|
|
|
|
@@ -9,30 +9,13 @@
|
|
|
|
|
*/
|
|
|
|
|
package org.eclipse.hawkbit.autoconfigure.security;
|
|
|
|
|
|
|
|
|
|
import java.util.Collections;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
import java.util.Optional;
|
|
|
|
|
|
|
|
|
|
import org.eclipse.hawkbit.ContextAware;
|
|
|
|
|
import org.eclipse.hawkbit.audit.AuditContextProvider;
|
|
|
|
|
import org.eclipse.hawkbit.audit.AuditLoggingAspect;
|
|
|
|
|
import org.eclipse.hawkbit.context.AccessContext;
|
|
|
|
|
import org.eclipse.hawkbit.repository.RepositoryConfiguration;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAware.DefaultTenantResolver;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAware.TenantResolver;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties.User;
|
|
|
|
|
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
|
|
|
|
import org.eclipse.hawkbit.security.InMemoryUserAuthoritiesResolver;
|
|
|
|
|
import org.eclipse.hawkbit.security.MdcHandler;
|
|
|
|
|
import org.eclipse.hawkbit.security.SecurityContextSerializer;
|
|
|
|
|
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
|
|
|
|
|
import org.eclipse.hawkbit.security.SecurityTokenGenerator;
|
|
|
|
|
import org.eclipse.hawkbit.security.SpringSecurityAuditorAware;
|
|
|
|
|
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAware;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
import org.eclipse.hawkbit.tenancy.TenantAwareUserProperties;
|
|
|
|
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
|
|
|
|
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
|
|
|
|
@@ -41,14 +24,12 @@ import org.springframework.context.annotation.Bean;
|
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
|
import org.springframework.context.annotation.Import;
|
|
|
|
|
import org.springframework.data.domain.AuditorAware;
|
|
|
|
|
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
|
|
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
|
|
|
|
|
import org.springframework.util.CollectionUtils;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@link EnableAutoConfiguration Auto-configuration} for security.
|
|
|
|
|
@@ -58,48 +39,6 @@ import org.springframework.util.CollectionUtils;
|
|
|
|
|
@Import(RepositoryConfiguration.class)
|
|
|
|
|
public class SecurityAutoConfiguration {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates a {@link ContextAware} (hence {@link TenantAware}) bean based on the given {@link UserAuthoritiesResolver},
|
|
|
|
|
* {@link SecurityContextSerializer} and {@link TenantResolver}.
|
|
|
|
|
*
|
|
|
|
|
* @param authoritiesResolver The user authorities/roles resolver
|
|
|
|
|
* @param securityContextSerializer The security context serializer (optional, if not found the default {@link SecurityContextSerializer#NOP} is used).
|
|
|
|
|
* @param tenantResolver The tenant resolver (optional, if not found the default {@link DefaultTenantResolver} is used).
|
|
|
|
|
* @return the {@link ContextAware} singleton bean.
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public ContextAware contextAware(
|
|
|
|
|
final UserAuthoritiesResolver authoritiesResolver,
|
|
|
|
|
@Autowired(required = false) final SecurityContextSerializer securityContextSerializer,
|
|
|
|
|
@Autowired(required = false) final TenantResolver tenantResolver) {
|
|
|
|
|
return new SecurityContextTenantAware(authoritiesResolver, securityContextSerializer, tenantResolver);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates a {@link UserAuthoritiesResolver} bean that is responsible for resolving user authorities/roles.
|
|
|
|
|
*
|
|
|
|
|
* @param securityProperties The Spring {@link SecurityProperties} for the security user
|
|
|
|
|
* @param tenantAwareUserProperties The {@link TenantAwareUserProperties} for the managed users
|
|
|
|
|
* @return an {@link InMemoryUserAuthoritiesResolver} bean
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public UserAuthoritiesResolver inMemoryAuthoritiesResolver(
|
|
|
|
|
final SecurityProperties securityProperties,
|
|
|
|
|
final TenantAwareUserProperties tenantAwareUserProperties) {
|
|
|
|
|
final Map<String, User> tenantAwareUsers = tenantAwareUserProperties.getUser();
|
|
|
|
|
final Map<String, List<String>> usersToPermissions;
|
|
|
|
|
if (!CollectionUtils.isEmpty(tenantAwareUsers)) {
|
|
|
|
|
usersToPermissions = tenantAwareUsers.entrySet().stream().collect(
|
|
|
|
|
Collectors.toMap(Map.Entry::getKey, e -> e.getValue().getRoles()));
|
|
|
|
|
} else {
|
|
|
|
|
usersToPermissions = Collections.singletonMap(securityProperties.getUser().getName(),
|
|
|
|
|
securityProperties.getUser().getRoles());
|
|
|
|
|
}
|
|
|
|
|
return new InMemoryUserAuthoritiesResolver(usersToPermissions);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates the auditor aware.
|
|
|
|
|
*
|
|
|
|
|
@@ -108,13 +47,7 @@ public class SecurityAutoConfiguration {
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public AuditorAware<String> auditorAware() {
|
|
|
|
|
return new SpringSecurityAuditorAware();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public AuditContextProvider auditContextProvider() {
|
|
|
|
|
return AuditContextProvider.getInstance();
|
|
|
|
|
return () -> Optional.ofNullable(AccessContext.actor());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
@@ -123,28 +56,6 @@ public class SecurityAutoConfiguration {
|
|
|
|
|
return new AuditLoggingAspect();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param tenantAware singleton bean
|
|
|
|
|
* @return tenantAware {@link SystemSecurityContext}
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public SystemSecurityContext systemSecurityContext(final TenantAware tenantAware, final RoleHierarchy roleHierarchy) {
|
|
|
|
|
return new SystemSecurityContext(tenantAware, roleHierarchy);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public MdcHandler mdcHandler() {
|
|
|
|
|
return MdcHandler.getInstance();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public SecurityTokenGenerator securityTokenGenerator() {
|
|
|
|
|
return new SecurityTokenGenerator();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Bean
|
|
|
|
|
@ConditionalOnMissingBean
|
|
|
|
|
public AuthenticationSuccessHandler authenticationSuccessHandler() {
|
|
|
|
|
|