Enforce decoding in authentication check (#1362)
* Enforce decoding in authentication check +Enforce decoding of controllerId when authentication is performed for the reverse proxy use case * Remove unused imports Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Switch approach to decode retrieved values from map Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Remove unused imports Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Style improve Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Move logic to separate class Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Remove TODO comment Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> * Hide public constructor in Util class Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io> --------- Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
This commit is contained in:
committed by
GitHub
parent
43b54b4c36
commit
f0db69473c
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.security.DmfTenantSecurityToken.FileResource;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.eclipse.hawkbit.util.UrlUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -135,8 +136,8 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
|
||||
LOG.debug("retrieving principal from URI request {}", requestURI);
|
||||
final Map<String, String> extractUriTemplateVariables = pathExtractor
|
||||
.extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI);
|
||||
final String controllerId = extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER);
|
||||
final String tenant = extractUriTemplateVariables.get(TENANT_PLACE_HOLDER);
|
||||
final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER));
|
||||
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
if (LOG.isTraceEnabled()) {
|
||||
LOG.trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId,
|
||||
requestURI);
|
||||
@@ -146,7 +147,7 @@ public abstract class AbstractHttpControllerAuthenticationFilter extends Abstrac
|
||||
LOG.debug("retrieving path variables from URI request {}", requestURI);
|
||||
final Map<String, String> extractUriTemplateVariables = pathExtractor.extractUriTemplateVariables(
|
||||
request.getContextPath() + CONTROLLER_DL_REQUEST_ANT_PATTERN, requestURI);
|
||||
final String tenant = extractUriTemplateVariables.get(TENANT_PLACE_HOLDER);
|
||||
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
if (LOG.isTraceEnabled()) {
|
||||
LOG.trace("Parsed tenant {} from path request {}", tenant, requestURI);
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.util.UrlUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
@@ -60,6 +61,6 @@ public class ControllerTenantAwareAuthenticationDetailsSource
|
||||
LOGGER.trace("Parsed path variables {} using tenant {}", extractUriTemplateVariables,
|
||||
extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
}
|
||||
return extractUriTemplateVariables.get(TENANT_PLACE_HOLDER);
|
||||
return UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user