Refactor hawkbit core and security (#2833)
* Refactor hawkbit core and security * improve access to the base core features - static * thus easiear access * and less boilerplate passing of instances Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Refactor context classes * make JSON context serialization default * AccessContext * Split hawkbit-security-core to other modules and remove it --------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -12,20 +12,17 @@ package org.eclipse.hawkbit.autoconfigure.ddi;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.context.Mdc;
|
||||
import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.rest.SecurityManagedConfiguration;
|
||||
import org.eclipse.hawkbit.rest.security.DosFilter;
|
||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.MdcHandler;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.security.controller.AuthenticationFilters;
|
||||
import org.eclipse.hawkbit.security.controller.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.controller.GatewayTokenAuthenticator;
|
||||
import org.eclipse.hawkbit.security.controller.SecurityHeaderAuthenticator;
|
||||
import org.eclipse.hawkbit.security.controller.SecurityTokenAuthenticator;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@@ -50,23 +47,15 @@ class ControllerDownloadSecurityConfiguration {
|
||||
DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/{controllerId}/softwaremodules/{softwareModuleId}/artifacts/*";
|
||||
|
||||
private final ControllerManagement controllerManagement;
|
||||
private final TenantConfigurationManagement tenantConfigurationManagement;
|
||||
private final TenantAware tenantAware;
|
||||
private final DdiSecurityProperties ddiSecurityConfiguration;
|
||||
private final HawkbitSecurityProperties securityProperties;
|
||||
private final SystemSecurityContext systemSecurityContext;
|
||||
|
||||
ControllerDownloadSecurityConfiguration(
|
||||
final ControllerManagement controllerManagement,
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||
final DdiSecurityProperties ddiSecurityConfiguration,
|
||||
final HawkbitSecurityProperties securityProperties, final SystemSecurityContext systemSecurityContext) {
|
||||
final DdiSecurityProperties ddiSecurityConfiguration, final HawkbitSecurityProperties securityProperties) {
|
||||
this.controllerManagement = controllerManagement;
|
||||
this.tenantConfigurationManagement = tenantConfigurationManagement;
|
||||
this.tenantAware = tenantAware;
|
||||
this.ddiSecurityConfiguration = ddiSecurityConfiguration;
|
||||
this.securityProperties = securityProperties;
|
||||
this.systemSecurityContext = systemSecurityContext;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -95,17 +84,13 @@ class ControllerDownloadSecurityConfiguration {
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityHeaderAuthenticationFilter(
|
||||
new SecurityHeaderAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext,
|
||||
ddiSecurityConfiguration.getRp().getCnHeader(), ddiSecurityConfiguration.getRp().getSslIssuerHashHeader()),
|
||||
ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityTokenAuthenticationFilter(
|
||||
new SecurityTokenAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext,
|
||||
controllerManagement),
|
||||
new SecurityTokenAuthenticator(controllerManagement),
|
||||
ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(new AuthenticationFilters.GatewayTokenAuthenticationFilter(
|
||||
new GatewayTokenAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware, systemSecurityContext),
|
||||
new GatewayTokenAuthenticator(),
|
||||
ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
||||
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
||||
@@ -115,7 +100,7 @@ class ControllerDownloadSecurityConfiguration {
|
||||
http.redirectToHttps(Customizer.withDefaults());
|
||||
}
|
||||
|
||||
MdcHandler.Filter.addMdcFilter(http);
|
||||
Mdc.Filter.addMdcFilter(http);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@@ -12,20 +12,17 @@ package org.eclipse.hawkbit.autoconfigure.ddi;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.context.Mdc;
|
||||
import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
|
||||
import org.eclipse.hawkbit.repository.ControllerManagement;
|
||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||
import org.eclipse.hawkbit.rest.SecurityManagedConfiguration;
|
||||
import org.eclipse.hawkbit.rest.security.DosFilter;
|
||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.MdcHandler;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.security.controller.AuthenticationFilters;
|
||||
import org.eclipse.hawkbit.security.controller.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.controller.GatewayTokenAuthenticator;
|
||||
import org.eclipse.hawkbit.security.controller.SecurityHeaderAuthenticator;
|
||||
import org.eclipse.hawkbit.security.controller.SecurityTokenAuthenticator;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAware;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
@@ -52,23 +49,16 @@ class ControllerSecurityConfiguration {
|
||||
private static final String[] DDI_ANT_MATCHERS = { DdiRestConstants.BASE_V1_REQUEST_MAPPING + "/**" };
|
||||
|
||||
private final ControllerManagement controllerManagement;
|
||||
private final TenantConfigurationManagement tenantConfigurationManagement;
|
||||
private final TenantAware tenantAware;
|
||||
private final DdiSecurityProperties ddiSecurityConfiguration;
|
||||
private final HawkbitSecurityProperties securityProperties;
|
||||
private final SystemSecurityContext systemSecurityContext;
|
||||
|
||||
@Autowired
|
||||
ControllerSecurityConfiguration(final ControllerManagement controllerManagement,
|
||||
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
|
||||
final DdiSecurityProperties ddiSecurityConfiguration,
|
||||
final HawkbitSecurityProperties securityProperties, final SystemSecurityContext systemSecurityContext) {
|
||||
ControllerSecurityConfiguration(
|
||||
final ControllerManagement controllerManagement, final DdiSecurityProperties ddiSecurityConfiguration,
|
||||
final HawkbitSecurityProperties securityProperties) {
|
||||
this.controllerManagement = controllerManagement;
|
||||
this.tenantConfigurationManagement = tenantConfigurationManagement;
|
||||
this.tenantAware = tenantAware;
|
||||
this.ddiSecurityConfiguration = ddiSecurityConfiguration;
|
||||
this.securityProperties = securityProperties;
|
||||
this.systemSecurityContext = systemSecurityContext;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -89,7 +79,6 @@ class ControllerSecurityConfiguration {
|
||||
return filterRegBean;
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
@Order(301)
|
||||
protected SecurityFilterChain filterChainDDI(
|
||||
@@ -100,24 +89,23 @@ class ControllerSecurityConfiguration {
|
||||
.authorizeHttpRequests(amrmRegistry -> amrmRegistry.anyRequest().authenticated())
|
||||
.anonymous(AbstractHttpConfigurer::disable)
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityHeaderAuthenticationFilter(
|
||||
new SecurityHeaderAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware,
|
||||
systemSecurityContext, ddiSecurityConfiguration.getRp().getCnHeader(), ddiSecurityConfiguration.getRp().getSslIssuerHashHeader()
|
||||
), ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(new AuthenticationFilters.SecurityTokenAuthenticationFilter(
|
||||
new SecurityTokenAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware,
|
||||
systemSecurityContext, controllerManagement), ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(new AuthenticationFilters.GatewayTokenAuthenticationFilter(
|
||||
new GatewayTokenAuthenticator(
|
||||
tenantConfigurationManagement, tenantAware,
|
||||
systemSecurityContext), ddiSecurityConfiguration), AuthorizationFilter.class)
|
||||
.addFilterBefore(
|
||||
new AuthenticationFilters.SecurityHeaderAuthenticationFilter(
|
||||
new SecurityHeaderAuthenticator(
|
||||
ddiSecurityConfiguration.getRp().getCnHeader(),
|
||||
ddiSecurityConfiguration.getRp().getSslIssuerHashHeader()), ddiSecurityConfiguration),
|
||||
AuthorizationFilter.class)
|
||||
.addFilterBefore(
|
||||
new AuthenticationFilters.SecurityTokenAuthenticationFilter(
|
||||
new SecurityTokenAuthenticator(controllerManagement), ddiSecurityConfiguration),
|
||||
AuthorizationFilter.class)
|
||||
.addFilterBefore(
|
||||
new AuthenticationFilters.GatewayTokenAuthenticationFilter(new GatewayTokenAuthenticator(), ddiSecurityConfiguration),
|
||||
AuthorizationFilter.class)
|
||||
.exceptionHandling(configurer -> configurer.authenticationEntryPoint(
|
||||
(request, response, authException) -> response.setStatus(HttpStatus.UNAUTHORIZED.value())))
|
||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
|
||||
|
||||
|
||||
if (securityProperties.getCors().isEnabled() && !disableCorsForDdiApi) {
|
||||
http.cors(configurer -> configurer.configurationSource(securityProperties.getCors().toCorsConfigurationSource()));
|
||||
}
|
||||
@@ -126,7 +114,7 @@ class ControllerSecurityConfiguration {
|
||||
http.requiresChannel(crmRegistry -> crmRegistry.anyRequest().requiresSecure());
|
||||
}
|
||||
|
||||
MdcHandler.Filter.addMdcFilter(http);
|
||||
Mdc.Filter.addMdcFilter(http);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
package org.eclipse.hawkbit.autoconfigure.ddi;
|
||||
|
||||
import org.eclipse.hawkbit.ddi.rest.resource.DdiApiConfiguration;
|
||||
import org.eclipse.hawkbit.security.DdiSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.controller.DdiSecurityProperties;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
|
||||
Reference in New Issue
Block a user