails) authentication.getPrincipal()).getUsername();
         }

hawkbit-security-core/src/main/java/org/eclipse/hawkbit/util/IpUtil.java

@@ -22,12 +22,14 @@ import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
  * from a {@link HttpServletRequest}.
  *
  */
+// Exception squid:S2083 - false positive, file paths not handled here
+@SuppressWarnings("squid:S2083")
 public final class IpUtil {
 
     private static final String HIDDEN_IP = "***";
     private static final String SCHEME_SEPERATOR = "://";
     private static final String HTTP_SCHEME = "http";
-    private static final String AMPQP_SCHEME = "amqp";
+    private static final String AMQP_SCHEME = "amqp";
     private static final Pattern IPV4_ADDRESS_PATTERN = Pattern
             .compile("([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})");
 
@@ -139,10 +141,10 @@ public final class IpUtil {
      *            the exchange will store in the path
      * @return the {@link URI}
      * @throws IllegalArgumentException
-     *             If the given string not parsable
+     *             If the given string not parse able
      */
     public static URI createAmqpUri(final String host, final String exchange) {
-        return createUri(AMPQP_SCHEME, host).resolve("/" + exchange);
+        return createUri(AMQP_SCHEME, host).resolve("/" + exchange);
     }
 
     /**
@@ -177,7 +179,7 @@ public final class IpUtil {
      * @return true = is http host false = not
      */
     public static boolean isAmqpUri(final URI uri) {
-        return uri != null && AMPQP_SCHEME.equals(uri.getScheme());
+        return uri != null && AMQP_SCHEME.equals(uri.getScheme());
     }
 
     /**
@@ -189,7 +191,7 @@ public final class IpUtil {
      * @return <code>true</code> if IP address is actually known by the server
      */
     public static boolean isIpAddresKnown(final URI uri) {
-        return uri != null && !(AMPQP_SCHEME.equals(uri.getScheme()) || HIDDEN_IP.equals(uri.getHost()));
+        return uri != null && !(AMQP_SCHEME.equals(uri.getScheme()) || HIDDEN_IP.equals(uri.getHost()));
     }
 
 }

hawkbit-security-core/src/test/java/org/eclipse/hawkbit/im/authentication/PermissionTest.java

@@ -28,17 +28,16 @@ import io.qameta.allure.Story;
 @Story("Permission Test")
 public final class PermissionTest {
 
-    @Test
-    @Description("Verify the get permission function")
-    public void testGetPermissions() {
-        final int allPermission = 18;
-        final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
-        final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
-        assertThat(allAuthorities).hasSize(allPermission);
-        // times 2 because we add also all authorities as prefix 'ROLE_';
-        assertThat(allAuthoritiesList).hasSize(allPermission * 2);
-        assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList()))
-                .containsAll(allAuthorities);
+	@Test
+	@Description("Verify the get permission function")
+	public void testGetPermissions() {
+		final int allPermission = 18;
+		final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
+		final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
+		assertThat(allAuthorities).hasSize(allPermission);
+		assertThat(allAuthoritiesList).hasSize(allPermission);
+		assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList()))
+				.containsAll(allAuthorities);
 
-    }
+	}
 }