lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
2a5f47df3f68914bb306f3d74a35327709b95a13
hawkbit/hawkbit-autoconfigure/src/main/resources/hawkbit-security-defaults.properties
Avgustin Marinov 3a34ded4f6 Support for simultaneous base and OAuth authentication (#1785) 
* Remove _OidcAuthenticationSuccessHandler_:
  * _OAuth2AuthenticationToken.setDetails_ is made by jwt authentication converter
  * get tenant data (with potentially creating tenant) is done via a filter added in filterChainREST
* _filterChainREST_ uses _Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>_ as configuration for OAuth. Thus it is not bound with oauth client configuration
* _OidcUserManagementAutoConfiguration_ - now registers (if conditions are met) Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> which covers both - oauth legacy filter from filterChainREST and OidcBearerTokenAuthenticationFilter
* Since oauth clients are not related to hawkBit anymore (since removal of legacy UI) and the proper configuration would be via resource server or whatever, the _OidcUserManagementAutoConfiguration_ is DEPRECATED and for removal
* _UserAuthenticationFilter_ is removed
* Enabled sumiltaneous base and oauth authentication. Still, by default, if OAuth configured http authentication is disabled. However, if OAuth it is configured (via _Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>)_ and **hawkbit.server.security.allowHttpBasicOnOAuthEnabled** is set to **true** then http auth would be also enabled
* _OidcUserManagementAutoConfiguration_ could be disabled with **hawkbit.server.security.oAuth2OnClientsConfig.enabled=false**

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
2024-07-26 10:59:15 +03:00

17 lines
688 B
Properties
Raw Blame History

#
# Copyright (c) 2015 Bosch Software Innovations GmbH and others
#
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# DDI and download security
hawkbit.server.ddi.security.authentication.header.enabled=false
hawkbit.server.ddi.security.authentication.header.authority=
hawkbit.server.ddi.security.authentication.targettoken.enabled=false
hawkbit.server.ddi.security.authentication.gatewaytoken.enabled=false
hawkbit.server.ddi.security.authentication.gatewaytoken.key=
hawkbit.server.download.anonymous.enabled=false
Reference in New Issue View Git Blame Copy Permalink