Refactor hawkbit core and security (#2833)

* Refactor hawkbit core and security

* improve access to the base core features - static
* thus easiear access
* and less boilerplate passing of instances

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

* Refactor context classes

* make JSON context serialization default

* AccessContext

* Split hawkbit-security-core to other modules and remove it

---------

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-11-27 13:07:49 +02:00
committed by GitHub
parent 58dbc32a80
commit f6f62db0ad
274 changed files with 2534 additions and 4458 deletions

View File

@@ -9,17 +9,20 @@
*/
package org.eclipse.hawkbit.autoconfigure.mgmt;
import static org.eclipse.hawkbit.context.AccessContext.asSystem;
import java.io.Serial;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.hawkbit.im.authentication.SpPermission;
import org.eclipse.hawkbit.auth.SpPermission;
import org.eclipse.hawkbit.context.Mdc;
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
import org.eclipse.hawkbit.oidc.OidcProperties;
import org.eclipse.hawkbit.oidc.OidcProperties.Oauth2.ResourceServer.Jwt.Claim;
@@ -27,8 +30,6 @@ import org.eclipse.hawkbit.repository.SystemManagement;
import org.eclipse.hawkbit.rest.SecurityManagedConfiguration;
import org.eclipse.hawkbit.rest.security.DosFilter;
import org.eclipse.hawkbit.security.HawkbitSecurityProperties;
import org.eclipse.hawkbit.security.MdcHandler;
import org.eclipse.hawkbit.security.SystemSecurityContext;
import org.eclipse.hawkbit.tenancy.TenantAwareAuthenticationDetails;
import org.eclipse.hawkbit.tenancy.TenantAwareUser;
import org.springframework.beans.factory.annotation.Autowired;
@@ -105,11 +106,10 @@ public class MgmtSecurityConfiguration {
final HttpSecurity http,
@Autowired(required = false) @Qualifier("hawkbitOAuth2ResourceServerCustomizer") final Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServerCustomizer,
// called just before build of the SecurityFilterChain.
// could be used for instance to set authentication provider
// could be used for instance to set auth provider
// Note: implementation of the customizer shall always take in account what is the already set by the hawkBit
@Autowired(required = false) @Qualifier("hawkbitHttpSecurityCustomizer") final Customizer<HttpSecurity> httpSecurityCustomizer,
final SystemManagement systemManagement,
final SystemSecurityContext systemSecurityContext) throws Exception {
final SystemManagement systemManagement) throws Exception {
http
.securityMatcher(MgmtRestConstants.BASE_REST_MAPPING + "/**", MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.authorizeHttpRequests(amrmRegistry -> amrmRegistry
@@ -120,11 +120,11 @@ public class MgmtSecurityConfiguration {
.anonymous(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.addFilterAfter(
// Servlet filter to create metadata after successful authentication over RESTful.
// Servlet filter to create metadata after successful auth over RESTful.
(request, response, chain) -> {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
systemSecurityContext.runAsSystem(systemManagement::getTenantMetadataWithoutDetails);
asSystem(systemManagement::getTenantMetadataWithoutDetails);
}
chain.doFilter(request, response);
},
@@ -156,7 +156,7 @@ public class MgmtSecurityConfiguration {
httpSecurityCustomizer.customize(http);
}
MdcHandler.Filter.addMdcFilter(http);
Mdc.Filter.addMdcFilter(http);
return http.build();
}