Refactor hawkbit core and security (#2833)
* Refactor hawkbit core and security * improve access to the base core features - static * thus easiear access * and less boilerplate passing of instances Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Refactor context classes * make JSON context serialization default * AccessContext * Split hawkbit-security-core to other modules and remove it --------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -9,17 +9,20 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.autoconfigure.mgmt;
|
||||
|
||||
import static org.eclipse.hawkbit.context.AccessContext.asSystem;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.eclipse.hawkbit.im.authentication.SpPermission;
|
||||
import org.eclipse.hawkbit.auth.SpPermission;
|
||||
import org.eclipse.hawkbit.context.Mdc;
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
import org.eclipse.hawkbit.oidc.OidcProperties;
|
||||
import org.eclipse.hawkbit.oidc.OidcProperties.Oauth2.ResourceServer.Jwt.Claim;
|
||||
@@ -27,8 +30,6 @@ import org.eclipse.hawkbit.repository.SystemManagement;
|
||||
import org.eclipse.hawkbit.rest.SecurityManagedConfiguration;
|
||||
import org.eclipse.hawkbit.rest.security.DosFilter;
|
||||
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
|
||||
import org.eclipse.hawkbit.security.MdcHandler;
|
||||
import org.eclipse.hawkbit.security.SystemSecurityContext;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
|
||||
import org.eclipse.hawkbit.tenancy.TenantAwareUser;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -105,11 +106,10 @@ public class MgmtSecurityConfiguration {
|
||||
final HttpSecurity http,
|
||||
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
|
||||
// called just before build of the SecurityFilterChain.
|
||||
// could be used for instance to set authentication provider
|
||||
// could be used for instance to set auth provider
|
||||
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
|
||||
@Autowired(required = false) @Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
|
||||
final SystemManagement systemManagement,
|
||||
final SystemSecurityContext systemSecurityContext) throws Exception {
|
||||
final SystemManagement systemManagement) throws Exception {
|
||||
http
|
||||
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
|
||||
.authorizeHttpRequests(amrmRegistry -> amrmRegistry
|
||||
@@ -120,11 +120,11 @@ public class MgmtSecurityConfiguration {
|
||||
.anonymous(AbstractHttpConfigurer::disable)
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.addFilterAfter(
|
||||
// Servlet filter to create metadata after successful authentication over RESTful.
|
||||
// Servlet filter to create metadata after successful auth over RESTful.
|
||||
(request, response, chain) -> {
|
||||
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
systemSecurityContext.runAsSystem(systemManagement::getTenantMetadataWithoutDetails);
|
||||
asSystem(systemManagement::getTenantMetadataWithoutDetails);
|
||||
}
|
||||
chain.doFilter(request, response);
|
||||
},
|
||||
@@ -156,7 +156,7 @@ public class MgmtSecurityConfiguration {
|
||||
httpSecurityCustomizer.customize(http);
|
||||
}
|
||||
|
||||
MdcHandler.Filter.addMdcFilter(http);
|
||||
Mdc.Filter.addMdcFilter(http);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user