Remove hard servlet dependency from SystemSecurityContext (#1812)
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
@@ -206,7 +206,7 @@ public class SecurityManagedConfiguration {
|
|||||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
}
|
}
|
||||||
|
|
||||||
MDCHandler.getInstance().addLoggingFilter(http);
|
MDCHandler.Filter.addLoggingFilter(http);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
@@ -323,7 +323,7 @@ public class SecurityManagedConfiguration {
|
|||||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
}
|
}
|
||||||
|
|
||||||
MDCHandler.getInstance().addLoggingFilter(http);
|
MDCHandler.Filter.addLoggingFilter(http);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
@@ -387,7 +387,7 @@ public class SecurityManagedConfiguration {
|
|||||||
.addFilterBefore(downloadIdAuthenticationFilter, AuthorizationFilter.class)
|
.addFilterBefore(downloadIdAuthenticationFilter, AuthorizationFilter.class)
|
||||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||||
|
|
||||||
MDCHandler.getInstance().addLoggingFilter(http);
|
MDCHandler.Filter.addLoggingFilter(http);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
@@ -491,7 +491,7 @@ public class SecurityManagedConfiguration {
|
|||||||
httpSecurityCustomizer.customize(http);
|
httpSecurityCustomizer.customize(http);
|
||||||
}
|
}
|
||||||
|
|
||||||
MDCHandler.getInstance().addLoggingFilter(http);
|
MDCHandler.Filter.addLoggingFilter(http);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,6 +9,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.security;
|
package org.eclipse.hawkbit.security;
|
||||||
|
|
||||||
|
import ch.qos.logback.classic.turbo.MDCFilter;
|
||||||
import jakarta.servlet.FilterChain;
|
import jakarta.servlet.FilterChain;
|
||||||
import jakarta.servlet.ServletException;
|
import jakarta.servlet.ServletException;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
@@ -76,36 +77,6 @@ public class MDCHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void addLoggingFilter(final HttpSecurity httpSecurity) {
|
|
||||||
httpSecurity.addFilterBefore(new OncePerRequestFilter() {
|
|
||||||
@Override
|
|
||||||
protected void doFilterInternal(
|
|
||||||
final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
|
|
||||||
throws ServletException, IOException {
|
|
||||||
try {
|
|
||||||
withLogging(() -> {
|
|
||||||
filterChain.doFilter(request, response);
|
|
||||||
return null;
|
|
||||||
});
|
|
||||||
} catch (final RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (final WrappedException we) {
|
|
||||||
final Throwable cause = we.getCause();
|
|
||||||
if (cause instanceof ServletException se) {
|
|
||||||
throw se;
|
|
||||||
} else if (cause instanceof IOException ioe) {
|
|
||||||
throw ioe;
|
|
||||||
} else {
|
|
||||||
throw we.toRuntimeException();
|
|
||||||
}
|
|
||||||
} catch (final Exception e) {
|
|
||||||
// should never be here - if mdc is handler is enabled non-runtime exceptions are always wrapped
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}, AuthorizationFilter.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
private <T> T putUserAndCall(final Callable<T> callable) throws WrappedException {
|
private <T> T putUserAndCall(final Callable<T> callable) throws WrappedException {
|
||||||
final String user = springSecurityAuditorAware
|
final String user = springSecurityAuditorAware
|
||||||
.getCurrentAuditor()
|
.getCurrentAuditor()
|
||||||
@@ -151,4 +122,40 @@ public class MDCHandler {
|
|||||||
return new RuntimeException(getCause() == null ? this : getCause());
|
return new RuntimeException(getCause() == null ? this : getCause());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class Filter {
|
||||||
|
|
||||||
|
public static void addLoggingFilter(final HttpSecurity httpSecurity) {
|
||||||
|
httpSecurity.addFilterBefore(new OncePerRequestFilter() {
|
||||||
|
|
||||||
|
private final MDCHandler mdcFilter = MDCHandler.getInstance();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(
|
||||||
|
final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
try {
|
||||||
|
mdcFilter.withLogging(() -> {
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
} catch (final RuntimeException re) {
|
||||||
|
throw re;
|
||||||
|
} catch (final WrappedException we) {
|
||||||
|
final Throwable cause = we.getCause();
|
||||||
|
if (cause instanceof ServletException se) {
|
||||||
|
throw se;
|
||||||
|
} else if (cause instanceof IOException ioe) {
|
||||||
|
throw ioe;
|
||||||
|
} else {
|
||||||
|
throw we.toRuntimeException();
|
||||||
|
}
|
||||||
|
} catch (final Exception e) {
|
||||||
|
// should never be here - if mdc is handler is enabled non-runtime exceptions are always wrapped
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}, AuthorizationFilter.class);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user