Remove download by downloadId functionality (#1820)
This functionallity seems to get via AMQP (after some authentication) a private (wihtout need of authentication) url to an artifact assigned to the controller. By default, DDI or DMF shall provide proper urls (for direct download) to devices and if they have to be without authentication this shall be solved in different ways - for instance separate download server providing dedicated private / signed urls. This functinallity is not a real hawkBit part but more like something intended to solve some edge cases. Since it is complicated, heeds support, doesn't solve wide spread use cases, and could be achieved with other means - better to be removed. Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -1,240 +0,0 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.amqp;
|
||||
|
||||
import java.net.URISyntaxException;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.api.HostnameResolver;
|
||||
import org.eclipse.hawkbit.cache.DownloadArtifactCache;
|
||||
import org.eclipse.hawkbit.cache.DownloadIdCache;
|
||||
import org.eclipse.hawkbit.cache.DownloadType;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfArtifact;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfArtifactHash;
|
||||
import org.eclipse.hawkbit.dmf.json.model.DmfDownloadResponse;
|
||||
import org.eclipse.hawkbit.repository.ArtifactManagement;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.exception.EntityNotFoundException;
|
||||
import org.eclipse.hawkbit.repository.model.Artifact;
|
||||
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.amqp.AmqpRejectAndDontRequeueException;
|
||||
import org.springframework.amqp.core.Message;
|
||||
import org.springframework.amqp.rabbit.annotation.RabbitListener;
|
||||
import org.springframework.amqp.rabbit.core.RabbitTemplate;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.CredentialsExpiredException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
/**
|
||||
*
|
||||
* {@link AmqpMessageHandlerService} handles all incoming target authentication
|
||||
* AMQP messages that can be used by 3rd party CDN services to check if a target
|
||||
* is permitted to download certain artifact. This is handled by the queue that
|
||||
* is configured for the property
|
||||
* hawkbit.dmf.rabbitmq.authenticationReceiverQueue.
|
||||
*/
|
||||
@Slf4j
|
||||
public class AmqpAuthenticationMessageHandler extends BaseAmqpService {
|
||||
|
||||
private final AmqpControllerAuthentication authenticationManager;
|
||||
|
||||
private final ArtifactManagement artifactManagement;
|
||||
|
||||
private final DownloadIdCache cache;
|
||||
|
||||
private final HostnameResolver hostnameResolver;
|
||||
|
||||
private final ControllerManagement controllerManagement;
|
||||
|
||||
private final TenantAware tenantAware;
|
||||
|
||||
/**
|
||||
* @param rabbitTemplate
|
||||
* the configured amqp template.
|
||||
* @param artifactManagement
|
||||
* for artifact URI generation
|
||||
* @param cache
|
||||
* for download Ids
|
||||
* @param hostnameResolver
|
||||
* for resolving the host for downloads
|
||||
* @param authenticationManager
|
||||
* for target authentication
|
||||
* @param controllerManagement
|
||||
* for target repo access
|
||||
* @param tenantAware
|
||||
* to access current tenant
|
||||
*/
|
||||
public AmqpAuthenticationMessageHandler(final RabbitTemplate rabbitTemplate,
|
||||
final AmqpControllerAuthentication authenticationManager, final ArtifactManagement artifactManagement,
|
||||
final DownloadIdCache cache, final HostnameResolver hostnameResolver,
|
||||
final ControllerManagement controllerManagement, final TenantAware tenantAware) {
|
||||
super(rabbitTemplate);
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.artifactManagement = artifactManagement;
|
||||
this.cache = cache;
|
||||
this.hostnameResolver = hostnameResolver;
|
||||
this.controllerManagement = controllerManagement;
|
||||
this.tenantAware = tenantAware;
|
||||
}
|
||||
|
||||
/**
|
||||
* Executed on an authentication request.
|
||||
*
|
||||
* @param message
|
||||
* the amqp message
|
||||
* @return the rpc message back to supplier.
|
||||
*/
|
||||
@RabbitListener(queues = "${hawkbit.dmf.rabbitmq.authenticationReceiverQueue:authentication_receiver}", containerFactory = "listenerContainerFactory")
|
||||
public Message onAuthenticationRequest(final Message message) {
|
||||
checkContentTypeJson(message);
|
||||
final SecurityContext oldContext = SecurityContextHolder.getContext();
|
||||
try {
|
||||
return handleAuthenticationMessage(message);
|
||||
} catch (final RuntimeException ex) {
|
||||
throw new AmqpRejectAndDontRequeueException(ex);
|
||||
} finally {
|
||||
SecurityContextHolder.setContext(oldContext);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check action for this download purposes, the method will throw an
|
||||
* EntityNotFoundException in case the controller is not allowed to download
|
||||
* this file because it's not assigned to an action and not assigned to this
|
||||
* controller. Otherwise no controllerId is set = anonymous download
|
||||
*
|
||||
* @param securityToken
|
||||
* the security token which holds the target ID to check on
|
||||
* @param sha1Hash
|
||||
* of the artifact to verify if the given target is allowed to
|
||||
* download it
|
||||
*/
|
||||
private void checkIfArtifactIsAssignedToTarget(final DmfTenantSecurityToken securityToken, final String sha1Hash) {
|
||||
|
||||
if (securityToken.getControllerId() != null) {
|
||||
checkByControllerId(sha1Hash, securityToken.getControllerId());
|
||||
} else if (securityToken.getTargetId() != null) {
|
||||
checkByTargetId(sha1Hash, securityToken.getTargetId());
|
||||
} else {
|
||||
log.info("anonymous download no authentication check for artifact {}", sha1Hash);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private void checkByTargetId(final String sha1Hash, final Long targetId) {
|
||||
log.debug("no anonymous download request, doing authentication check for target {} and artifact {}", targetId,
|
||||
sha1Hash);
|
||||
if (!controllerManagement.hasTargetArtifactAssigned(targetId, sha1Hash)) {
|
||||
log.info("target {} tried to download artifact {} which is not assigned to the target", targetId, sha1Hash);
|
||||
throw new EntityNotFoundException();
|
||||
}
|
||||
log.info("download security check for target {} and artifact {} granted", targetId, sha1Hash);
|
||||
}
|
||||
|
||||
private void checkByControllerId(final String sha1Hash, final String controllerId) {
|
||||
log.debug("no anonymous download request, doing authentication check for target {} and artifact {}",
|
||||
controllerId, sha1Hash);
|
||||
if (!controllerManagement.hasTargetArtifactAssigned(controllerId, sha1Hash)) {
|
||||
log.info("target {} tried to download artifact {} which is not assigned to the target", controllerId,
|
||||
sha1Hash);
|
||||
throw new EntityNotFoundException();
|
||||
}
|
||||
log.info("download security check for target {} and artifact {} granted", controllerId, sha1Hash);
|
||||
}
|
||||
|
||||
private Optional<Artifact> findArtifactByFileResource(final FileResource fileResource) {
|
||||
|
||||
if (fileResource == null) {
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
if (fileResource.getSha1() != null) {
|
||||
return artifactManagement.findFirstBySHA1(fileResource.getSha1());
|
||||
}
|
||||
|
||||
if (fileResource.getFilename() != null) {
|
||||
return artifactManagement.getByFilename(fileResource.getFilename());
|
||||
}
|
||||
|
||||
if (fileResource.getArtifactId() != null) {
|
||||
return artifactManagement.get(fileResource.getArtifactId());
|
||||
}
|
||||
|
||||
if (fileResource.getSoftwareModuleFilenameResource() != null) {
|
||||
return artifactManagement.getByFilenameAndSoftwareModule(
|
||||
fileResource.getSoftwareModuleFilenameResource().getFilename(),
|
||||
fileResource.getSoftwareModuleFilenameResource().getSoftwareModuleId());
|
||||
}
|
||||
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
private static DmfArtifact convertDbArtifact(final Artifact dbArtifact) {
|
||||
final DmfArtifact artifact = new DmfArtifact();
|
||||
artifact.setSize(dbArtifact.getSize());
|
||||
artifact.setLastModified(dbArtifact.getCreatedAt());
|
||||
artifact.setHashes(new DmfArtifactHash(dbArtifact.getSha1Hash(), dbArtifact.getMd5Hash()));
|
||||
return artifact;
|
||||
}
|
||||
|
||||
// suppress warning, EntityNotFoundException has not to be logged or
|
||||
// rethrown as the exception has no valuable information
|
||||
@SuppressWarnings("squid:S1166")
|
||||
private Message handleAuthenticationMessage(final Message message) {
|
||||
final DmfDownloadResponse authenticationResponse = new DmfDownloadResponse();
|
||||
final DmfTenantSecurityToken securityToken = convertMessage(message, DmfTenantSecurityToken.class);
|
||||
final FileResource fileResource = securityToken.getFileResource();
|
||||
try {
|
||||
SecurityContextHolder.getContext().setAuthentication(authenticationManager.doAuthenticate(securityToken));
|
||||
|
||||
final Artifact artifact = findArtifactByFileResource(fileResource)
|
||||
.orElseThrow(EntityNotFoundException::new);
|
||||
|
||||
checkIfArtifactIsAssignedToTarget(securityToken, artifact.getSha1Hash());
|
||||
|
||||
final DmfArtifact dmfArtifact = convertDbArtifact(artifact);
|
||||
|
||||
authenticationResponse.setArtifact(dmfArtifact);
|
||||
final String downloadId = UUID.randomUUID().toString();
|
||||
// SHA1 key is set, download by SHA1
|
||||
final DownloadArtifactCache downloadCache = new DownloadArtifactCache(DownloadType.BY_SHA1,
|
||||
artifact.getSha1Hash());
|
||||
cache.put(downloadId, downloadCache);
|
||||
authenticationResponse.setDownloadUrl(UriComponentsBuilder
|
||||
.fromUri(hostnameResolver.resolveHostname().toURI()).path("/api/v1/downloadserver/downloadId/")
|
||||
.path(tenantAware.getCurrentTenant()).path("/").path(downloadId).build().toUriString());
|
||||
authenticationResponse.setResponseCode(HttpStatus.OK.value());
|
||||
} catch (final BadCredentialsException | AuthenticationServiceException | CredentialsExpiredException e) {
|
||||
log.error("Login failed", e);
|
||||
authenticationResponse.setResponseCode(HttpStatus.FORBIDDEN.value());
|
||||
authenticationResponse.setMessage("Login failed");
|
||||
} catch (final URISyntaxException e) {
|
||||
log.error("URI build exception", e);
|
||||
authenticationResponse.setResponseCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
|
||||
authenticationResponse.setMessage("Building download URI failed");
|
||||
} catch (final EntityNotFoundException e) {
|
||||
final String errorMessage = "Artifact for resource " + fileResource + " not found ";
|
||||
log.info(errorMessage);
|
||||
authenticationResponse.setResponseCode(HttpStatus.NOT_FOUND.value());
|
||||
authenticationResponse.setMessage(errorMessage);
|
||||
}
|
||||
|
||||
return getMessageConverter().toMessage(authenticationResponse, message.getMessageProperties());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -11,10 +11,7 @@ package org.eclipse.hawkbit.amqp;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.api.ArtifactUrlHandler;
|
||||
import org.eclipse.hawkbit.api.HostnameResolver;
|
||||
import org.eclipse.hawkbit.cache.DownloadIdCache;
|
||||
import org.eclipse.hawkbit.dmf.amqp.api.AmqpSettings;
|
||||
import org.eclipse.hawkbit.repository.ArtifactManagement;
|
||||
import org.eclipse.hawkbit.repository.ConfirmationManagement;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.DeploymentManagement;
|
||||
@@ -24,9 +21,7 @@ import org.eclipse.hawkbit.repository.SoftwareModuleManagement;
|
||||
import org.eclipse.hawkbit.repository.SystemManagement;
|
||||
import org.eclipse.hawkbit.repository.TargetManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.amqp.core.Binding;
|
||||
import org.springframework.amqp.core.BindingBuilder;
|
||||
import org.springframework.amqp.core.FanoutExchange;
|
||||
@@ -281,20 +276,6 @@ public class AmqpConfiguration {
|
||||
entityFactory, systemSecurityContext, tenantConfigurationManagement, confirmationManagement);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create AMQP handler service bean for authentication messages.
|
||||
*
|
||||
* @return handler service bean
|
||||
*/
|
||||
@Bean
|
||||
AmqpAuthenticationMessageHandler amqpAuthenticationMessageHandler(final RabbitTemplate rabbitTemplate,
|
||||
final AmqpControllerAuthentication authenticationManager, final ArtifactManagement artifactManagement,
|
||||
final DownloadIdCache downloadIdCache, final HostnameResolver hostnameResolver,
|
||||
final ControllerManagement controllerManagement, final TenantAware tenantAware) {
|
||||
return new AmqpAuthenticationMessageHandler(rabbitTemplate, authenticationManager, artifactManagement,
|
||||
downloadIdCache, hostnameResolver, controllerManagement, tenantAware);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create default amqp sender service bean.
|
||||
*
|
||||
@@ -322,33 +303,6 @@ public class AmqpConfiguration {
|
||||
return factory;
|
||||
}
|
||||
|
||||
/**
|
||||
* create the authentication bean for controller over amqp.
|
||||
*
|
||||
* @param systemManagement
|
||||
* the systemManagement
|
||||
* @param controllerManagement
|
||||
* the controllerManagement
|
||||
* @param tenantConfigurationManagement
|
||||
* the tenantConfigurationManagement
|
||||
* @param tenantAware
|
||||
* the tenantAware
|
||||
* @param ddiSecruityProperties
|
||||
* the ddiSecruityProperties
|
||||
* @param systemSecurityContext
|
||||
* the systemSecurityContext
|
||||
* @return the bean
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnMissingBean(AmqpControllerAuthentication.class)
|
||||
public AmqpControllerAuthentication amqpControllerAuthentication(final SystemManagement systemManagement,
|
||||
final ControllerManagement controllerManagement,
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||
final DdiSecurityProperties ddiSecruityProperties, final SystemSecurityContext systemSecurityContext) {
|
||||
return new AmqpControllerAuthentication(systemManagement, controllerManagement, tenantConfigurationManagement,
|
||||
tenantAware, ddiSecruityProperties, systemSecurityContext);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean(AmqpMessageDispatcherService.class)
|
||||
AmqpMessageDispatcherService amqpMessageDispatcherService(final RabbitTemplate rabbitTemplate,
|
||||
|
||||
@@ -1,165 +0,0 @@
|
||||
/**
|
||||
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
|
||||
*
|
||||
* This program and the accompanying materials are made
|
||||
* available under the terms of the Eclipse Public License 2.0
|
||||
* which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
*
|
||||
* SPDX-License-Identifier: EPL-2.0
|
||||
*/
|
||||
package org.eclipse.hawkbit.amqp;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.SystemManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.security.ControllerPreAuthenticateSecurityTokenFilter;
|
||||
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousDownload;
|
||||
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedAnonymousFilter;
|
||||
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedGatewaySecurityTokenFilter;
|
||||
import org.eclipse.hawkbit.security.ControllerPreAuthenticatedSecurityHeaderFilter;
|
||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
|
||||
import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
|
||||
import org.eclipse.hawkbit.security.PreAuthenticationFilter;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
|
||||
/**
|
||||
* A controller which handles the DMF AMQP authentication.
|
||||
*/
|
||||
@Slf4j
|
||||
public class AmqpControllerAuthentication {
|
||||
|
||||
private final PreAuthTokenSourceTrustAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthTokenSourceTrustAuthenticationProvider();
|
||||
|
||||
private List<PreAuthenticationFilter> filterChain;
|
||||
|
||||
private final ControllerManagement controllerManagement;
|
||||
|
||||
private final SystemManagement systemManagement;
|
||||
|
||||
private final TenantConfigurationManagement tenantConfigurationManagement;
|
||||
|
||||
private final TenantAware tenantAware;
|
||||
|
||||
private final DdiSecurityProperties ddiSecruityProperties;
|
||||
|
||||
private final SystemSecurityContext systemSecurityContext;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param systemManagement
|
||||
* @param controllerManagement
|
||||
* @param tenantConfigurationManagement
|
||||
* @param tenantAware
|
||||
* current tenant
|
||||
* @param ddiSecruityProperties
|
||||
* security configurations
|
||||
* @param systemSecurityContext
|
||||
* security context
|
||||
*/
|
||||
public AmqpControllerAuthentication(final SystemManagement systemManagement,
|
||||
final ControllerManagement controllerManagement,
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||
final DdiSecurityProperties ddiSecruityProperties, final SystemSecurityContext systemSecurityContext) {
|
||||
this.controllerManagement = controllerManagement;
|
||||
this.systemManagement = systemManagement;
|
||||
this.tenantConfigurationManagement = tenantConfigurationManagement;
|
||||
this.tenantAware = tenantAware;
|
||||
this.ddiSecruityProperties = ddiSecruityProperties;
|
||||
this.systemSecurityContext = systemSecurityContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* Called by spring when bean instantiated and autowired.
|
||||
*/
|
||||
@PostConstruct
|
||||
public void postConstruct() {
|
||||
addFilter();
|
||||
}
|
||||
|
||||
private void addFilter() {
|
||||
filterChain = new ArrayList<>(5);
|
||||
|
||||
final ControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new ControllerPreAuthenticatedGatewaySecurityTokenFilter(
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(gatewaySecurityTokenFilter);
|
||||
|
||||
final ControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new ControllerPreAuthenticatedSecurityHeaderFilter(
|
||||
ddiSecruityProperties.getRp().getCnHeader(), ddiSecruityProperties.getRp().getSslIssuerHashHeader(),
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(securityHeaderFilter);
|
||||
|
||||
final ControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new ControllerPreAuthenticateSecurityTokenFilter(
|
||||
tenantConfigurationManagement, controllerManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(securityTokenFilter);
|
||||
|
||||
final ControllerPreAuthenticatedAnonymousDownload anonymousDownloadFilter = new ControllerPreAuthenticatedAnonymousDownload(
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext);
|
||||
filterChain.add(anonymousDownloadFilter);
|
||||
|
||||
filterChain.add(new ControllerPreAuthenticatedAnonymousFilter(ddiSecruityProperties));
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs authentication with the security token.
|
||||
*
|
||||
* @param securityToken
|
||||
* the authentication request object
|
||||
* @return the authentication object
|
||||
*/
|
||||
public Authentication doAuthenticate(final DmfTenantSecurityToken securityToken) {
|
||||
resolveTenant(securityToken);
|
||||
PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(null, null);
|
||||
for (final PreAuthenticationFilter filter : filterChain) {
|
||||
final PreAuthenticatedAuthenticationToken authenticationRest = createAuthentication(filter, securityToken);
|
||||
if (authenticationRest != null) {
|
||||
authentication = authenticationRest;
|
||||
authentication.setDetails(new TenantAwareAuthenticationDetails(securityToken.getTenant(), true));
|
||||
break;
|
||||
}
|
||||
}
|
||||
return preAuthenticatedAuthenticationProvider.authenticate(authentication);
|
||||
|
||||
}
|
||||
|
||||
private void resolveTenant(final DmfTenantSecurityToken securityToken) {
|
||||
if (securityToken.getTenant() == null) {
|
||||
securityToken.setTenant(systemSecurityContext
|
||||
.runAsSystem(() -> systemManagement.getTenantMetadata(securityToken.getTenantId()).getTenant()));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private static PreAuthenticatedAuthenticationToken createAuthentication(final PreAuthenticationFilter filter,
|
||||
final DmfTenantSecurityToken securityToken) {
|
||||
|
||||
if (!filter.isEnable(securityToken)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
final Object principal = filter.getPreAuthenticatedPrincipal(securityToken);
|
||||
final Object credentials = filter.getPreAuthenticatedCredentials(securityToken);
|
||||
|
||||
if (principal == null) {
|
||||
log.debug("No pre-authenticated principal found in message");
|
||||
return null;
|
||||
}
|
||||
|
||||
log.debug("preAuthenticatedPrincipal = {} trying to authenticate", principal);
|
||||
|
||||
return new PreAuthenticatedAuthenticationToken(principal, credentials,
|
||||
filter.getSuccessfulAuthenticationAuthorities());
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user