Add DDI Authentication & set authentication per group (#1444)

* Add DDI Authentication (using apikey) * Gateway token by passing as apikey "GatewayToken: <token>" * Target token by passing as apikey "TargetToken: <token>" * Removed Bearer auth as not supported * Authentication schemes are set to the correspondent groups in order to be visible only where needed * Optional OpenAPI (with property _hawkbit.server.swagger.enabled_, by default _true_) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
2023-10-04 08:47:11 +03:00
parent a4204956e6
commit f632bdd9b1
1 changed files with 41 additions and 27 deletions
--- a/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java
+++ b/hawkbit-rest/hawkbit-rest-core/src/main/java/org/eclipse/hawkbit/rest/OpenApiConfiguration.java
@@ -20,38 +20,24 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

@Configuration
+@ConditionalOnProperty(
+    value="hawkbit.server.swagger.enabled",
+    havingValue = "true",
+    matchIfMissing = true)
 public class OpenApiConfiguration {

+  private static final String API_TITLE = "hawkBit REST APIs";
+  private static final String API_VERSION = "v1";
  private static final String DESCRIPTION = """
      Eclipse hawkBit™ is a domain-independent back-end framework for rolling out software updates to constrained edge devices as well as more powerful controllers and gateways connected to IP based networking infrastructure.
        """;

+  private static final String BASIC_AUTH_SEC_SCHEME_NAME = "Basic Authentication";
+  private static final String DDI_TOKEN_SEC_SCHEME_NAME = "DDI Target/GatewayToken Authentication";
+
  @Bean
-  public OpenAPI customOpenApi() {
-    final String apiTitle = "hawkBit REST APIs";
-
-    final String basiAuthSecSchemeName = "basicAuth";
-    final String bearerAuthenticationSchemeName = "Bearer Authentication";
-
-    return new OpenAPI()
-        .addSecurityItem(new SecurityRequirement().addList(basiAuthSecSchemeName))
-        .addSecurityItem(new SecurityRequirement().addList(bearerAuthenticationSchemeName))
-        .components(
-            new Components()
-                .addSecuritySchemes(basiAuthSecSchemeName,
-                    new SecurityScheme()
-                        .name(basiAuthSecSchemeName)
-                        .type(SecurityScheme.Type.HTTP)
-                        .in(SecurityScheme.In.HEADER)
-                        .scheme("basic")
-                )
-                .addSecuritySchemes(bearerAuthenticationSchemeName,
-                    new SecurityScheme()
-                        .name(bearerAuthenticationSchemeName)
-                        .type(SecurityScheme.Type.HTTP)
-                        .bearerFormat("JWT")
-                        .scheme("bearer")))
-        .info(new Info().title(apiTitle).description(DESCRIPTION).version("v1"));
+  public OpenAPI openApi() {
+    return new OpenAPI().info(new Info().title(API_TITLE).version(API_VERSION).description(DESCRIPTION));
  }

  @Bean
@@ -60,9 +46,23 @@ public class OpenApiConfiguration {
      havingValue = "true",
      matchIfMissing = true)
  public GroupedOpenApi mgmtApi() {
-    return GroupedOpenApi.builder()
+    return GroupedOpenApi
+        .builder()
        .group("Management API")
        .pathsToMatch("/rest/v1/**")
+        .addOpenApiCustomiser(openApi -> {
+            openApi
+                .addSecurityItem(new SecurityRequirement().addList(BASIC_AUTH_SEC_SCHEME_NAME))
+                .components(
+                    openApi
+                        .getComponents()
+                        .addSecuritySchemes(BASIC_AUTH_SEC_SCHEME_NAME,
+                            new SecurityScheme()
+                                .name(BASIC_AUTH_SEC_SCHEME_NAME)
+                                .type(SecurityScheme.Type.HTTP)
+                                .in(SecurityScheme.In.HEADER)
+                                .scheme("basic")));
+        })
        .build();
  }

@@ -72,9 +72,23 @@ public class OpenApiConfiguration {
      havingValue = "true",
      matchIfMissing = true)
  public GroupedOpenApi ddiApi() {
-    return GroupedOpenApi.builder()
+    return GroupedOpenApi
+        .builder()
        .group("Direct Device Integration API")
        .pathsToMatch("/{tenant}/controller/**")
+        .addOpenApiCustomiser(openApi -> {
+            openApi
+                .addSecurityItem(new SecurityRequirement().addList(DDI_TOKEN_SEC_SCHEME_NAME))
+                .components(
+                    openApi
+                        .getComponents()
+                        .addSecuritySchemes(DDI_TOKEN_SEC_SCHEME_NAME,
+                            new SecurityScheme()
+                                .name("Authorization")
+                                .type(SecurityScheme.Type.APIKEY)
+                                .in(SecurityScheme.In.HEADER)
+                                .description("Format: (Target|Gateway)Token &lt;token&gt;")));
+        })
        .build();
  }
 }