Refactoring/Improving source: sec integration (fix) (#1609) (#1610)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-02-04 10:54:37 +02:00
committed by GitHub
parent 5ac365f92e
commit e218d2c64d
4 changed files with 28 additions and 36 deletions

View File

@@ -22,12 +22,11 @@ import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource; import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.util.UrlUtils; import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
@@ -40,10 +39,9 @@ import org.springframework.util.AntPathMatcher;
* name from the URL and the controller ID from the URL to do security checks * name from the URL and the controller ID from the URL to do security checks
* based on this information. * based on this information.
*/ */
@Slf4j
public abstract class AbstractHttpControllerAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { public abstract class AbstractHttpControllerAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Logger LOG = LoggerFactory.getLogger(AbstractHttpControllerAuthenticationFilter.class);
private static final String TENANT_PLACE_HOLDER = "tenant"; private static final String TENANT_PLACE_HOLDER = "tenant";
private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId"; private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
@@ -134,28 +132,28 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
final String requestURI = request.getRequestURI(); final String requestURI = request.getRequestURI();
if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) { if (pathExtractor.match(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI)) {
LOG.debug("retrieving principal from URI request {}", requestURI); log.debug("retrieving principal from URI request {}", requestURI);
final Map<String, String> extractUriTemplateVariables = pathExtractor final Map<String, String> extractUriTemplateVariables = pathExtractor
.extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI); .extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI);
final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER)); final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER));
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER)); final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
if (LOG.isTraceEnabled()) { if (log.isTraceEnabled()) {
LOG.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId, log.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
requestURI); requestURI);
} }
return createTenantSecurityTokenVariables(request, tenant, controllerId); return createTenantSecurityTokenVariables(request, tenant, controllerId);
} else if (pathExtractor.match(request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI)) { } else if (pathExtractor.match(request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI)) {
LOG.debug("retrieving path variables from URI request {}", requestURI); log.debug("retrieving path variables from URI request {}", requestURI);
final Map<String, String> extractUriTemplateVariables = pathExtractor.extractUriTemplateVariables( final Map<String, String> extractUriTemplateVariables = pathExtractor.extractUriTemplateVariables(
request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI); request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI);
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER)); final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
if (LOG.isTraceEnabled()) { if (log.isTraceEnabled()) {
LOG.trace("Parsed tenant {} from path request {}", tenant, requestURI); log.trace("Parsed tenant {} from path request {}", tenant, requestURI);
} }
return createTenantSecurityTokenVariables(request, tenant, "anonymous"); return createTenantSecurityTokenVariables(request, tenant, "anonymous");
} else { } else {
if (LOG.isTraceEnabled()) { if (log.isTraceEnabled()) {
LOG.trace("request {} does not match the path pattern {}, request gets ignored", requestURI, log.trace("request {} does not match the path pattern {}, request gets ignored", requestURI,
CONTROLLER_REQUEST_ANT_PATTERN); CONTROLLER_REQUEST_ANT_PATTERN);
} }
return null; return null;

View File

@@ -13,10 +13,9 @@ import java.util.Map;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails; import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.util.UrlUtils; import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.util.AntPathMatcher; import org.springframework.util.AntPathMatcher;
@@ -24,14 +23,12 @@ import org.springframework.util.AntPathMatcher;
* An {@link AuthenticationDetailsSource} implementation which retrieves the * An {@link AuthenticationDetailsSource} implementation which retrieves the
* tenant from a request pattern {@link #TENANT_AWARE_CONTROLLER_PATTERN} and * tenant from a request pattern {@link #TENANT_AWARE_CONTROLLER_PATTERN} and
* stores the retrieved tenant in the {@link TenantAwareAuthenticationDetails}. * stores the retrieved tenant in the {@link TenantAwareAuthenticationDetails}.
*
*/ */
@Slf4j
public class ControllerTenantAwareAuthenticationDetailsSource public class ControllerTenantAwareAuthenticationDetailsSource
implements AuthenticationDetailsSource<HttpServletRequest, TenantAwareAuthenticationDetails> { implements AuthenticationDetailsSource<HttpServletRequest, TenantAwareAuthenticationDetails> {
private static final String TENANT_AWARE_CONTROLLER_PATTERN = "/{tenant}/controller/**"; private static final String TENANT_AWARE_CONTROLLER_PATTERN = "/{tenant}/controller/**";
private static final Logger LOGGER = LoggerFactory
.getLogger(ControllerTenantAwareAuthenticationDetailsSource.class);
private static final String TENANT_PLACE_HOLDER = "tenant"; private static final String TENANT_PLACE_HOLDER = "tenant";
private final AntPathMatcher pathExtractor; private final AntPathMatcher pathExtractor;
@@ -49,17 +46,17 @@ public class ControllerTenantAwareAuthenticationDetailsSource
private String getTenantFromRequestUri(final HttpServletRequest request) { private String getTenantFromRequestUri(final HttpServletRequest request) {
final String requestURI = request.getRequestURI(); final String requestURI = request.getRequestURI();
LOGGER.debug("retrieving tenant from URI request {}", requestURI); log.debug("retrieving tenant from URI request {}", requestURI);
final String requestPathPattern = request.getContextPath() + TENANT_AWARE_CONTROLLER_PATTERN; final String requestPathPattern = request.getContextPath() + TENANT_AWARE_CONTROLLER_PATTERN;
if (!pathExtractor.match(requestPathPattern, requestURI)) { if (!pathExtractor.match(requestPathPattern, requestURI)) {
LOGGER.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}", log.info("Controller request not matching tenant aware request pattern requestpath: {}, pattern {}",
requestURI, TENANT_AWARE_CONTROLLER_PATTERN); requestURI, TENANT_AWARE_CONTROLLER_PATTERN);
return null; return null;
} }
final Map<String, String> extractUriTemplateVariables = pathExtractor final Map<String, String> extractUriTemplateVariables = pathExtractor
.extractUriTemplateVariables(requestPathPattern, requestURI); .extractUriTemplateVariables(requestPathPattern, requestURI);
if (LOGGER.isTraceEnabled()) { if (log.isTraceEnabled()) {
LOGGER.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables, log.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
extractUriTemplateVariables.get(TENANT_PLACE_HOLDER)); extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
} }
return UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER)); return UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));

View File

@@ -20,6 +20,7 @@ import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.util.IpUtil; import org.eclipse.hawkbit.util.IpUtil;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -36,12 +37,13 @@ import com.github.benmanes.caffeine.cache.Caffeine;
* maximum number of request per seconds which can be separately configured for * maximum number of request per seconds which can be separately configured for
* read (GET) and write (PUT/POST/DELETE) requests. * read (GET) and write (PUT/POST/DELETE) requests.
*/ */
@Slf4j
public class DosFilter extends OncePerRequestFilter { public class DosFilter extends OncePerRequestFilter {
private static final Logger LOG = LoggerFactory.getLogger(DosFilter.class); private static final Logger LOG_DOS =
private static final Logger LOG_DOS = LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos"); LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".dos");
private static final Logger LOG_BLACKLIST = LoggerFactory private static final Logger LOG_BLACKLIST =
.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist"); LoggerFactory.getLogger(SecurityConstants.SECURITY_LOG_PREFIX + ".blacklist");
private final AntPathMatcher antMatcher = new AntPathMatcher(); private final AntPathMatcher antMatcher = new AntPathMatcher();
private final Collection<String> includeAntPaths; private final Collection<String> includeAntPaths;
@@ -84,7 +86,6 @@ public class DosFilter extends OncePerRequestFilter {
*/ */
public DosFilter(final Collection<String> includeAntPaths, final int maxRead, final int maxWrite, public DosFilter(final Collection<String> includeAntPaths, final int maxRead, final int maxWrite,
final String ipDosWhiteListPattern, final String ipBlackListPattern, final String forwardHeader) { final String ipDosWhiteListPattern, final String ipBlackListPattern, final String forwardHeader) {
this.includeAntPaths = includeAntPaths; this.includeAntPaths = includeAntPaths;
this.maxRead = maxRead; this.maxRead = maxRead;
this.maxWrite = maxWrite; this.maxWrite = maxWrite;
@@ -165,7 +166,7 @@ public class DosFilter extends OncePerRequestFilter {
} }
private static boolean handleMissingIpAddress(final HttpServletResponse response) { private static boolean handleMissingIpAddress(final HttpServletResponse response) {
LOG.error("Failed to get peer IP adress"); log.error("Failed to get peer IP adress");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
return false; return false;
} }

View File

@@ -14,22 +14,18 @@ import java.util.regex.Pattern;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.cache.DownloadIdCache; import org.eclipse.hawkbit.cache.DownloadIdCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
/** /**
* Extracts download or upload id from the request URI secruity token and set * Extracts download or upload id from the request URI security token and set
* the security context. * the security context.
*
*
*
*/ */
@Slf4j
public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
public static final String REQUEST_ID_REGEX_PATTERN = ".*\\/downloadId\\/.*"; public static final String REQUEST_ID_REGEX_PATTERN = ".*\\/downloadId\\/.*";
private static final Logger LOG = LoggerFactory.getLogger(HttpDownloadAuthenticationFilter.class);
private final Pattern pattern; private final Pattern pattern;
private final DownloadIdCache downloadIdCache; private final DownloadIdCache downloadIdCache;
@@ -51,7 +47,7 @@ public class HttpDownloadAuthenticationFilter extends AbstractPreAuthenticatedPr
if (!matcher.matches()) { if (!matcher.matches()) {
return null; return null;
} }
LOG.debug("retrieving id from URI request {}", requestURI); log.debug("retrieving id from URI request {}", requestURI);
final String[] groups = requestURI.split("\\/"); final String[] groups = requestURI.split("\\/");
final String id = groups[groups.length - 1]; final String id = groups[groups.length - 1];
if (id == null) { if (id == null) {