Remove download by downloadId functionality (#1820)

This functionallity seems to get via AMQP (after some authentication) a private (wihtout need of authentication) url to an artifact assigned to the controller. By default, DDI or DMF shall provide proper urls (for direct download) to devices and if they have to be without authentication this shall be solved in different ways - for instance separate download server providing dedicated private / signed urls. This functinallity is not a real hawkBit part but more like something intended to solve some edge cases. Since it is complicated, heeds support, doesn't solve wide spread use cases, and could be achieved with other means - better to be removed. Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
2024-08-14 17:28:46 +03:00
parent 12928a5939
commit d958d8e82c
26 changed files with 36 additions and 2448 deletions
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/cache/DownloadIdCacheAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/cache/DownloadIdCacheAutoConfiguration.java
@@ -1,42 +0,0 @@
-/**
- * Copyright (c) 2015 Bosch Software Innovations GmbH and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- */
-package org.eclipse.hawkbit.autoconfigure.cache;
-
-import org.eclipse.hawkbit.cache.DefaultDownloadIdCache;
-import org.eclipse.hawkbit.cache.DownloadIdCache;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.cache.CacheManager;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * A configuration for configuring a cache for the download id's.
- *
- * This is done by providing a named cache.
- */
-@Configuration
-public class DownloadIdCacheAutoConfiguration {
-
-    /**
-     * Bean for the downloadId cache that returns the DefaultDownloadIdCache.
-     * The DefaultDownloadIdCache cannot be used within a cluster because the
-     * downloadId cache is not shared among notes. This means, a downloadId
-     * which is stored on note A for downloading an artifact can only be used
-     * for downloading the artifact form node A.
-     * 
-     * @return the DefaultDownloadIdCache
-     */
-    @Bean
-    @ConditionalOnMissingBean
-    public DownloadIdCache downloadIdCache(final CacheManager cacheManager) {
-        return new DefaultDownloadIdCache(cacheManager);
-    }
-
-}
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
@@ -16,7 +16,6 @@ import java.util.List;
 import jakarta.servlet.http.HttpServletRequest;

 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.hawkbit.cache.DownloadIdCache;
 import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
 import org.eclipse.hawkbit.ddi.rest.resource.DdiApiConfiguration;
 import org.eclipse.hawkbit.im.authentication.SpPermission;
@@ -34,7 +33,6 @@ import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateAnonymousDownlo
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateSecurityTokenFilter;
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedGatewaySecurityTokenFilter;
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedSecurityHeaderFilter;
-import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
 import org.eclipse.hawkbit.security.MDCHandler;
 import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
@@ -76,8 +74,7 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;

 /**
- * All configurations related to HawkBit's authentication and authorization
- * layer.
+ * All configurations related to HawkBit's authentication and authorization layer.
 */
@Slf4j
@Configuration
@@ -359,40 +356,6 @@ public class SecurityManagedConfiguration {
        return filterRegBean;
    }

-    /**
-     * Security config to handle and filter the download ids.
-     */
-    @Configuration
-    @EnableWebSecurity
-    @ConditionalOnClass(MgmtApiConfiguration.class)
-    public static class IdRestSecurityConfigurationAdapter {
-
-        @Bean
-        @Order(320)
-        protected SecurityFilterChain filterChainDLID(
-                final HttpSecurity http,
-                final DdiSecurityProperties ddiSecurityConfiguration, final DownloadIdCache downloadIdCache)
-                throws Exception {
-            final AuthenticationManager authenticationManager = setAuthenticationManager(http, ddiSecurityConfiguration);
-
-            final HttpDownloadAuthenticationFilter downloadIdAuthenticationFilter = new HttpDownloadAuthenticationFilter(
-                    downloadIdCache);
-            downloadIdAuthenticationFilter.setAuthenticationManager(authenticationManager);
-
-            http
-                    .securityMatcher(MgmtRestConstants.DOWNLOAD_ID_V1_REQUEST_MAPPING_BASE + "/downloadId/*/*")
-                    .authorizeHttpRequests(armrRepository -> armrRepository.anyRequest().authenticated())
-                    .csrf(AbstractHttpConfigurer::disable)
-                    .anonymous(AbstractHttpConfigurer::disable)
-                    .addFilterBefore(downloadIdAuthenticationFilter, AuthorizationFilter.class)
-                    .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
-
-            MDCHandler.Filter.addLoggingFilter(http);
-
-            return http.build();
-        }
-    }
-
    /**
     * Security configuration for the REST management API.
     */
@@ -420,8 +383,7 @@ public class SecurityManagedConfiguration {
                    securityProperties.getDos().getFilter(), securityProperties.getClients());
            filterRegBean.setUrlPatterns(List.of(
                    MgmtRestConstants.BASE_REST_MAPPING + "/*",
-                    MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/*",
-                    MgmtRestConstants.DOWNLOAD_ID_V1_REQUEST_MAPPING_BASE + "/*"));
+                    MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/*"));
            filterRegBean.setOrder(DOS_FILTER_ORDER);
            filterRegBean.setName("dosMgmtFilter");

--- a/hawkbit-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/hawkbit-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -1,5 +1,4 @@
 org.eclipse.hawkbit.autoconfigure.cache.CacheAutoConfiguration
-org.eclipse.hawkbit.autoconfigure.cache.DownloadIdCacheAutoConfiguration
 org.eclipse.hawkbit.autoconfigure.ddi.DDiApiAutoConfiguration
 org.eclipse.hawkbit.autoconfigure.dmf.amqp.DmfApiAutoConfiguration
 org.eclipse.hawkbit.autoconfigure.mgmt.MgmtApiAutoConfiguration