Typos fixed
Disables empty string gateway token for sure. Test if the gateway token is not empty string ecplicitly.
Empty string is the default value and if accepted could be a security vulnerability (e.g. enabling gateway token
authentication and using empty string as token). According to https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.4
the header value shall not have trailing spaces and the http server shall already have trimmed them. So if execution passes
start with "GatewayToken " then token shall not be empty. But but let's check anyway
In UI first set key then enable the gateway token authentication. Otherwise the key might be left empty (default). This however
shall not be really problem since (because of token trimming) the empty token will be rejected anyway.
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
* Enforce decoding in authentication check
+Enforce decoding of controllerId when authentication is performed for the reverse proxy use case
* Remove unused imports
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Switch approach to decode retrieved values from map
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Remove unused imports
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Style improve
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Move logic to separate class
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Remove TODO comment
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Hide public constructor in Util class
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
---------
Signed-off-by: Stanislav Trailov <stanislav.trailov@bosch.io>
* Fixed sonar warnings
- "Cognitive Complexity"
- "Do not use replaceAll when not using a regex"
- java:S5869 - Character classes in regular expressions should not contain the same character twice
- Improved bad name
- Typos
- reduced code duplications
- Replaced hand-made wait-utility with Awaitility
- Log messages
- Duplicate code
- Typos
- Removed Thread.sleep, instead relaxed check condition
- Removed use of deprecated API
- Removed use of deprecated API
- Added supress-warnings as I do not see a better way to write the tests
- Removed Thread.sleep / redundant functionality to Awaitility
- Fixed other warnings (use isZero, isEmpty, hasToString)
- Removed/Reduced duplicate code
- Added generics
- Fixed asserts
- removed: field.setAccessible(true) actually should not be needed for public static fields!
- Too long constructor passes arguments in wrong order - how surprisingly...
- Clean-up use of varargs arguments
- Fixed regex
- Fixed typos and other minor stuff
- Making public constructors protected in abstract classes
- Swapped expected and asserted argument
- volatile not enough for syncing threads
- volatile not enough for syncing threads
- out-commented code
- Made regex not-greedy, added tests for verification
- Avoid exposure of thread-local member var
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixed Sonar warnings
* License header fix
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* License header fix#2
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing review findings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
* Fixing tests
- Fixed '&' usage in javadoc and typos
- Fixing some warnings
Signed-off-by: Peter Vigier <Peter.Vigier@bosch.io>
-Update Spring Cloud to Hoxton.SR7
-Replace ResourceSupport by RepresentationModel (Spring Hateoas 1.0)
-Replace ControllerLinkBuilder by WebMvcLinkBuilder (Spring Hateoas 1.0)
-Move getId() from Identifiable to BaseEntity (Spring Hateoas 1.0)
-Remove hamcrest.Factory
-Use static Sort.by reference
-Place http security anyRequest().authenticated()
-Replace MockMvcRequestBuilders.fileUpload by MockMvcRequestBuilders.multipart
-Deprecate MEDIA_TYPE_CBOR_UTF8
-Replace MEDIA_TYPE_CBOR_UTF8 by MEDIA_TYPE_CBOR in tests
-Replace HAL_JSON_UTF8 by HAL_JSON in tests
-Replace APPLICATION_JSON_UTF8 by APPLICATION_JSON in tests
-Use org.mockito.junit.MockitoJUnitRunner
-Remove overridden dependency versions
-Removing not needed comments in pom.xml
-Downgrade flyway-core to be MySQL 5.6 compatible
-Add maven-site-plugin since it was removed with spring-boot 2.3
-Set servlet encoding properties
-Introducing Test that verifies the charset inside the content-type of a response
-Add @DirtiesContext to CorsTest and ContentTypeTest
-Add content-type mockmvc test with adapted mockmvc config
-Move encoding.force property to test class
-Switch expected and actual parameter values in content-type test
-Delete deprecated content-type test with TestRestTemplate
-Exclude JUnit5 from spring-boot-starter-test
-Upgrade allure-junit4 to 2.13.5
-Add aspectjweaver 1.9.6 to surefire test execution
-Add flyway-core version to property
-Use getRequiredLink() within MgmtBaseEntity.getId()
Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
* Cleaned up component scan
* More flexibility for hawkBit micro services
* Introduce spring boot starters
* Eclipse Jetty as hawkBit default
* Fixed links as prep for wiki removal
Signed-off-by: kaizimmerm <kai.zimmermann@bosch-si.com>
* adapt return type of #getPreAuthenticatedPrincipal to the
#getPreAuthenticatedCredentials return type (both Object)
* #splitMultiHash returns list instead of array
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
This is necessary, because the tenant configuration methods are only accessable with specific permissions.
With the SystemSecurityContext methods can be executed as SystemRunner and therefor we can set permissions.
* updated the chaine of condtructors to set the context in the filter class
* added SystemRunner permission to TenantConfigurationManagement
* Autowired the system context to AMQP and HTTP controller
Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
- moved fucntions to TenantConfigurationManagement, for better function capseling
- updated references
- updated references in tests, tests were succesfully
Signed-off-by: Nonnenmacher Fabian <fabian.nonnenmacher@bosch-si.com>
