Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -22,12 +22,11 @@ import jakarta.servlet.ServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.eclipse.hawkbit.util.UrlUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@@ -40,10 +39,9 @@ import org.springframework.util.AntPathMatcher;
|
||||
* name from the URL and the controller ID from the URL to do security checks
|
||||
* based on this information.
|
||||
*/
|
||||
@Slf4j
|
||||
public abstract class AbstractHttpControllerAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(AbstractHttpControllerAuthenticationFilter.class);
|
||||
|
||||
|
||||
private static final String TENANT_PLACE_HOLDER = "tenant";
|
||||
private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
|
||||
|
||||
@@ -134,28 +132,28 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
|
||||
final String requestURI = request.getRequestURI();
|
||||
|
||||
if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) {
|
||||
LOG.debug("retrieving principal from URI request {}", requestURI);
|
||||
log.debug("retrieving principal from URI request {}", requestURI);
|
||||
final Map<String, String> extractUriTemplateVariables = pathExtractor
|
||||
.extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI);
|
||||
final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER));
|
||||
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
if (LOG.isTraceEnabled()) {
|
||||
LOG.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
|
||||
if (log.isTraceEnabled()) {
|
||||
log.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
|
||||
requestURI);
|
||||
}
|
||||
return createTenantSecurityTokenVariables(request, tenant, controllerId);
|
||||
} else if (pathExtractor.match(request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI)) {
|
||||
LOG.debug("retrieving path variables from URI request {}", requestURI);
|
||||
log.debug("retrieving path variables from URI request {}", requestURI);
|
||||
final Map<String, String> extractUriTemplateVariables = pathExtractor.extractUriTemplateVariables(
|
||||
request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI);
|
||||
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
if (LOG.isTraceEnabled()) {
|
||||
LOG.trace("Parsed tenant {} from path request {}", tenant, requestURI);
|
||||
if (log.isTraceEnabled()) {
|
||||
log.trace("Parsed tenant {} from path request {}", tenant, requestURI);
|
||||
}
|
||||
return createTenantSecurityTokenVariables(request, tenant, "anonymous");
|
||||
} else {
|
||||
if (LOG.isTraceEnabled()) {
|
||||
LOG.trace("request {} does not match the path pattern {}, request gets ignored", requestURI,
|
||||
if (log.isTraceEnabled()) {
|
||||
log.trace("request {} does not match the path pattern {}, request gets ignored", requestURI,
|
||||
CONTROLLER_REQUEST_ANT_PATTERN);
|
||||
}
|
||||
return null;
|
||||
|
||||
@@ -13,10 +13,9 @@ import java.util.Map;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.util.UrlUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.util.AntPathMatcher;
|
||||
|
||||
@@ -24,14 +23,12 @@ import org.springframework.util.AntPathMatcher;
|
||||
* An {@link AuthenticationDetailsSource} implementation which retrieves the
|
||||
* tenant from a request pattern {@link #TENANT_AWARE_CONTROLLER_PATTERN} and
|
||||
* stores the retrieved tenant in the {@link TenantAwareAuthenticationDetails}.
|
||||
*
|
||||
*/
|
||||
@Slf4j
|
||||
public class ControllerTenantAwareAuthenticationDetailsSource
|
||||
implements AuthenticationDetailsSource<HttpServletRequest, TenantAwareAuthenticationDetails> {
|
||||
|
||||
private static final String TENANT_AWARE_CONTROLLER_PATTERN = "/{tenant}/controller/**";
|
||||
private static final Logger LOGGER = LoggerFactory
|
||||
.getLogger(ControllerTenantAwareAuthenticationDetailsSource.class);
|
||||
private static final String TENANT_PLACE_HOLDER = "tenant";
|
||||
private final AntPathMatcher pathExtractor;
|
||||
|
||||
@@ -49,17 +46,17 @@ public class ControllerTenantAwareAuthenticationDetailsSource
|
||||
|
||||
private String getTenantFromRequestUri(final HttpServletRequest request) {
|
||||
final String requestURI = request.getRequestURI();
|
||||
LOGGER.debug("retrieving tenant from URI request {}", requestURI);
|
||||
log.debug("retrieving tenant from URI request {}", requestURI);
|
||||
final String requestPathPattern = request.getContextPath() + TENANT_AWARE_CONTROLLER_PATTERN;
|
||||
if (!pathExtractor.match(requestPathPattern, requestURI)) {
|
||||
LOGGER.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}",
|
||||
log.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}",
|
||||
requestURI, TENANT_AWARE_CONTROLLER_PATTERN);
|
||||
return null;
|
||||
}
|
||||
final Map<String, String> extractUriTemplateVariables = pathExtractor
|
||||
.extractUriTemplateVariables(requestPathPattern, requestURI);
|
||||
if (LOGGER.isTraceEnabled()) {
|
||||
LOGGER.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
|
||||
if (log.isTraceEnabled()) {
|
||||
log.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
|
||||
extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
}
|
||||
return UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
|
||||
@@ -20,6 +20,7 @@ import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.util.IpUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -36,12 +37,13 @@ import com.github.benmanes.caffeine.cache.Caffeine;
|
||||
* maximum number of request per seconds which can be separately configured for
|
||||
* read (GET) and write (PUT/POST/DELETE) requests.
|
||||
*/
|
||||
@Slf4j
|
||||
public class DosFilter extends OncePerRequestFilter {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class);
|
||||
private static final Logger LOG_DOS = LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos");
|
||||
private static final Logger LOG_BLACKLIST = LoggerFactory
|
||||
.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist");
|
||||
private static final Logger LOG_DOS =
|
||||
LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos");
|
||||
private static final Logger LOG_BLACKLIST =
|
||||
LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist");
|
||||
|
||||
private final AntPathMatcher antMatcher = new AntPathMatcher();
|
||||
private final Collection<String> includeAntPaths;
|
||||
@@ -84,7 +86,6 @@ public class DosFilter extends OncePerRequestFilter {
|
||||
*/
|
||||
public DosFilter(final Collection<String> includeAntPaths, final int maxRead, final int maxWrite,
|
||||
final String ipDosWhiteListPattern, final String ipBlackListPattern, final String forwardHeader) {
|
||||
|
||||
this.includeAntPaths = includeAntPaths;
|
||||
this.maxRead = maxRead;
|
||||
this.maxWrite = maxWrite;
|
||||
@@ -165,7 +166,7 @@ public class DosFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
private static boolean handleMissingIpAddress(final HttpServletResponse response) {
|
||||
LOG.error("Failed to get peer IP adress");
|
||||
log.error("Failed to get peer IP adress");
|
||||
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -14,22 +14,18 @@ import java.util.regex.Pattern;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.cache.DownloadIdCache;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||
|
||||
/**
|
||||
* Extracts download or upload id from the request URI secruity token and set
|
||||
* Extracts download or upload id from the request URI security token and set
|
||||
* the security context.
|
||||
*
|
||||
*
|
||||
*
|
||||
*/
|
||||
@Slf4j
|
||||
public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
|
||||
|
||||
public static final String REQUEST_ID_REGEX_PATTERN = ".*\\/downloadId\\/.*";
|
||||
private static final Logger LOG = LoggerFactory.getLogger(HttpDownloadAuthenticationFilter.class);
|
||||
|
||||
private final Pattern pattern;
|
||||
private final DownloadIdCache downloadIdCache;
|
||||
@@ -51,7 +47,7 @@ public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedPr
|
||||
if (!matcher.matches()) {
|
||||
return null;
|
||||
}
|
||||
LOG.debug("retrieving id from URI request {}", requestURI);
|
||||
log.debug("retrieving id from URI request {}", requestURI);
|
||||
final String[] groups = requestURI.split("\\/");
|
||||
final String id = groups[groups.length - 1];
|
||||
if (id == null) {
|
||||
|
||||
Reference in New Issue
Block a user