From ef3ee7cd5c9c07c3b6068abf4f9657b644815854 Mon Sep 17 00:00:00 2001 From: Michael Herdt <55577866+herdt-michael@users.noreply.github.com> Date: Thu, 19 Mar 2020 17:23:36 +0100 Subject: [PATCH] Add permissions with roles for spring.security users. (#949) * Add permissions with roles for spring.security users. * Fix review findings. * Use better authorityList initialisation. Signed-off-by: Michael Herdt --- ...MemoryUserManagementAutoConfiguration.java | 26 +++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java index ae742df7a..6ecf9c1f6 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/InMemoryUserManagementAutoConfiguration.java @@ -70,16 +70,13 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio final List userPrincipals = new ArrayList<>(); for (final MultiUserProperties.User user : multiUserProperties.getUsers()) { + final List permissions = user.getPermissions(); List authorityList; // Allows ALL as a shorthand for all permissions - if (user.getPermissions().size() == 1 && "ALL".equals(user.getPermissions().get(0))) { + if (permissions.size() == 1 && "ALL".equals(permissions.get(0))) { authorityList = PermissionUtils.createAllAuthorityList(); } else { - authorityList = new ArrayList<>(user.getPermissions().size()); - for (final String permission : user.getPermissions()) { - authorityList.add(new SimpleGrantedAuthority(permission)); - authorityList.add(new SimpleGrantedAuthority("ROLE_" + permission)); - } + authorityList = createAuthoritiesFromList(permissions); } final UserPrincipal userPrincipal = new UserPrincipal(user.getUsername(), user.getPassword(), @@ -93,13 +90,26 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio if (userPrincipals.isEmpty()) { final String name = securityProperties.getUser().getName(); final String password = securityProperties.getUser().getPassword(); - userPrincipals.add(new UserPrincipal(name, password, name, name, name, null, DEFAULT_TENANT, - PermissionUtils.createAllAuthorityList())); + final List roles = securityProperties.getUser().getRoles(); + List authorityList = roles.isEmpty() + ? PermissionUtils.createAllAuthorityList() + : createAuthoritiesFromList(roles); + userPrincipals + .add(new UserPrincipal(name, password, name, name, name, null, DEFAULT_TENANT, authorityList)); } return new FixedInMemoryUserPrincipalUserDetailsService(userPrincipals); } + private static List createAuthoritiesFromList(final List userAuthorities) { + List grantedAuthorityList = new ArrayList<>(userAuthorities.size()); + for (final String permission : userAuthorities) { + grantedAuthorityList.add(new SimpleGrantedAuthority(permission)); + grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_" + permission)); + } + return grantedAuthorityList; + } + private static class FixedInMemoryUserPrincipalUserDetailsService implements UserDetailsService { private final HashMap userPrincipalMap = new HashMap<>();