From f8538853ed8716542cdf62e0883dffd1028000a9 Mon Sep 17 00:00:00 2001 From: SirWayne Date: Wed, 1 Jun 2016 13:12:53 +0200 Subject: [PATCH] Add method all permissions Signed-off-by: SirWayne --- .../security/SecurityAutoConfiguration.java | 39 ++------------- .../im/authentication/PermissionUtils.java | 47 +++++++++++++++++++ .../im/authentication/SpPermission.java | 30 ++++++++++++ 3 files changed, 81 insertions(+), 35 deletions(-) create mode 100644 hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/PermissionUtils.java diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java index 8a3a50ad2..3d07664df 100644 --- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java +++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityAutoConfiguration.java @@ -8,23 +8,17 @@ */ package org.eclipse.hawkbit.autoconfigure.security; -import java.lang.reflect.Field; -import java.lang.reflect.Modifier; import java.util.ArrayList; -import java.util.Collection; -import java.util.List; import org.eclipse.hawkbit.im.authentication.MultitenancyIndicator; import org.eclipse.hawkbit.im.authentication.PermissionService; -import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.im.authentication.PermissionUtils; import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails; import org.eclipse.hawkbit.im.authentication.UserAuthenticationFilter; -import org.eclipse.hawkbit.security.SecurityContextTenantAware; import org.eclipse.hawkbit.security.DdiSecurityProperties; +import org.eclipse.hawkbit.security.SecurityContextTenantAware; import org.eclipse.hawkbit.security.SpringSecurityAuditorAware; import org.eclipse.hawkbit.tenancy.TenantAware; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; @@ -39,7 +33,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; import org.springframework.security.core.Authentication; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -98,8 +91,6 @@ public class SecurityAutoConfiguration { @ConditionalOnMissingBean(value = { UserAuthenticationFilter.class }) public static class InMemoryUserManagementConfiguration extends GlobalAuthenticationConfigurerAdapter { - private static final Logger LOGGER = LoggerFactory.getLogger(InMemoryUserManagementConfiguration.class); - @Autowired private AuthenticationConfiguration configuration; @@ -127,7 +118,7 @@ public class SecurityAutoConfiguration { final InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager( new ArrayList<>()); inMemoryUserDetailsManager.setAuthenticationManager(null); - inMemoryUserDetailsManager.createUser(new User("admin", "admin", getAllAuthorities())); + inMemoryUserDetailsManager.createUser(new User("admin", "admin", PermissionUtils.createAllAuthorityList())); return inMemoryUserDetailsManager; } @@ -136,29 +127,7 @@ public class SecurityAutoConfiguration { */ @Bean public MultitenancyIndicator multiTenancyIndicator() { - return new MultitenancyIndicator() { - @Override - public boolean isMultiTenancySupported() { - return false; - } - }; - } - - private Collection getAllAuthorities() { - final List allPermissions = new ArrayList<>(); - final Field[] declaredFields = SpPermission.class.getDeclaredFields(); - for (final Field field : declaredFields) { - if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers())) { - field.setAccessible(true); - try { - final String permissionName = (String) field.get(null); - allPermissions.add(new SimpleGrantedAuthority(permissionName)); - } catch (final IllegalAccessException e) { - LOGGER.error(e.getMessage(), e); - } - } - } - return allPermissions; + return () -> false; } private static class TenantDaoAuthenticationProvider extends DaoAuthenticationProvider { diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/PermissionUtils.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/PermissionUtils.java new file mode 100644 index 000000000..2f9352734 --- /dev/null +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/PermissionUtils.java @@ -0,0 +1,47 @@ +/** + * Copyright (c) 2011-2016 Bosch Software Innovations GmbH, Germany. All rights reserved. + */ +package org.eclipse.hawkbit.im.authentication; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +/** + * * Utility method for creation of GrantedAuthority collections etc. + */ +public final class PermissionUtils { + + private PermissionUtils() { + + } + + /** + * Create {@link GrantedAuthority} by a special role. + * + * @param roles + * the roles + * @return a list of {@link GrantedAuthority} + */ + public static List createAuthorityList(final Collection roles) { + final List authorities = new ArrayList<>(roles.size()); + + for (final String role : roles) { + authorities.add(new SimpleGrantedAuthority(role)); + } + + return authorities; + } + + /** + * Returns all authorities. + * + * @return a list of {@link GrantedAuthority} + */ + public static List createAllAuthorityList() { + return createAuthorityList(SpPermission.getAllAuthorities()); + } +} diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java index 2e222d879..6c27b703a 100644 --- a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java +++ b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/im/authentication/SpPermission.java @@ -9,7 +9,14 @@ package org.eclipse.hawkbit.im.authentication; import java.lang.annotation.Target; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.GrantedAuthority; @@ -35,6 +42,8 @@ import org.springframework.security.core.GrantedAuthority; */ public final class SpPermission { + private static final Logger LOGGER = LoggerFactory.getLogger(SpPermission.class); + /** * Permission to read the targets from the * {@link ProvisioningTargetRepository} including their meta information, @@ -139,6 +148,27 @@ public final class SpPermission { // Constants only } + /** + * Return all permission. + * + * @return all permission + */ + public static Collection getAllAuthorities() { + final List allPermissions = new ArrayList<>(); + final Field[] declaredFields = SpPermission.class.getDeclaredFields(); + for (final Field field : declaredFields) { + if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers())) { + field.setAccessible(true); + try { + allPermissions.add((String) field.get(null)); + } catch (final IllegalAccessException e) { + LOGGER.error(e.getMessage(), e); + } + } + } + return allPermissions; + } + /** * Contains all the spring security evaluation expressions for the * {@link PreAuthorize} annotation for method security.