Commit Graph

22 Commits

Author SHA1 Message Date
Avgustin Marinov
a00374f455 Fix sonar findings (#3015)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-04-15 13:14:31 +03:00
Avgustin Marinov
1be473b22c [#2845] Bump Spring boot to 4.x (#2941)
Notes:
1. (!) Eclipselink shall be migrated to 5.0 (in 4.0.8 there are incompatible classes, e.g EJBQueryImpl doesn't implement some newer methods). In the moment is with beta (5.0.0-B12) - JUST for testing!
2. (!) Ethlo plugin doesn't work with Eclipselink 5.0, it builds with Eclipselink 4.0.8 (could be a problem)
3. Dependencies - new starters, test starters changes, some dependencies refactoring
4. Auto-configs split - package changes, some properties classes changes
5. Spring nullable org.springframework.lang.Nullable/NonNull are depecated and replaced with jspcify -> org.jspecify.annotations.Nullable/NonNull (NullMarked)
6. Lombok config - adding lombok.addNullAnnotations=jspecify - to do not mess annotations
7. Distributed lock table changes - SP_LOCK table db migration
8. Spring Retry replaced with Spring Core Retry - does repace retry in hawkbit
9. Specifications -> added Update/Delete(/Predicate) Specifications and JpaSpecificationExecutor changed
10. HawkbitBaseRepositoryFactoryBean modified to register properly
11. Jackson - 2 -> 3, package migrations, finals are not deserialized by default(enable finals deserialization, consider make non-final), too ‘smart’ tries to set complex objects instead of using non args constructor (-> @JsonIgnore), some other default configs made

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-04-14 11:31:41 +03:00
Avgustin Marinov
011d7f567e Refactor header authority controller authentication (#2954)
1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly.
2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority
3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1
4. Doc fixed
5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-03-12 10:36:37 +02:00
Avgustin Marinov
97762360c3 Refactor REST Constants (#2881)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2026-01-22 17:06:44 +02:00
Avgustin Marinov
f6f62db0ad Refactor hawkbit core and security (#2833)
* Refactor hawkbit core and security

* improve access to the base core features - static
* thus easiear access
* and less boilerplate passing of instances

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>

* Refactor context classes

* make JSON context serialization default

* AccessContext

* Split hawkbit-security-core to other modules and remove it

---------

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-11-27 13:07:49 +02:00
Avgustin Marinov
2b66449ff1 Fine grained repository permissions (#2562)
1. Introduce @PrreAuthorize check based on hasPermission - allowing custom processing (compared with non-modifiable hasAuthority/Role processing)
2. Dedicated permissions could be implemented on management api level. Check is made by plugged in PermissionEvaluator
3. Thus common XXX_REPOSITORY permissions could differ for extending services
4. Change create/update entity builder pattern - not via EntityFactory but via clean static lombok based builders (with fine fluent api).
5. Implement abstract repository management jpa class that handles the boilerplate code from extending classes in single place consistently -> AbsreactJpaRepositoryManagement
6. Register management api-s as **Sevice**-s instead of **Bean**-s in order to make easier maintainable and get away from heavy argument forwading
7. Simplify custom hawkbit repository registration + adding proxy to handle exception mapping at lower level - thus not depending on Aspects for converting exceptions
8. Implemented general purpose 'copy' utility (ObjectCopyUtil) that using getter/setter patterns is able to copy (e.g. Create/Update) objects to other objects (e.g. JPA entity objects)
2025-07-28 14:57:33 +03:00
Avgustin Marinov
2098dc6223 Unifies security configurations (#2448)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-06-12 09:06:50 +03:00
Avgustin Marinov
36fa915cbc Improve @Value properties (#2352)
Implement recommendation from https://docs.spring.io/spring-boot/reference/features/external-config.html to use kebab case for @Values:

If you do want to use @Value, we recommend that you refer to property names using their canonical form (kebab-case using only lowercase letters). This will allow Spring Boot to use the same logic as it does when relaxed binding @ConfigurationProperties.

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-04-11 16:46:34 +03:00
Avgustin Marinov
32990ab2ea Add CORS support for DDI API (#2337)
For instance if used in remote swagger or web apps

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-04-02 09:01:02 +03:00
Avgustin Marinov
b52ebd0496 Remove unused import (#2292)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-02-19 14:31:06 +02:00
Avgustin Marinov
54a53a3631 Remove anonymous download (#2291)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-02-19 14:28:15 +02:00
Avgustin Marinov
abf043cf87 Fix anonymous download filter (#2290)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-02-19 13:43:42 +02:00
Avgustin Marinov
76ce1cf052 Cleanup and improve the controller authentication (#2287)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-02-18 15:10:16 +02:00
Avgustin Marinov
cace8bd20e Remove anonymous controller support (#2285)
It's not usable feature, and is error prone - someone could left anonymous enabled by mistake

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-02-17 17:17:49 +02:00
Avgustin Marinov
a61e9cd6ae Sonar Fixes (#2233)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-01-24 15:41:06 +02:00
Avgustin Marinov
9c8c82fd8b Switch from deprecated EnableGlobalMethodSecurity to EnableMethodSecurity (#2081)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-19 16:46:31 +02:00
Avgustin Marinov
c3bcc4371d Code formating and removing unused imports (#2072)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-18 09:13:58 +02:00
Avgustin Marinov
ca59da85b2 Apply controller security config to all /{tenant}/controller/v1 but downloads (#2022)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-12 17:10:22 +02:00
Avgustin Marinov
42582229f1 Small adjustments (#2017)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-12 13:22:45 +02:00
Avgustin Marinov
5182217745 Rename hawkbit-security-intenal -> hawkbit-security-controller (#2015)
as it is controller only related

* DmfTenantSecurityToken renamed to ControllerSecurityToken - as it is such
* hawkbit.security classes from http-security-internal moved to hawkbit.security.controller - as they are such and it is bad practice to have same package in multiple modules

_release_notes_

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-12 12:45:09 +02:00
Avgustin Marinov
c85518be3c Split SecurityManagedConfiguration to mgmt and ddi starters (#2014)
* SecurityManagedConfiguration is moved to hawkbit-rest-core with commons for mgmt and ddi only
* Configurations for DDI and Management API are moved to respective starters
* hawkbit-http-security is removed - DosFilter (as common) is moved in hawkbit-rest-security, rest to the ddi starter as used only there
* some classes are moved into different packages - it is a bad practice to have same packet into multiple artifacts

_release_notes_

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-12 12:06:56 +02:00
Avgustin Marinov
b03985c887 Rename hawkBit boots (#2010)
* hawkbit-boot-starter -> hawkbit-starter
* hawkbit-boot-starter-ddi-api -> hawkbit-ddi-starter
* hawkbit-boot-starter-dmf-api -> hawkbit-dmf-starter
* hawkbit-boot-starter-mgmt-api -> hawkbit-mgmt-starter

_release_notes_

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2024-11-12 08:40:09 +02:00