hawkbit

Author	SHA1	Message	Date
Avgustin Marinov	10da0288d9	Fix sonar findings (#2572 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-30 10:13:23 +03:00
Avgustin Marinov	2b66449ff1	Fine grained repository permissions (#2562 ) 1. Introduce @PrreAuthorize check based on hasPermission - allowing custom processing (compared with non-modifiable hasAuthority/Role processing) 2. Dedicated permissions could be implemented on management api level. Check is made by plugged in PermissionEvaluator 3. Thus common XXX_REPOSITORY permissions could differ for extending services 4. Change create/update entity builder pattern - not via EntityFactory but via clean static lombok based builders (with fine fluent api). 5. Implement abstract repository management jpa class that handles the boilerplate code from extending classes in single place consistently -> AbsreactJpaRepositoryManagement 6. Register management api-s as Sevice-s instead of Bean-s in order to make easier maintainable and get away from heavy argument forwading 7. Simplify custom hawkbit repository registration + adding proxy to handle exception mapping at lower level - thus not depending on Aspects for converting exceptions 8. Implemented general purpose 'copy' utility (ObjectCopyUtil) that using getter/setter patterns is able to copy (e.g. Create/Update) objects to other objects (e.g. JPA entity objects)	2025-07-28 14:57:33 +03:00
Avgustin Marinov	0d38cb5a7d	Fix Sonar findings (#2553 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-16 10:38:47 +03:00
Avgustin Marinov	a34364bc3e	Make allAuthorities unmodifiable (#2551 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 13:29:20 +03:00
Avgustin Marinov	8bf77ee5dc	Single all authorities resolving (#2550 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 10:56:36 +03:00
Avgustin Marinov	8a60f9b98b	Fix getAllAuthorities (#2548 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-15 09:28:55 +03:00
Avgustin Marinov	e7373275bf	Add distribution set and target type fine grained permissions (#2545 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-14 14:52:36 +03:00
Avgustin Marinov	c3fdd9fcc8	Refactor permissions (#2544 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-11 16:50:01 +03:00
Avgustin Marinov	21581c4ea4	Fine-grained permissions (#2535 ) * Fine-grained permissions Adds support for permissions of type <permission>(/<rsql filter scope>) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Apply review fixes --------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-10 13:51:49 +03:00
Avgustin Marinov	8c6d56f177	Make some test timeouts (await) configurable (#2525 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-07-02 12:45:26 +03:00
Avgustin Marinov	ef25aa59f0	Fix new line after @Test (#2486 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 17:42:55 +03:00
Avgustin Marinov	cb7f1107fe	Remove allure (phase2) (#2483 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 15:51:06 +03:00
Avgustin Marinov	ba23ae3fc2	Remove allure (phase 1) - switch to surefire reporting (#2478 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-20 13:41:26 +03:00
Avgustin Marinov	0ba4c7b790	Update documentation (#2451 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-06-13 13:19:35 +03:00
Denislav Prinov	7aa33cd96b	Refactoring the audit log message -> description field Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2025-04-22 08:11:53 +03:00
Avgustin Marinov	32990ab2ea	Add CORS support for DDI API (#2337 ) For instance if used in remote swagger or web apps Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-04-02 09:01:02 +03:00
Denislav Prinov	c6d89f6c83	Audit log wildcard * introduction to include all parameters by default Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com>	2025-04-01 10:02:26 +03:00
Denislav Prinov	23154d70cc	Audit Logging in HawkBit (#2314 ) * Introduction of Audit Logging in hawkBit Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Introduction of Audit Logging in hawkBit Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Refactoring: * applied code formatter * audit moved into hawkbit-security-core * minimize dependences * use AuditorAware to retrieve user - so to be compatible with the logs into DB Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> * Move audit entities to security core Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> * Introduce audit log method types Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> --------- Signed-off-by: Denislav Prinov <denislav.prinov@bosch.com> Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com> Co-authored-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-03-31 08:51:54 +03:00
Avgustin Marinov	1c3245e013	Remove SYSTEM_ADMIN imply ROLTE_TENANT_ADMIN (#2293 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-02-19 14:45:09 +02:00
Avgustin Marinov	76ce1cf052	Cleanup and improve the controller authentication (#2287 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2025-02-18 15:10:16 +02:00
Avgustin Marinov	849ea24632	Security artifacts moved in hawkbit-security-parent (#2016 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-12 12:50:36 +02:00
Avgustin Marinov	6867b8eac0	Move spring-boot-starter-test and alure to root (#1973 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 16:25:19 +02:00
Avgustin Marinov	3effa996dd	Refactor tenancy classes (#1972 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 16:12:18 +02:00
Avgustin Marinov	590dbc06ff	Fix TenantAwareUserPropertes.User password (#1971 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 15:42:57 +02:00
Avgustin Marinov	a1e319ee37	Remove OidcUserManagementAutoConfiguration (#1969 ) [release notes] Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 14:32:17 +02:00
Avgustin Marinov	73253abce0	Refactor hawkbit-core (#1967 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 13:11:59 +02:00
Avgustin Marinov	ade5723c8c	Remove unused TenantUserPasswordAuthenticationToken (#1966 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 12:29:19 +02:00
Avgustin Marinov	03baf2a4c2	Remvoe PermissionUtils class (#1965 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 11:36:16 +02:00
Avgustin Marinov	c69efe65b2	Remove PermissionsUtil (#1964 ) Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>	2024-11-08 11:31:09 +02:00
Avgustin Marinov	1c16bd66d3	Code format hawkbit2 (#1949 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-11-05 11:43:54 +02:00
Avgustin Marinov	d842bc2aaa	Code format hawkbit (#1948 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-11-05 11:41:56 +02:00
Avgustin Marinov	71aa00ca7c	Code format - hawkbit-security-core (#1925 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-11-05 09:21:55 +02:00
Avgustin Marinov	8da475dff0	MDC hanlder refactoring (#1911 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-10-23 09:20:15 +03:00
Avgustin Marinov	12928a5939	Fix/jparolloutshandlerlogging (#1819 ) Fix JpaExecutorHandler logging MDC context Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-13 09:30:09 +03:00
Avgustin Marinov	9bb61fd829	Add MDC context in SecurityContdxtTenantAware (#1818 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-13 09:06:53 +03:00
Avgustin Marinov	a99e80b41e	MDCHandler - fix sonar findings (#1816 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-12 11:45:35 +03:00
Avgustin Marinov	e10542929a	Small code clean-up (#1815 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-12 09:11:19 +03:00
Avgustin Marinov	e9759fecdb	Fix MDCHandler unused import (#1814 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-12 08:45:27 +03:00
Avgustin Marinov	e1d928e92e	Fix MDCHandler when authentication is null (#1813 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-12 08:43:01 +03:00
Avgustin Marinov	d851fa4d02	Remove hard servlet dependency from SystemSecurityContext (#1812 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-11 10:50:01 +03:00
Avgustin Marinov	e874cf5014	Feature/remove hard requirements for mdc (#1811 ) * Remove hard requirements for MDCHandler dependencies Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 18:12:58 +03:00
Avgustin Marinov	8c2d1037bb	Fix Sonar findings (#1810 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 17:43:50 +03:00
Avgustin Marinov	9dd493d783	Fix MDCHandler for servlets. Config enable -> enabled (#1808 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 16:38:20 +03:00
Avgustin Marinov	141d167a81	Improve MDCHolder method names (#1807 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 14:31:14 +03:00
Avgustin Marinov	c8321fdb44	Feature/add tenant and user into mdc (#1806 ) * Add MDC * Add tenant/user into MDC in order to be possible to be used in logging Enabled by default. Could be disabled via hawkbit.logging.mdchandler.enable=false Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 14:27:07 +03:00
Avgustin Marinov	bcafdbdb86	Remove contentSecurityPolicy - UI leftover (#1805 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-08-09 08:22:41 +03:00
Avgustin Marinov	6106d3c16c	Fix sonar findings (#1792 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-07-29 13:50:42 +03:00
Avgustin Marinov	9cc9b23398	Make noop default password encoder for StaticAuthenticationProvider (#1791 ) if no provider is specified for the password Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-07-29 11:51:13 +03:00
Avgustin Marinov	3a34ded4f6	Support for simultaneous base and OAuth authentication (#1785 ) * Remove _OidcAuthenticationSuccessHandler_: * _OAuth2AuthenticationToken.setDetails_ is made by jwt authentication converter * get tenant data (with potentially creating tenant) is done via a filter added in filterChainREST * _filterChainREST_ uses _Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>_ as configuration for OAuth. Thus it is not bound with oauth client configuration * _OidcUserManagementAutoConfiguration_ - now registers (if conditions are met) Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> which covers both - oauth legacy filter from filterChainREST and OidcBearerTokenAuthenticationFilter * Since oauth clients are not related to hawkBit anymore (since removal of legacy UI) and the proper configuration would be via resource server or whatever, the _OidcUserManagementAutoConfiguration_ is DEPRECATED and for removal * _UserAuthenticationFilter_ is removed * Enabled sumiltaneous base and oauth authentication. Still, by default, if OAuth configured http authentication is disabled. However, if OAuth it is configured (via _Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>)_ and hawkbit.server.security.allowHttpBasicOnOAuthEnabled is set to true then http auth would be also enabled * _OidcUserManagementAutoConfiguration_ could be disabled with hawkbit.server.security.oAuth2OnClientsConfig.enabled=false Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-07-26 10:59:15 +03:00
Avgustin Marinov	6b8917e229	Remove MultitenancyIndicator as not used (#1787 ) Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>	2024-07-26 09:34:11 +03:00

1 2 3 4 5

201 Commits