Refactoring/Improving source: sec integration (fix) (#1609) (#1610)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-02-04 10:54:37 +02:00
committed by GitHub
parent 5ac365f92e
commit e218d2c64d
4 changed files with 28 additions and 36 deletions

View File

@@ -22,12 +22,11 @@ import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -40,10 +39,9 @@ import org.springframework.util.AntPathMatcher;
* name from the URL and the controller ID from the URL to do security checks
* based on this information.
*/
@Slf4j
public abstract class AbstractHttpControllerAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Logger LOG = LoggerFactory.getLogger(AbstractHttpControllerAuthenticationFilter.class);
private static final String TENANT_PLACE_HOLDER = "tenant";
private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
@@ -134,28 +132,28 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
final String requestURI = request.getRequestURI();
if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) {
LOG.debug("retrieving principal from URI request {}", requestURI);
log.debug("retrieving principal from URI request {}", requestURI);
final Map<String, String> extractUriTemplateVariables = pathExtractor
.extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI);
final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER));
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
if (LOG.isTraceEnabled()) {
LOG.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
if (log.isTraceEnabled()) {
log.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
requestURI);
}
return createTenantSecurityTokenVariables(request, tenant, controllerId);
} else if (pathExtractor.match(request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI)) {
LOG.debug("retrieving path variables from URI request {}", requestURI);
log.debug("retrieving path variables from URI request {}", requestURI);
final Map<String, String> extractUriTemplateVariables = pathExtractor.extractUriTemplateVariables(
request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI);
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
if (LOG.isTraceEnabled()) {
LOG.trace("Parsed tenant {} from path request {}", tenant, requestURI);
if (log.isTraceEnabled()) {
log.trace("Parsed tenant {} from path request {}", tenant, requestURI);
}
return createTenantSecurityTokenVariables(request, tenant, "anonymous");
} else {
if (LOG.isTraceEnabled()) {
LOG.trace("request {} does not match the path pattern {}, request gets ignored", requestURI,
if (log.isTraceEnabled()) {
log.trace("request {} does not match the path pattern {}, request gets ignored", requestURI,
CONTROLLER_REQUEST_ANT_PATTERN);
}
return null;

View File

@@ -13,10 +13,9 @@ import java.util.Map;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.util.AntPathMatcher;
@@ -24,14 +23,12 @@ import org.springframework.util.AntPathMatcher;
* An {@link AuthenticationDetailsSource} implementation which retrieves the
* tenant from a request pattern {@link #TENANT_AWARE_CONTROLLER_PATTERN} and
* stores the retrieved tenant in the {@link TenantAwareAuthenticationDetails}.
*
*/
@Slf4j
public class ControllerTenantAwareAuthenticationDetailsSource
implements AuthenticationDetailsSource<HttpServletRequest, TenantAwareAuthenticationDetails> {
private static final String TENANT_AWARE_CONTROLLER_PATTERN = "/{tenant}/controller/**";
private static final Logger LOGGER = LoggerFactory
.getLogger(ControllerTenantAwareAuthenticationDetailsSource.class);
private static final String TENANT_PLACE_HOLDER = "tenant";
private final AntPathMatcher pathExtractor;
@@ -49,17 +46,17 @@ public class ControllerTenantAwareAuthenticationDetailsSource
private String getTenantFromRequestUri(final HttpServletRequest request) {
final String requestURI = request.getRequestURI();
LOGGER.debug("retrieving tenant from URI request {}", requestURI);
log.debug("retrieving tenant from URI request {}", requestURI);
final String requestPathPattern = request.getContextPath() + TENANT_AWARE_CONTROLLER_PATTERN;
if (!pathExtractor.match(requestPathPattern, requestURI)) {
LOGGER.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}",
log.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}",
requestURI, TENANT_AWARE_CONTROLLER_PATTERN);
return null;
}
final Map<String, String> extractUriTemplateVariables = pathExtractor
.extractUriTemplateVariables(requestPathPattern, requestURI);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
if (log.isTraceEnabled()) {
log.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
}
return UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));

View File

@@ -20,6 +20,7 @@ import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.util.IpUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -36,12 +37,13 @@ import com.github.benmanes.caffeine.cache.Caffeine;
* maximum number of request per seconds which can be separately configured for
* read (GET) and write (PUT/POST/DELETE) requests.
*/
@Slf4j
public class DosFilter extends OncePerRequestFilter {
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class);
private static final Logger LOG_DOS = LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos");
private static final Logger LOG_BLACKLIST = LoggerFactory
.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist");
private static final Logger LOG_DOS =
LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos");
private static final Logger LOG_BLACKLIST =
LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist");
private final AntPathMatcher antMatcher = new AntPathMatcher();
private final Collection<String> includeAntPaths;
@@ -84,7 +86,6 @@ public class DosFilter extends OncePerRequestFilter {
*/
public DosFilter(final Collection<String> includeAntPaths, final int maxRead, final int maxWrite,
final String ipDosWhiteListPattern, final String ipBlackListPattern, final String forwardHeader) {
this.includeAntPaths = includeAntPaths;
this.maxRead = maxRead;
this.maxWrite = maxWrite;
@@ -165,7 +166,7 @@ public class DosFilter extends OncePerRequestFilter {
}
private static boolean handleMissingIpAddress(final HttpServletResponse response) {
LOG.error("Failed to get peer IP adress");
log.error("Failed to get peer IP adress");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
return false;
}

View File

@@ -14,22 +14,18 @@ import java.util.regex.Pattern;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.cache.DownloadIdCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
/**
* Extracts download or upload id from the request URI secruity token and set
* Extracts download or upload id from the request URI security token and set
* the security context.
*
*
*
*/
@Slf4j
public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
public static final String REQUEST_ID_REGEX_PATTERN = ".*\\/downloadId\\/.*";
private static final Logger LOG = LoggerFactory.getLogger(HttpDownloadAuthenticationFilter.class);
private final Pattern pattern;
private final DownloadIdCache downloadIdCache;
@@ -51,7 +47,7 @@ public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedPr
if (!matcher.matches()) {
return null;
}
LOG.debug("retrieving id from URI request {}", requestURI);
log.debug("retrieving id from URI request {}", requestURI);
final String[] groups = requestURI.split("\\/");
final String id = groups[groups.length - 1];
if (id == null) {