lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Security fix for UI auto refresh (#885)

Browse Source 
Signed-off-by: Anand Kumar <anand.kumar@bosch-si.com>
This commit is contained in:
Anand Kumar
2019-08-21 11:05:36 +02:00
committed by Dominic Schabel
parent d40b11d2ab
commit e841dc6a8a
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/push/DelayedEventBusPushStrategy.java
View File

@@ -20,6 +20,7 @@ import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.im.authentication.UserPrincipal;
import org.eclipse.hawkbit.repository.event.TenantAwareEvent;
import org.eclipse.hawkbit.repository.event.remote.entity.ActionCreatedEvent;
import org.eclipse.hawkbit.repository.event.remote.entity.ActionUpdatedEvent;
@@ -183,6 +184,10 @@ public class DelayedEventBusPushStrategy implements EventPushStrategy, Applicati
return ((TenantAwareAuthenticationDetails) tenantAuthenticationDetails).getTenant()
.equalsIgnoreCase(event.getTenant());
}
final Object userPrincipalDetails = userContext.getAuthentication().getPrincipal();
if (userPrincipalDetails instanceof UserPrincipal) {
return ((UserPrincipal) userPrincipalDetails).getTenant().equalsIgnoreCase(event.getTenant());
}
return false;
}