Add permissions with roles for spring.security users. (#949)

* Add permissions with roles for spring.security users. * Fix review findings. * Use better authorityList initialisation. Signed-off-by: Michael Herdt <Michael.Herdt2@bosch-si.com>
2020-03-19 17:23:36 +01:00
parent cf7add7aaa
commit ef3ee7cd5c
1 changed files with 18 additions and 8 deletions
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java
@@ -70,16 +70,13 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio

        final List<UserPrincipal> userPrincipals = new ArrayList<>();
        for (final MultiUserProperties.User user : multiUserProperties.getUsers()) {
+            final List<String> permissions = user.getPermissions();
            List<GrantedAuthority> authorityList;
            // Allows ALL as a shorthand for all permissions
-            if (user.getPermissions().size() == 1 && "ALL".equals(user.getPermissions().get(0))) {
+            if (permissions.size() == 1 && "ALL".equals(permissions.get(0))) {
                authorityList = PermissionUtils.createAllAuthorityList();
            } else {
-                authorityList = new ArrayList<>(user.getPermissions().size());
-                for (final String permission : user.getPermissions()) {
-                    authorityList.add(new SimpleGrantedAuthority(permission));
-                    authorityList.add(new SimpleGrantedAuthority("ROLE_" + permission));
-                }
+                authorityList = createAuthoritiesFromList(permissions);
            }

            final UserPrincipal userPrincipal = new UserPrincipal(user.getUsername(), user.getPassword(),
@@ -93,13 +90,26 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio
        if (userPrincipals.isEmpty()) {
            final String name = securityProperties.getUser().getName();
            final String password = securityProperties.getUser().getPassword();
-            userPrincipals.add(new UserPrincipal(name, password, name, name, name, null, DEFAULT_TENANT,
-                    PermissionUtils.createAllAuthorityList()));
+            final List<String> roles = securityProperties.getUser().getRoles();
+            List<GrantedAuthority> authorityList = roles.isEmpty()
+                    ? PermissionUtils.createAllAuthorityList()
+                    : createAuthoritiesFromList(roles);
+            userPrincipals
+                    .add(new UserPrincipal(name, password, name, name, name, null, DEFAULT_TENANT, authorityList));
        }

        return new FixedInMemoryUserPrincipalUserDetailsService(userPrincipals);
    }

+    private static List<GrantedAuthority> createAuthoritiesFromList(final List<String> userAuthorities) {
+        List<GrantedAuthority> grantedAuthorityList = new ArrayList<>(userAuthorities.size());
+        for (final String permission : userAuthorities) {
+            grantedAuthorityList.add(new SimpleGrantedAuthority(permission));
+            grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_" + permission));
+        }
+        return grantedAuthorityList;
+    }
+
    private static class FixedInMemoryUserPrincipalUserDetailsService implements UserDetailsService {
        private final HashMap<String, UserPrincipal> userPrincipalMap = new HashMap<>();