diff --git a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/AbstractIntegrationTest.java b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/AbstractIntegrationTest.java index b7091edf8..ddd850df1 100644 --- a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/AbstractIntegrationTest.java +++ b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/AbstractIntegrationTest.java @@ -48,6 +48,7 @@ import org.eclipse.hawkbit.repository.model.DistributionSetType; import org.eclipse.hawkbit.repository.model.SoftwareModuleType; import org.eclipse.hawkbit.repository.utils.RepositoryDataGenerator.DatabaseCleanupUtil; import org.eclipse.hawkbit.security.DosFilter; +import org.eclipse.hawkbit.security.SystemSecurityContext; import org.eclipse.hawkbit.tenancy.TenantAware; import org.junit.After; import org.junit.AfterClass; @@ -181,11 +182,10 @@ public abstract class AbstractIntegrationTest implements EnvironmentAware { @Autowired protected TenantAwareCacheManager cacheManager; - + @Autowired protected TenantConfigurationManagement tenantConfigurationManagement; - @Autowired protected RolloutManagement rolloutManagement; @@ -198,6 +198,9 @@ public abstract class AbstractIntegrationTest implements EnvironmentAware { @Autowired protected RolloutRepository rolloutRepository; + @Autowired + protected SystemSecurityContext systemSecurityContext; + protected MockMvc mvc; @Autowired diff --git a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/WithSpringAuthorityRule.java b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/WithSpringAuthorityRule.java index 15fda51b4..40f6a64c2 100644 --- a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/WithSpringAuthorityRule.java +++ b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/WithSpringAuthorityRule.java @@ -160,19 +160,23 @@ public class WithSpringAuthorityRule implements TestRule { } public static WithUser withUser(final String principal, final String... authorities) { - return withUserAndTenant(principal, "default", true, authorities); + return withUserAndTenant(principal, "default", true, true, authorities); + } + + public static WithUser withUser(final String principal, final boolean allSpPermision, final String... authorities) { + return withUserAndTenant(principal, "default", true, allSpPermision, authorities); } public static WithUser withUser(final boolean autoCreateTenant) { - return withUserAndTenant("bumlux", "default", autoCreateTenant, new String[] {}); + return withUserAndTenant("bumlux", "default", autoCreateTenant, true, new String[] {}); } public static WithUser withUserAndTenant(final String principal, final String tenant, final String... authorities) { - return withUserAndTenant(principal, tenant, true, new String[] {}); + return withUserAndTenant(principal, tenant, true, true, new String[] {}); } public static WithUser withUserAndTenant(final String principal, final String tenant, - final boolean autoCreateTenant, final String... authorities) { + final boolean autoCreateTenant, final boolean allSpPermission, final String... authorities) { return new WithUser() { @Override @@ -197,7 +201,7 @@ public class WithSpringAuthorityRule implements TestRule { @Override public boolean allSpPermissions() { - return true; + return allSpPermission; } @Override diff --git a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/repository/TargetManagementTest.java b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/repository/TargetManagementTest.java index a223c25b4..1c039c8c8 100644 --- a/hawkbit-repository/src/test/java/org/eclipse/hawkbit/repository/TargetManagementTest.java +++ b/hawkbit-repository/src/test/java/org/eclipse/hawkbit/repository/TargetManagementTest.java @@ -32,6 +32,7 @@ import org.eclipse.hawkbit.AbstractIntegrationTest; import org.eclipse.hawkbit.TestDataUtil; import org.eclipse.hawkbit.WithSpringAuthorityRule; import org.eclipse.hawkbit.WithUser; +import org.eclipse.hawkbit.im.authentication.SpPermission; import org.eclipse.hawkbit.repository.exception.EntityAlreadyExistsException; import org.eclipse.hawkbit.repository.exception.TenantNotExistException; import org.eclipse.hawkbit.repository.model.Action; @@ -56,6 +57,36 @@ import ru.yandex.qatools.allure.annotations.Stories; @Stories("Target Management") public class TargetManagementTest extends AbstractIntegrationTest { + @Test + @Description("Ensures that retrieving the target security is only permitted with the necessary permissions.") + public void getTargetSecurityTokenOnlyWithCorrectPermission() throws Exception { + final Target createdTarget = targetManagement.createTarget(new Target("targetWithSecurityToken")); + + // retrieve security token only with READ_TARGET_SEC_TOKEN permission + final String securityTokenWithReadPermission = securityRule.runAs(WithSpringAuthorityRule + .withUser("OnlyTargetReadPermission", false, SpPermission.READ_TARGET_SEC_TOKEN.toString()), () -> { + return createdTarget.getSecurityToken(); + }); + + // retrieve security token as system code execution + final String securityTokenAsSystemCode = systemSecurityContext.runAsSystem(() -> { + return createdTarget.getSecurityToken(); + }); + + // retrieve security token without any permissions + final String securityTokenWithoutPermission = securityRule + .runAs(WithSpringAuthorityRule.withUser("NoPermission", false), () -> { + return createdTarget.getSecurityToken(); + }); + + assertThat(createdTarget.getSecurityToken()).isNotNull(); + assertThat(securityTokenWithReadPermission).isNotNull(); + assertThat(securityTokenAsSystemCode).isNotNull(); + + assertThat(securityTokenWithoutPermission).isNull(); + + } + @Test @Description("Ensures that targets cannot be created e.g. in plug'n play scenarios when tenant does not exists.") @WithUser(tenantId = "tenantWhichDoesNotExists", allSpPermissions = true, autoCreateTenant = false)