Refactor hawkbit core and security (#2833)

* Refactor hawkbit core and security

* improve access to the base core features - static
* thus easiear access
* and less boilerplate passing of instances

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

* Refactor context classes

* make JSON context serialization default

* AccessContext

* Split hawkbit-security-core to other modules and remove it

---------

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-11-27 13:07:49 +02:00
committed by GitHub
parent 58dbc32a80
commit f6f62db0ad
274 changed files with 2534 additions and 4458 deletions

View File

@@ -10,6 +10,7 @@
package org.eclipse.hawkbit.security.controller;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@@ -21,14 +22,13 @@ import jakarta.servlet.http.HttpServletResponse;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import org.eclipse.hawkbit.security.DdiSecurityProperties;
import org.eclipse.hawkbit.util.UrlUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriUtils;
/**
* An abstraction for all controller based security to parse the e.g. the tenant name from the URL and the controller ID from the URL to do
@@ -119,8 +119,9 @@ public class AuthenticationFilters {
authenticator.log().debug("retrieving principal from URI request {}", requestURI);
final Map<String, String> extractUriTemplateVariables = pathExtractor
.extractUriTemplateVariables(request.getContextPath() + CONTROLLER_REQUEST_ANT_PATTERN, requestURI);
final String controllerId = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER));
final String tenant = UrlUtils.decodeUriValue(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER));
final String controllerId = UriUtils.decode(extractUriTemplateVariables.get(CONTROLLER_ID_PLACE_HOLDER),
StandardCharsets.UTF_8);
final String tenant = UriUtils.decode(extractUriTemplateVariables.get(TENANT_PLACE_HOLDER), StandardCharsets.UTF_8);
authenticator.log().trace("Parsed tenant {} and controllerId {} from path request {}", tenant, controllerId, requestURI);
return createTenantSecurityTokenVariables(request, tenant, controllerId);
} else {
@@ -147,8 +148,8 @@ public class AuthenticationFilters {
// source ip matches the given pattern -> authenticated
return true;
} else {
authenticator.log().debug(
"The remote source IP address {} is not in the list of trusted IP addresses {}", remoteAddress, authorizedSourceIps);
authenticator.log().debug("The remote source IP address {} is not in the list of trusted IP addresses {}",
remoteAddress, authorizedSourceIps);
return false;
}
}

View File

@@ -9,16 +9,15 @@
*/
package org.eclipse.hawkbit.security.controller;
import static org.eclipse.hawkbit.context.AccessContext.asSystemAsTenant;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.Callable;
import lombok.EqualsAndHashCode;
import org.eclipse.hawkbit.im.authentication.SpRole;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.auth.SpRole;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
import org.slf4j.Logger;
import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -32,10 +31,10 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
public interface Authenticator {
/**
* If the authentication mechanism is not enabled for the tenant - it just returns null.
* If the authentication mechanism is supported, the filter extracts from the security token the related credentials,
* If the auth mechanism is not enabled for the tenant - it just returns null.
* If the auth mechanism is supported, the filter extracts from the security token the related credentials,
* validate them (do authenticate the caller).
* If validation / authentication is successful returns an authenticated authentication object. Otherwise,
* If validation / auth is successful returns an authenticated auth object. Otherwise,
* throws BadCredentialsException.
*
* @param controllerSecurityToken the securityToken
@@ -47,23 +46,10 @@ public interface Authenticator {
abstract class AbstractAuthenticator implements Authenticator {
protected final TenantConfigurationManagement tenantConfigurationManagement;
protected final TenantAware tenantAware;
protected final SystemSecurityContext systemSecurityContext;
private final Callable<Boolean> isEnabledGetter;
protected AbstractAuthenticator(
final TenantConfigurationManagement tenantConfigurationManagement,
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
this.tenantConfigurationManagement = tenantConfigurationManagement;
this.tenantAware = tenantAware;
this.systemSecurityContext = systemSecurityContext;
isEnabledGetter = () -> systemSecurityContext.runAsSystem(
() -> tenantConfigurationManagement.getConfigurationValue(getTenantConfigurationKey(), Boolean.class).getValue());
}
protected boolean isEnabled(final ControllerSecurityToken securityToken) {
return tenantAware.runAsTenant(securityToken.getTenant(), isEnabledGetter);
return asSystemAsTenant(
securityToken.getTenant(),
() -> TenantConfigHelper.getAsSystem(getTenantConfigurationKey(), Boolean.class));
}
protected abstract String getTenantConfigurationKey();

View File

@@ -0,0 +1,108 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.security.controller;
import java.util.List;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.ToString;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* The common properties for DDI security.
*/
@Getter
@EqualsAndHashCode
@ToString
@ConfigurationProperties("hawkbit.server.ddi.security")
public class DdiSecurityProperties {
private final Rp rp = new Rp();
private final Authentication authentication = new Authentication();
public Authentication getAuthentication() {
return authentication;
}
public Rp getRp() {
return rp;
}
/**
* Reverse proxy configuration. Defines the security properties for
* authenticating controllers behind a reverse proxy which terminates the
* SSL session at the reverse proxy but adding request header which contains
* the CN of the certificate.
*/
@Data
public static class Rp {
/**
* HTTP header field for common name of a DDI target client certificate.
*/
private String cnHeader = "X-Ssl-Client-Cn";
/**
* HTTP header field for issuer hash of a DDI target client certificate.
*/
private String sslIssuerHashHeader = "X-Ssl-Issuer-Hash-%d";
/**
* List of trusted (reverse proxy) IP addresses for performing DDI
* client certificate auth.
*/
private List<String> trustedIPs;
}
/**
* DDI Authentication options.
*/
@Data
public static class Authentication {
private final Targettoken targettoken = new Targettoken();
private final Gatewaytoken gatewaytoken = new Gatewaytoken();
/**
* Target token auth. Tokens are defined per target.
*/
@Data
public static class Targettoken {
/**
* Set to true to enable target token auth.
*/
private boolean enabled = false;
}
/**
* Gateway token auth. Tokens are defined per tenant. Use with care!
*/
@Data
public static class Gatewaytoken {
/**
* Gateway token based auth enabled.
*/
private boolean enabled = false;
/**
* Default gateway token name.
*/
private String name = "";
/**
* Default gateway token itself.
*/
@ToString.Exclude
private String key = "";
}
}
}

View File

@@ -9,16 +9,12 @@
*/
package org.eclipse.hawkbit.security.controller;
import static org.eclipse.hawkbit.context.AccessContext.asSystemAsTenant;
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_ENABLED;
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY;
import java.util.concurrent.Callable;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.slf4j.Logger;
import org.springframework.security.core.Authentication;
@@ -35,22 +31,6 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat
public static final String GATEWAY_SECURITY_TOKEN_AUTH_SCHEME = "GatewayToken ";
private static final int OFFSET_GATEWAY_TOKEN = GATEWAY_SECURITY_TOKEN_AUTH_SCHEME.length();
private final Callable<String> gatewaySecurityTokenKeyGetter;
public GatewayTokenAuthenticator(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
final SystemSecurityContext systemSecurityContext) {
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
gatewaySecurityTokenKeyGetter = () -> {
log.trace("retrieving configuration value for configuration key {}", AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY);
return systemSecurityContext
.runAsSystem(() -> tenantConfigurationManagement
.getConfigurationValue(AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY, String.class)
.getValue());
};
}
@Override
public Authentication authenticate(final ControllerSecurityToken controllerSecurityToken) {
final String authHeader = controllerSecurityToken.getHeader(ControllerSecurityToken.AUTHORIZATION_HEADER);
@@ -63,7 +43,7 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat
}
if (!isEnabled(controllerSecurityToken)) {
log.debug("The gateway token authentication is disabled");
log.debug("The gateway token auth is disabled");
return null;
}
@@ -71,8 +51,14 @@ public class GatewayTokenAuthenticator extends Authenticator.AbstractAuthenticat
final String presentedToken = authHeader.substring(OFFSET_GATEWAY_TOKEN);
// validate if the presented token is the same as the gateway token
return presentedToken.equals(tenantAware.runAsTenant(controllerSecurityToken.getTenant(), gatewaySecurityTokenKeyGetter))
? authenticatedController(controllerSecurityToken.getTenant(), controllerSecurityToken.getControllerId()) : null;
return presentedToken.equals(asSystemAsTenant(
controllerSecurityToken.getTenant(),
() -> {
log.trace("retrieving configuration value for configuration key {}", AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY);
return TenantConfigHelper.getAsSystem(AUTHENTICATION_GATEWAY_SECURITY_TOKEN_KEY, String.class);
}))
? authenticatedController(controllerSecurityToken.getTenant(), controllerSecurityToken.getControllerId())
: null;
}
@Override

View File

@@ -9,14 +9,14 @@
*/
package org.eclipse.hawkbit.security.controller;
import static org.eclipse.hawkbit.context.AccessContext.asSystemAsTenant;
import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_HEADER_AUTHORITY_NAME;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Callable;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -29,7 +29,7 @@ import org.springframework.security.core.Authentication;
@Slf4j
public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthenticator {
private static final Logger LOG_SECURITY_AUTH = LoggerFactory.getLogger("server-security.authentication");
private static final Logger LOG_SECURITY_AUTH = LoggerFactory.getLogger("server-security.auth");
// Example Headers with Cert Information
// Clientip: 217.24.201.180
@@ -48,18 +48,9 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic
// header exists multiple times in the request for all trusted chains.
private final String sslIssuerHashBasicHeader;
private final Callable<String> sslIssuerNameConfigGetter;
public SecurityHeaderAuthenticator(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
final SystemSecurityContext systemSecurityContext,
final String caCommonNameHeader, final String caAuthorityNameHeader) {
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
public SecurityHeaderAuthenticator(final String caCommonNameHeader, final String caAuthorityNameHeader) {
this.caCommonNameHeader = caCommonNameHeader;
this.sslIssuerHashBasicHeader = caAuthorityNameHeader;
sslIssuerNameConfigGetter = () -> systemSecurityContext.runAsSystem(
() -> tenantConfigurationManagement.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_HEADER_AUTHORITY_NAME, String.class).getValue());
}
@Override
@@ -76,13 +67,15 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic
}
if (!isEnabled(controllerSecurityToken)) {
log.debug("The gateway header authentication is disabled");
log.debug("The gateway header auth is disabled");
return null;
}
final String sslIssuerHashValue = getIssuerHashHeader(
controllerSecurityToken,
tenantAware.runAsTenant(controllerSecurityToken.getTenant(), sslIssuerNameConfigGetter));
asSystemAsTenant(
controllerSecurityToken.getTenant(),
() -> TenantConfigHelper.getAsSystem(AUTHENTICATION_HEADER_AUTHORITY_NAME, String.class)));
if (sslIssuerHashValue == null) {
log.debug("The request contains the 'common name' header but trusted hash is not found");
return null;
@@ -115,7 +108,8 @@ public class SecurityHeaderAuthenticator extends Authenticator.AbstractAuthentic
// iterate over the headers until we get a null header.
String foundHash;
for (int iHeader = 1; (foundHash = controllerSecurityToken.getHeader(String.format(sslIssuerHashBasicHeader, iHeader))) != null; iHeader++) {
for (int iHeader = 1; (foundHash = controllerSecurityToken.getHeader(
String.format(sslIssuerHashBasicHeader, iHeader))) != null; iHeader++) {
if (knownHashes.contains(foundHash.toLowerCase())) {
if (log.isTraceEnabled()) {
log.trace("Found matching ssl issuer hash at position {}", iHeader);

View File

@@ -9,11 +9,10 @@
*/
package org.eclipse.hawkbit.security.controller;
import static org.eclipse.hawkbit.context.AccessContext.asSystemAsTenant;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties.TenantConfigurationKey;
import org.slf4j.Logger;
import org.springframework.security.core.Authentication;
@@ -32,11 +31,7 @@ public class SecurityTokenAuthenticator extends Authenticator.AbstractAuthentica
private final ControllerManagement controllerManagement;
public SecurityTokenAuthenticator(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
final SystemSecurityContext systemSecurityContext,
final ControllerManagement controllerManagement) {
super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
public SecurityTokenAuthenticator(final ControllerManagement controllerManagement) {
this.controllerManagement = controllerManagement;
}
@@ -52,21 +47,20 @@ public class SecurityTokenAuthenticator extends Authenticator.AbstractAuthentica
}
if (!isEnabled(controllerSecurityToken)) {
log.debug("The target security token authentication is disabled");
log.debug("The target security token auth is disabled");
return null;
}
log.debug("Found 'authorization' header starting with '{}'", TARGET_SECURITY_TOKEN_AUTH_SCHEME);
final String presentedToken = authHeader.substring(OFFSET_TARGET_TOKEN);
return systemSecurityContext.runAsSystemAsTenant(() -> controllerSecurityToken.getTargetId() != null
final String tenant = controllerSecurityToken.getTenant();
return asSystemAsTenant(tenant, () -> controllerSecurityToken.getTargetId() != null
? controllerManagement.find(controllerSecurityToken.getTargetId())
: controllerManagement.findByControllerId(controllerSecurityToken.getControllerId()),
controllerSecurityToken.getTenant())
: controllerManagement.findByControllerId(controllerSecurityToken.getControllerId()))
// validate if the presented token is the same as the one set for the target
.filter(target -> presentedToken.equals(
systemSecurityContext.runAsSystemAsTenant(target::getSecurityToken, controllerSecurityToken.getTenant())))
.map(target -> authenticatedController(controllerSecurityToken.getTenant(), target.getControllerId()))
.filter(target -> presentedToken.equals(asSystemAsTenant(tenant, target::getSecurityToken)))
.map(target -> authenticatedController(tenant, target.getControllerId()))
.orElse(null);
}

View File

@@ -16,10 +16,8 @@ import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationPrope
import static org.mockito.Mockito.when;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -28,7 +26,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
/**
* Feature: Unit Tests - Security<br/>
* Story: Gateway token authentication
* Story: Gateway token auth
*/
@ExtendWith(MockitoExtension.class)
class GatewayTokenAuthenticatorTest {
@@ -48,17 +46,15 @@ class GatewayTokenAuthenticatorTest {
@Mock
private TenantConfigurationManagement tenantConfigurationManagementMock;
@Mock
private UserAuthoritiesResolver authoritiesResolver;
@BeforeEach
void before() {
final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver);
authenticator = new GatewayTokenAuthenticator(tenantConfigurationManagementMock, tenantAware, new SystemSecurityContext(tenantAware));
TenantConfigHelper.setTenantConfigurationManagement(tenantConfigurationManagementMock);
authenticator = new GatewayTokenAuthenticator();
}
/**
* Tests successful authentication with gateway token
* Tests successful auth with gateway token
*/
@Test
void testWithGwToken() {
@@ -74,7 +70,7 @@ class GatewayTokenAuthenticatorTest {
}
/**
* Tests that if gateway token doesn't match, the authentication fails
* Tests that if gateway token doesn't match, the auth fails
*/
@Test
void testWithBadGwToken() {
@@ -88,7 +84,7 @@ class GatewayTokenAuthenticatorTest {
}
/**
* Tests that if gateway token miss, the authentication fails
* Tests that if gateway token miss, the auth fails
*/
@Test
void testWithoutGwToken() {
@@ -96,7 +92,7 @@ class GatewayTokenAuthenticatorTest {
}
/**
* Tests that if disabled, the authentication fails
* Tests that if disabled, the auth fails
*/
@Test
void testWithGwTokenButDisabled() {

View File

@@ -15,10 +15,8 @@ import static org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationPrope
import static org.mockito.Mockito.when;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -57,20 +55,15 @@ class SecurityHeaderAuthenticatorTest {
@Mock
private TenantConfigurationManagement tenantConfigurationManagementMock;
@Mock
private UserAuthoritiesResolver authoritiesResolver;
@BeforeEach
void before() {
final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver);
authenticator = new SecurityHeaderAuthenticator(
tenantConfigurationManagementMock, tenantAware,
new SystemSecurityContext(tenantAware), CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d"
);
TenantConfigHelper.setTenantConfigurationManagement(tenantConfigurationManagementMock);
authenticator = new SecurityHeaderAuthenticator(CA_COMMON_NAME, "X-Ssl-Issuer-Hash-%d");
}
/**
* Tests successful authentication with multiple a single hashes
* Tests successful auth with multiple a single hashes
*/
@Test
void testWithSingleKnownHash() {
@@ -86,7 +79,7 @@ class SecurityHeaderAuthenticatorTest {
}
/**
* Tests successful authentication with multiple hashes
* Tests successful auth with multiple hashes
*/
@Test
void testWithMultipleKnownHashes() {
@@ -107,7 +100,7 @@ class SecurityHeaderAuthenticatorTest {
}
/**
* Tests that if the hash is unknown, the authentication fails
* Tests that if the hash is unknown, the auth fails
*/
@Test
void testWithUnknownHash() {
@@ -121,7 +114,7 @@ class SecurityHeaderAuthenticatorTest {
}
/**
* Tests that if CN doesn't match the CN in the security token, the authentication fails
* Tests that if CN doesn't match the CN in the security token, the auth fails
*/
@Test
void testWithNonMatchingCN() {
@@ -133,7 +126,7 @@ class SecurityHeaderAuthenticatorTest {
}
/**
* Tests that if the hash miss, the authentication fails
* Tests that if the hash miss, the auth fails
*/
@Test
void testWithoutHash() {
@@ -141,7 +134,7 @@ class SecurityHeaderAuthenticatorTest {
}
/**
* Tests that if disabled, the authentication fails
* Tests that if disabled, the auth fails
*/
@Test
void testWithSingleKnownHashButDisabled() {

View File

@@ -17,11 +17,9 @@ import java.util.Optional;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.helper.TenantConfigHelper;
import org.eclipse.hawkbit.repository.model.Target;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.security.SecurityContextTenantAware;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -31,7 +29,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
/**
* Feature: Unit Tests - Security<br/>
* Story: Gateway token authentication
* Story: Gateway token auth
*/
@ExtendWith(MockitoExtension.class)
class SecurityTokenAuthenticatorTest {
@@ -51,19 +49,15 @@ class SecurityTokenAuthenticatorTest {
private TenantConfigurationManagement tenantConfigurationManagementMock;
@Mock
private ControllerManagement controllerManagementMock;
@Mock
private UserAuthoritiesResolver authoritiesResolver;
@BeforeEach
void before() {
final SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(authoritiesResolver);
authenticator = new SecurityTokenAuthenticator(
tenantConfigurationManagementMock, tenantAware,
new SystemSecurityContext(tenantAware), controllerManagementMock);
TenantConfigHelper.setTenantConfigurationManagement(tenantConfigurationManagementMock);
authenticator = new SecurityTokenAuthenticator(controllerManagementMock);
}
/**
* Tests successful authentication with gateway token
* Tests successful auth with gateway token
*/
@Test
void testWithSecToken() {
@@ -82,7 +76,7 @@ class SecurityTokenAuthenticatorTest {
}
/**
* Tests that if gateway token doesn't match, the authentication fails
* Tests that if gateway token doesn't match, the auth fails
*/
@Test
void testWithBadSecToken() {
@@ -94,7 +88,7 @@ class SecurityTokenAuthenticatorTest {
}
/**
* Tests that if gateway token miss, the authentication fails
* Tests that if gateway token miss, the auth fails
*/
@Test
void testWithoutSecToken() {
@@ -102,7 +96,7 @@ class SecurityTokenAuthenticatorTest {
}
/**
* Tests that if disabled, the authentication fails
* Tests that if disabled, the auth fails
*/
@Test
void testWithSecTokenButDisabled() {