From e5a324aed1d66a2fa3c47aea6f639073138e9e9e Mon Sep 17 00:00:00 2001 From: Hamid <94196804+hamidonos@users.noreply.github.com> Date: Wed, 13 Nov 2024 11:00:42 +0100 Subject: [PATCH] implement OAuth2 authentication & integration for SecHub server #3559 (#3603) * implement OAuth2 authentication & integration for SecHub server #3559 * merge develop into branch * pr fixes * pr fixes --- build.gradle | 10 + gradle/projects.gradle | 2 +- .../AdministrationAPIConstants.java | 3 +- ...ationTestAdministrationRestController.java | 2 +- .../ConfigAdministrationRestController.java | 2 +- ...ministrationEncryptionRotationService.java | 2 +- ...ncryptionAdministrationRestController.java | 2 +- .../job/JobAdministrationRestController.java | 2 +- .../MappingAdministrationRestController.java | 2 +- .../project/ListProjectsService.java | 2 +- .../ProjectAdministrationRestController.java | 2 +- .../project/ProjectAssignUserService.java | 4 +- .../ProjectChangeAccessLevelService.java | 2 +- .../project/ProjectChangeOwnerService.java | 4 +- .../project/ProjectCreationService.java | 4 +- .../project/ProjectDeleteService.java | 4 +- .../project/ProjectDetailChangeService.java | 2 +- .../ProjectDetailInformationService.java | 2 +- .../project/ProjectUnassignUserService.java | 2 +- ...ectUpdateAdministrationRestController.java | 2 +- .../ProjectUpdateMetaDataEntityService.java | 2 +- .../ProjectUpdateWhitelistService.java | 2 +- ...SchedulerAdministrationRestController.java | 2 +- .../SwitchSchedulerJobProcessingService.java | 2 +- .../TriggerSchedulerStatusRefreshService.java | 2 +- .../SignupAdministrationRestController.java | 2 +- .../signup/SignupDeleteService.java | 2 +- .../StatusAdministrationRestController.java | 2 +- .../UserAdministrationRestController.java | 2 +- .../user/UserCreationService.java | 2 +- .../user/UserDeleteService.java | 4 +- .../user/UserDetailInformationService.java | 4 +- .../user/UserEmailAddressUpdateService.java | 2 +- .../UserGrantSuperAdminRightsService.java | 2 +- .../administration/user/UserListService.java | 2 +- .../UserRevokeSuperAdminRightsService.java | 2 +- .../user/UserRoleCalculationService.java | 2 +- ...tAdministrationRestControllerMockTest.java | 4 +- .../project/ProjectAssignUserServiceTest.java | 2 +- .../ProjectChangeOwnerServiceTest.java | 2 +- .../project/ProjectDeleteServiceTest.java | 2 +- ...eAdministrationRestControllerMockTest.java | 4 +- ...AnonymousSignupRestControllerMockTest.java | 2 +- ...pAdministrationRestControllerMockTest.java | 4 +- ...rAdministrationRestControllerMockTest.java | 4 +- .../user/UserDeleteServiceTest.java | 2 +- .../sechub/domain/authorization/AuthUser.java | 2 +- .../authorization/AuthUserDetailsService.java | 109 +++++++++++ .../AuthUserRestAPIConfiguration.java | 73 ------- .../domain/authorization/AuthUserRole.java | 2 +- .../service/AuthUserUpdateRolesService.java | 4 +- ...t.java => AuthUserDetailsServiceTest.java} | 16 +- .../AuthUserUpdateRolesServiceTest.java | 2 +- .../UsecaseIdentifierUniqueUsageTest.java | 2 +- ...minShowsScanLogsForProjectRestDocTest.java | 4 +- .../AnonymousCheckAliveRestDocTest.java | 2 +- ...nymousSignupRestControllerRestDocTest.java | 2 +- ...OneTimeTokenRestControllerRestDocTest.java | 2 +- ...ousUserRequestsNewApiTokenRestDocTest.java | 2 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ownloadsFullScanDataForJobRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...alsePositiveRestControllerRestDocTest.java | 6 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...utionProfileRestControllerRestDocTest.java | 4 +- ...ecutorConfigRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...jectMockDataRestControllerRestDocTest.java | 2 +- ...ministrationRestControllerRestDocTest.java | 4 +- .../SchedulerRestControllerRestDocTest.java | 2 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- ...ministrationRestControllerRestDocTest.java | 4 +- .../email/MockEmailRestController.java | 4 +- .../CheckmarxProductExecutorMockTest.java | 2 +- .../IntegrationTestScanRestController.java | 2 +- .../sechub/domain/scan/ScanAssertService.java | 2 +- ...nUserAccessToProjectValidationService.java | 2 +- .../admin/FullScanDataRestController.java | 4 +- .../scan/admin/FullScanDataService.java | 2 +- .../scan/log/ProjectScanLogService.java | 2 +- .../scan/log/ScanLogRestController.java | 4 +- .../scan/product/ProductResultService.java | 2 +- .../CreateProductExecutionProfileService.java | 2 +- .../CreateProductExecutorConfigService.java | 2 +- .../DeleteProductExecutionProfileService.java | 2 +- .../DeleteProductExecutorConfigService.java | 2 +- ...tchProductExecutionProfileListService.java | 2 +- .../FetchProductExecutionProfileService.java | 2 +- ...FetchProductExecutorConfigListService.java | 2 +- .../FetchProductExecutorConfigService.java | 2 +- ...ProductExecutionProfileRestController.java | 4 +- .../ProductExecutorConfigRestController.java | 4 +- .../UpdateProductExecutionProfileService.java | 2 +- .../UpdateProductExecutorConfigService.java | 2 +- .../project/FalsePositiveDataService.java | 2 +- .../project/FalsePositiveRestController.java | 4 +- .../ScanProjectMockDataRestController.java | 4 +- .../scan/report/ScanReportRestController.java | 4 +- ...ntegrationTestSchedulerRestController.java | 2 +- .../SchedulerBinariesUploadService.java | 2 +- .../schedule/SchedulerRestController.java | 4 +- .../SchedulerSourcecodeUploadService.java | 2 +- ...eUserAccessToProjectValidationService.java | 2 +- .../domain/schedule/job/SecHubJobFactory.java | 2 +- .../SchedulerRestControllerMockTest.java | 2 +- .../domain/schedule/job/JobCreator.java | 2 +- .../domain/schedule/job/JobFactoryTest.java | 2 +- .../job/SecHubJobFactorySpringBootTest.java | 2 +- .../AnonymousCheckAliveRestController.java | 2 +- .../IntegrationTestServerRestController.java | 8 +- ...erverInfoAdministrationRestController.java | 4 +- ...ecHubServerMDCAsyncHandlerInterceptor.java | 2 +- .../SecHubServerOAuth2PropertiesConfig.java | 14 ++ .../SecHubServerSecurityConfiguration.java | 2 +- .../server/SecHubMultiSpringBootTest.java | 2 +- sechub-shared-kernel/build.gradle | 3 +- .../sechub/sharedkernel/Profiles.java | 5 + ...bstractSecHubAPISecurityConfiguration.java | 39 ---- .../SecHubConfigurationValidator.java | 2 +- .../sharedkernel/logging/AuditLogService.java | 2 +- .../logging/DefaultSecurityLogService.java | 2 +- .../{ => security}/APIConstants.java | 2 +- ...bstractSecHubAPISecurityConfiguration.java | 75 +++++++ .../{ => security}/AuthorityConstants.java | 2 +- .../security/JwtDecoderConfiguration.java | 20 ++ .../OAuth2AuthenticationProvider.java | 78 ++++++++ .../security/OAuth2Properties.java | 22 +++ .../{ => security}/RoleConstants.java | 8 +- .../{ => security}/UserContextService.java | 20 +- ...eCaseAdministrationAutoCleanExecution.java | 2 +- .../UseCaseScanAutoCleanExecution.java | 2 +- .../UseCaseScheduleAutoCleanExecution.java | 2 +- .../job/UseCaseSchedulerStartsJob.java | 2 +- .../validation/UserIdValidationImpl.java | 8 +- .../DefaultSecurityLogServiceTest.java | 2 +- .../security/OAuth2IntegrationTest.java | 138 +++++++++++++ .../security/OAuth2PropertiesTest.java | 47 +++++ .../{ => security}/RoleConstantsTest.java | 2 +- .../SecHubApiSecurityConfigurationTest.java | 184 ++++++++++++++++++ .../security/TestSecurityController.java | 67 +++++++ .../src/test/resources/application-test.yml | 6 + ...ntegrationTestStatisticRestController.java | 2 +- ...inAPImarkedWithAdminAccessProfileTest.java | 2 +- .../mercedesbenz/sechub/test/RoutesTest.java | 2 +- sechub-testframework-spring/build.gradle | 16 ++ ...wtMockAuthenticationTestConfiguration.java | 58 ++++++ .../OAuth2SecurityTestConfiguration.java | 120 ++++++++++++ .../WithMockJwtSecurityContextFactory.java | 2 +- .../spring}/WithMockJwtUser.java | 7 +- .../spring}/YamlPropertyLoaderFactory.java | 2 +- sechub-web-server/build.gradle | 1 + .../AES256EncryptionPropertiesTest.java | 2 +- .../webserver/page/HomeControllerTest.java | 4 +- ...LoginControllerClassicAuthEnabledTest.java | 2 +- ...rollerOAuth2AndClassicAuthEnabledTest.java | 2 +- .../LoginControllerOAuth2EnabledTest.java | 2 +- .../security/OAuth2PropertiesTest.java | 2 +- .../security/SecurityTestConfiguration.java | 55 +----- settings.gradle | 1 + 163 files changed, 1188 insertions(+), 369 deletions(-) create mode 100644 sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java delete mode 100644 sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfiguration.java rename sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/{AuthUserRestAPIConfigurationTest.java => AuthUserDetailsServiceTest.java} (83%) create mode 100644 sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerOAuth2PropertiesConfig.java delete mode 100644 sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/AbstractSecHubAPISecurityConfiguration.java rename sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/{ => security}/APIConstants.java (96%) create mode 100644 sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AbstractSecHubAPISecurityConfiguration.java rename sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/{ => security}/AuthorityConstants.java (84%) create mode 100644 sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/JwtDecoderConfiguration.java create mode 100644 sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2AuthenticationProvider.java create mode 100644 sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2Properties.java rename sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/{ => security}/RoleConstants.java (76%) rename sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/{ => security}/UserContextService.java (80%) create mode 100644 sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2IntegrationTest.java create mode 100644 sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2PropertiesTest.java rename sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/{ => security}/RoleConstantsTest.java (95%) create mode 100644 sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/SecHubApiSecurityConfigurationTest.java create mode 100644 sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/TestSecurityController.java create mode 100644 sechub-shared-kernel/src/test/resources/application-test.yml create mode 100644 sechub-testframework-spring/build.gradle create mode 100644 sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/JwtMockAuthenticationTestConfiguration.java create mode 100644 sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/OAuth2SecurityTestConfiguration.java rename {sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security => sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring}/WithMockJwtSecurityContextFactory.java (96%) rename {sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security => sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring}/WithMockJwtUser.java (85%) rename {sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver => sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring}/YamlPropertyLoaderFactory.java (96%) diff --git a/build.gradle b/build.gradle index 6c2efa58ce..2757c3d105 100644 --- a/build.gradle +++ b/build.gradle @@ -113,6 +113,16 @@ allprojects { task prepareGitPush(dependsOn: spotlessApply){ } + + /* + * Adds the -parameters compiler argument to every Gradle 'JavaCompile' task + * This instructs the Java compiler to include method parameter names in the compiled .class files + * This is required for the reflection based frameworks or libraries to work properly (e.g. Spring) + */ + tasks.withType(JavaCompile).configureEach { + options.compilerArgs << "-parameters" + } + } diff --git a/gradle/projects.gradle b/gradle/projects.gradle index e9b2688422..c930a4f1d0 100644 --- a/gradle/projects.gradle +++ b/gradle/projects.gradle @@ -41,7 +41,7 @@ projectType = [ project(':sechub-integrationtest'), project(':sechub-developertools'), project(':sechub-test'), - + project(':sechub-testframework-spring'), project(':sechub-storage-sharedvolume-spring'), /* next projects added as spring boot projects only, because otherwise we get the (older) diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/AdministrationAPIConstants.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/AdministrationAPIConstants.java index ed8a2aab44..ba721d28cd 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/AdministrationAPIConstants.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/AdministrationAPIConstants.java @@ -1,7 +1,8 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.administration; -import static com.mercedesbenz.sechub.sharedkernel.APIConstants.*; +import static com.mercedesbenz.sechub.sharedkernel.security.APIConstants.API_ADMINISTRATION; +import static com.mercedesbenz.sechub.sharedkernel.security.APIConstants.API_ANONYMOUS; public class AdministrationAPIConstants { diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/autocleanup/IntegrationTestAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/autocleanup/IntegrationTestAdministrationRestController.java index aafb9289fc..de4d84f172 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/autocleanup/IntegrationTestAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/autocleanup/IntegrationTestAdministrationRestController.java @@ -9,8 +9,8 @@ import org.springframework.web.bind.annotation.RestController; import com.mercedesbenz.sechub.domain.administration.config.AdministrationConfigService; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; /** * Contains additional rest call functionality for integration tests on diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/config/ConfigAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/config/ConfigAdministrationRestController.java index f41d4ec18c..9ee22cc644 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/config/ConfigAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/config/ConfigAdministrationRestController.java @@ -15,8 +15,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.domain.administration.autocleanup.AdministrationAutoCleanupConfig; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesAutoCleanupConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminUpdatesAutoCleanupConfiguration; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/AdministrationEncryptionRotationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/AdministrationEncryptionRotationService.java index 10f140b32f..7c6d052141 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/AdministrationEncryptionRotationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/AdministrationEncryptionRotationService.java @@ -5,7 +5,6 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionData; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionDataValidator; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -14,6 +13,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation; @Service diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/EncryptionAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/EncryptionAdministrationRestController.java index b7cd81ebb7..35257dd953 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/EncryptionAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/encryption/EncryptionAdministrationRestController.java @@ -14,11 +14,11 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionData; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionDataValidator; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionStatus; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminFetchesEncryptionStatus; import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobAdministrationRestController.java index 3f772fe9f9..ebb424680d 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobAdministrationRestController.java @@ -17,8 +17,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseAdminCancelsJob; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseAdminListsAllRunningJobs; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseAdminRestartsJob; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/mapping/MappingAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/mapping/MappingAdministrationRestController.java index 18dd5585e0..e6d61012fc 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/mapping/MappingAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/mapping/MappingAdministrationRestController.java @@ -16,8 +16,8 @@ import com.mercedesbenz.sechub.commons.mapping.MappingData; import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdmiUpdatesMappingConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesMappingConfiguration; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ListProjectsService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ListProjectsService.java index 269878cd0a..171ada2c62 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ListProjectsService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ListProjectsService.java @@ -7,7 +7,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestController.java index 5cb447f6b3..9b4cd6561b 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestController.java @@ -25,9 +25,9 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectWhiteList; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.project.ProjectAccessLevel; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectAccessLevel; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectDescription; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminCreatesProject; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserService.java index 2323d419ac..10132972b5 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserService.java @@ -10,9 +10,7 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; @@ -22,6 +20,8 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminAssignsUserToProject; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeAccessLevelService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeAccessLevelService.java index 623acd66a4..76e2f8f69c 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeAccessLevelService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeAccessLevelService.java @@ -8,7 +8,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; @@ -19,6 +18,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.ProjectMessage; import com.mercedesbenz.sechub.sharedkernel.project.ProjectAccessLevel; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectAccessLevel; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java index 1c47c059ce..be0bd840b3 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java @@ -8,9 +8,7 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; @@ -20,6 +18,8 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.ProjectMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminChangesProjectOwner; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectCreationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectCreationService.java index 925fb80b1c..9e8abeec60 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectCreationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectCreationService.java @@ -15,9 +15,7 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; @@ -27,6 +25,8 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.ProjectMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminCreatesProject; import com.mercedesbenz.sechub.sharedkernel.validation.URIValidation; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java index 5b7ce29b7f..19bc6c0e07 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java @@ -7,10 +7,8 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.domain.administration.user.User; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; @@ -20,6 +18,8 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.ProjectMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminDeleteProject; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailChangeService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailChangeService.java index 48fd7b6acf..418573f8ef 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailChangeService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailChangeService.java @@ -6,10 +6,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectDescription; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailInformationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailInformationService.java index 93867284a3..1f10f42d4a 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailInformationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDetailInformationService.java @@ -6,9 +6,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminShowsProjectDetails; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUnassignUserService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUnassignUserService.java index d618a20052..c2d79a3de4 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUnassignUserService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUnassignUserService.java @@ -8,7 +8,6 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -20,6 +19,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminUnassignsUserFromProject; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestController.java index 00ad2d2a51..6058d07ee4 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestController.java @@ -23,8 +23,8 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectWhiteList; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectMetaData; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectWhitelist; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateMetaDataEntityService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateMetaDataEntityService.java index a3f218b9a4..fbf162dff5 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateMetaDataEntityService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateMetaDataEntityService.java @@ -9,11 +9,11 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectMetaData; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateWhitelistService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateWhitelistService.java index ab1c26d4cb..c5b516b8cd 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateWhitelistService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateWhitelistService.java @@ -9,7 +9,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -20,6 +19,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.ProjectMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectWhitelist; import com.mercedesbenz.sechub.sharedkernel.validation.URIValidation; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SchedulerAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SchedulerAdministrationRestController.java index 423201c73b..ee49db09d6 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SchedulerAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SchedulerAdministrationRestController.java @@ -13,8 +13,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminDisablesSchedulerJobProcessing; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminEnablesSchedulerJobProcessing; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminTriggersRefreshOfSchedulerStatus; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SwitchSchedulerJobProcessingService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SwitchSchedulerJobProcessingService.java index af2c38d26f..fc7406b559 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SwitchSchedulerJobProcessingService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/SwitchSchedulerJobProcessingService.java @@ -4,7 +4,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; @@ -12,6 +11,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminDisablesSchedulerJobProcessing; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminEnablesSchedulerJobProcessing; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/TriggerSchedulerStatusRefreshService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/TriggerSchedulerStatusRefreshService.java index 49617636b3..0dd3ee95ea 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/TriggerSchedulerStatusRefreshService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/scheduler/TriggerSchedulerStatusRefreshService.java @@ -4,13 +4,13 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageFactory; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminDisablesSchedulerJobProcessing; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestController.java index 14422d7cfb..04ee95af85 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestController.java @@ -14,8 +14,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminDeletesSignup; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminListsOpenUserSignups; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupDeleteService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupDeleteService.java index e629b9bbd6..20ccb51696 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupDeleteService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupDeleteService.java @@ -4,10 +4,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminDeletesSignup; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/status/StatusAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/status/StatusAdministrationRestController.java index 78b1d60c27..9ce9d49487 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/status/StatusAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/status/StatusAdministrationRestController.java @@ -15,8 +15,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.status.UseCaseAdminListsStatusInformation; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestController.java index 02759a4036..6add06d122 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestController.java @@ -16,8 +16,8 @@ import com.mercedesbenz.sechub.domain.administration.AdministrationAPIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminAcceptsSignup; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminDeletesUser; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminGrantsAdminRightsToUser; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java index 1a5c5deb0c..d4d86dd944 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java @@ -13,7 +13,6 @@ import com.mercedesbenz.sechub.domain.administration.OneTimeTokenGenerator; import com.mercedesbenz.sechub.domain.administration.signup.Signup; import com.mercedesbenz.sechub.domain.administration.signup.SignupRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -24,6 +23,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminAcceptsSignup; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java index 40dcacb79b..d26ed8a919 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java @@ -6,9 +6,7 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.validation.annotation.Validated; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; @@ -18,6 +16,8 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminDeletesUser; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java index c4f2d649bd..1d89bbac77 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java @@ -6,10 +6,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminShowsUserDetails; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminShowsUserDetailsForEmailAddress; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java index 9b90c9e1ea..2668809897 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java @@ -6,7 +6,6 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.validation.annotation.Validated; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -17,6 +16,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminUpdatesUserEmailAddress; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java index 762f62c79b..ebdf5cf893 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java @@ -7,7 +7,6 @@ import org.springframework.stereotype.Service; import org.springframework.validation.annotation.Validated; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -16,6 +15,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminGrantsAdminRightsToUser; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserListService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserListService.java index 3166f1fb15..9fcfec450a 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserListService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserListService.java @@ -8,8 +8,8 @@ import org.springframework.data.domain.Example; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminListsAllAdmins; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminListsAllUsers; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java index 4034f499a8..4726aa931d 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java @@ -8,7 +8,6 @@ import org.springframework.stereotype.Service; import org.springframework.validation.annotation.Validated; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException; @@ -18,6 +17,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminRevokesAdminRightsFromAdmin; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRoleCalculationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRoleCalculationService.java index a4f14c4bff..5a07e59c18 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRoleCalculationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRoleCalculationService.java @@ -7,13 +7,13 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.UserMessage; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; @Service diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java index 0fc0c033ed..a48b6b5f14 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java @@ -45,8 +45,8 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.test.TestPortProvider; @RunWith(SpringRunner.class) diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserServiceTest.java index 8bf1190bd9..b5c0ca24ae 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectAssignUserServiceTest.java @@ -11,10 +11,10 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; import com.mercedesbenz.sechub.test.junit4.ExpectedExceptionFactory; diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerServiceTest.java index 82b085b7fe..39dba6b20e 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerServiceTest.java @@ -13,10 +13,10 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.domain.administration.user.UserRepository; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; import com.mercedesbenz.sechub.test.junit4.ExpectedExceptionFactory; diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteServiceTest.java index b303a3ad5a..8cbb79de92 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteServiceTest.java @@ -14,7 +14,6 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; @@ -22,6 +21,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; import com.mercedesbenz.sechub.test.junit4.ExpectedExceptionFactory; diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java index 6d23f64554..a6bba1c49f 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java @@ -34,8 +34,8 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.test.TestPortProvider; @RunWith(SpringRunner.class) diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java index 5090ec3185..e721db536d 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java @@ -23,7 +23,7 @@ import org.springframework.test.web.servlet.MockMvc; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.validation.ApiVersionValidationFactory; import com.mercedesbenz.sechub.sharedkernel.validation.EmailValidationImpl; import com.mercedesbenz.sechub.sharedkernel.validation.UserIdValidationImpl; diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java index 5b80b99e49..eb5015f332 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java @@ -25,8 +25,8 @@ import org.springframework.test.web.servlet.MockMvc; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.test.TestPortProvider; @RunWith(SpringRunner.class) diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java index 52201c9853..2deaec8f2b 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java @@ -38,8 +38,8 @@ import com.mercedesbenz.sechub.domain.administration.signup.Signup; import com.mercedesbenz.sechub.domain.administration.signup.SignupRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.test.TestPortProvider; @RunWith(SpringRunner.class) diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteServiceTest.java index 44129b7c2c..c4ee578fff 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteServiceTest.java @@ -8,11 +8,11 @@ import org.junit.Test; import org.junit.rules.ExpectedException; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; import com.mercedesbenz.sechub.test.junit4.ExpectedExceptionFactory; diff --git a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUser.java b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUser.java index 658e724dd4..b9f040112c 100644 --- a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUser.java +++ b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUser.java @@ -3,7 +3,7 @@ import java.util.Objects; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import jakarta.persistence.Column; import jakarta.persistence.Entity; diff --git a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java new file mode 100644 index 0000000000..9c27dc079a --- /dev/null +++ b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java @@ -0,0 +1,109 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.domain.authorization; + +import java.util.ArrayList; +import java.util.List; +import java.util.UUID; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import com.mercedesbenz.sechub.sharedkernel.security.AuthorityConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; + +/** + *

+ * Service class responsible for loading user-specific data from the database + * and enriching authentication with SecHub-specific user roles. Implements the + * {@link UserDetailsService} interface used by Spring Security. + *

+ * + *

+ * Usually the {@link UserDetailsService} is is used by Spring Security Basic + * Auth. However, in our case it is also used by OAuth2. We do this to + * centralize the user authentication logic so that we have a single source of + * truth for user roles and permissions. + *

+ * + * @see UserDetailsService + * @see AuthUserRepository + * @see AuthUser + * @see UserDetails + * + * @author Albert Tregnaghi, hamidonos + */ +@Service +public class AuthUserDetailsService implements UserDetailsService { + + private final AuthUserRepository repository; + private static final Logger LOG = LoggerFactory.getLogger(AuthUserDetailsService.class); + private static final String NOOP_DUMMY_PASSWORD_FORMAT = "{noop}DUMMY-%s"; + + AuthUserDetailsService(AuthUserRepository repository) { + this.repository = repository; + } + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + /* @formatter:off */ + return repository + .findByUserId(username) + .map(AuthUserDetailsService::adoptUser) + .orElseThrow(() -> new UsernameNotFoundException(username)); + /* @formatter:on */ + } + + static UserDetails adoptUser(AuthUser entity) { + User.UserBuilder builder = User.builder(); + builder.username(entity.getUserId()); + String hashedApiToken = entity.getHashedApiToken(); + + if (hashedApiToken == null) { + /* + * This is a fallback for authentication with OAuth2, because the OAuth2 way + * does not require to have a hashed api token in the database. To make Spring + * Security not throw an exception because of a missing password we set a dummy + * throwaway password here that can never be used for actual authentication. + */ + String randomThrowAwayPassword = UUID.randomUUID().toString(); + String dummyApiToken = NOOP_DUMMY_PASSWORD_FORMAT.formatted(randomThrowAwayPassword); + builder.password(dummyApiToken); + } else { + /* + * Here we have the normal case where a hashed api token is in the database. + * This can be true for both Basic Auth and OAuth2. + */ + builder.password(hashedApiToken); + } + + List authorities = accumulateAuthorities(entity); + builder.authorities(authorities.toArray(new String[authorities.size()])); + + /* when api token is empty or null then access is disabled */ + boolean disabled = hashedApiToken == null || hashedApiToken.isEmpty(); + builder.disabled(disabled); + UserDetails details = builder.build(); + LOG.trace("User:{} has authorities: {}, entity:{}", entity.getUserId(), details.getAuthorities(), entity); + return details; + } + + private static List accumulateAuthorities(AuthUser entity) { + List authorities = new ArrayList(); + + if (entity.isRoleUser()) { + authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_USER); + } + if (entity.isRoleSuperAdmin()) { + authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_SUPERADMIN); + } + if (entity.isRoleOwner()) { + authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_OWNER); + } + return authorities; + } +} diff --git a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfiguration.java b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfiguration.java deleted file mode 100644 index 3936d23508..0000000000 --- a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfiguration.java +++ /dev/null @@ -1,73 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.authorization; - -import java.util.ArrayList; -import java.util.List; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.User.UserBuilder; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.crypto.password.PasswordEncoder; - -import com.mercedesbenz.sechub.sharedkernel.AuthorityConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; - -@Configuration -public class AuthUserRestAPIConfiguration { - - private static final Logger LOG = LoggerFactory.getLogger(AuthUserRestAPIConfiguration.class); - - @Autowired - PasswordEncoder passwordEncoder; - - @Bean - public UserDetailsService userDetailsService(final AuthUserRepository repository) { - /* @formatter:off */ - return userid -> repository. - findByUserId(userid). - map(AuthUserRestAPIConfiguration::adoptUser). - orElseThrow(()->new UsernameNotFoundException(userid)); - /* @formatter:on */ - } - - static UserDetails adoptUser(AuthUser entity) { - UserBuilder builder = User.builder(); - builder.username(entity.getUserId()); - String hashedApiToken = entity.getHashedApiToken(); - builder.password(hashedApiToken); - - List authorities = accumulateAuthorities(entity); - - builder.authorities(authorities.toArray(new String[authorities.size()])); - - /* when api token is empty or null then access is disabled */ - boolean disabled = hashedApiToken == null || hashedApiToken.isEmpty(); - builder.disabled(disabled); - UserDetails details = builder.build(); - LOG.trace("User:{} has authorities: {}, entity:{}", entity.getUserId(), details.getAuthorities(), entity); - return details; - } - - private static List accumulateAuthorities(AuthUser entity) { - List authorities = new ArrayList(); - - if (entity.isRoleUser()) { - authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_USER); - } - if (entity.isRoleSuperAdmin()) { - authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_SUPERADMIN); - } - if (entity.isRoleOwner()) { - authorities.add(AuthorityConstants.AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_OWNER); - } - return authorities; - } - -} diff --git a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRole.java b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRole.java index e14290870b..d5ebb49f2b 100644 --- a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRole.java +++ b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRole.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.authorization; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; /** * This enumeration just represents all possible roles and knows the relation to diff --git a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesService.java b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesService.java index 5cf3a7f049..7c39c9eedd 100644 --- a/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesService.java +++ b/sechub-authorization/src/main/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesService.java @@ -1,7 +1,9 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.authorization.service; -import static com.mercedesbenz.sechub.sharedkernel.RoleConstants.*; +import static com.mercedesbenz.sechub.sharedkernel.security.RoleConstants.isOwnerRole; +import static com.mercedesbenz.sechub.sharedkernel.security.RoleConstants.isSuperAdminRole; +import static com.mercedesbenz.sechub.sharedkernel.security.RoleConstants.isUserRole; import java.util.Set; diff --git a/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfigurationTest.java b/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsServiceTest.java similarity index 83% rename from sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfigurationTest.java rename to sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsServiceTest.java index 75eb357851..81759fc04a 100644 --- a/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserRestAPIConfigurationTest.java +++ b/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsServiceTest.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.authorization; -import static com.mercedesbenz.sechub.sharedkernel.AuthorityConstants.*; +import static com.mercedesbenz.sechub.sharedkernel.security.AuthorityConstants.*; import static org.junit.Assert.*; import java.util.Collection; @@ -11,12 +11,12 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; -public class AuthUserRestAPIConfigurationTest { +public class AuthUserDetailsServiceTest { @Test - public void adoptUserAcumultesAuthorities() { + public void adoptUser_accumulates_authorities() { AuthUser entity = createAuthUser(); entity.setRoleOwner(true); @@ -24,7 +24,7 @@ public void adoptUserAcumultesAuthorities() { entity.setRoleSuperAdmin(true); /* execute */ - UserDetails result = AuthUserRestAPIConfiguration.adoptUser(entity); + UserDetails result = AuthUserDetailsService.adoptUser(entity); /* test */ assertHasAuthority(result, AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_USER, AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_SUPERADMIN, @@ -40,7 +40,7 @@ public void adoptUser_with_role_user() { entity.setRoleSuperAdmin(false); /* execute */ - UserDetails result = AuthUserRestAPIConfiguration.adoptUser(entity); + UserDetails result = AuthUserDetailsService.adoptUser(entity); /* test */ assertHasAuthority(result, AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_USER); @@ -56,7 +56,7 @@ public void adoptUser_with_role_owner() { entity.setRoleSuperAdmin(false); /* execute */ - UserDetails result = AuthUserRestAPIConfiguration.adoptUser(entity); + UserDetails result = AuthUserDetailsService.adoptUser(entity); /* test */ assertHasAuthority(result, AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_OWNER); @@ -71,7 +71,7 @@ public void adoptUser_with_role_superadmin() { entity.setRoleSuperAdmin(true); /* execute */ - UserDetails result = AuthUserRestAPIConfiguration.adoptUser(entity); + UserDetails result = AuthUserDetailsService.adoptUser(entity); /* test */ assertHasAuthority(result, AUTHORITY_ROLE_PREFIX + RoleConstants.ROLE_SUPERADMIN); diff --git a/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesServiceTest.java b/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesServiceTest.java index 0469bdb312..e06e433e75 100644 --- a/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesServiceTest.java +++ b/sechub-authorization/src/test/java/com/mercedesbenz/sechub/domain/authorization/service/AuthUserUpdateRolesServiceTest.java @@ -14,7 +14,7 @@ import com.mercedesbenz.sechub.domain.authorization.AuthUser; import com.mercedesbenz.sechub.domain.authorization.AuthUserRepository; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; public class AuthUserUpdateRolesServiceTest { diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/docgen/usecase/UsecaseIdentifierUniqueUsageTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/docgen/usecase/UsecaseIdentifierUniqueUsageTest.java index b4040c25bc..dd7b383e25 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/docgen/usecase/UsecaseIdentifierUniqueUsageTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/docgen/usecase/UsecaseIdentifierUniqueUsageTest.java @@ -9,7 +9,7 @@ import com.mercedesbenz.sechub.docgen.reflections.Reflections; import com.mercedesbenz.sechub.docgen.util.ReflectionsFactory; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AdminShowsScanLogsForProjectRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AdminShowsScanLogsForProjectRestDocTest.java index 177571f675..819cefd01e 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AdminShowsScanLogsForProjectRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AdminShowsScanLogsForProjectRestDocTest.java @@ -41,8 +41,8 @@ import com.mercedesbenz.sechub.domain.scan.log.ProjectScanLogSummary; import com.mercedesbenz.sechub.domain.scan.log.ScanLogRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminShowsScanLogsForProject; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousCheckAliveRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousCheckAliveRestDocTest.java index 8553c18f77..cc759dc18f 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousCheckAliveRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousCheckAliveRestDocTest.java @@ -25,7 +25,7 @@ import com.mercedesbenz.sechub.docgen.util.RestDocFactory; import com.mercedesbenz.sechub.server.core.AnonymousCheckAliveRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.anonymous.UseCaseAnonymousCheckAlive; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java index 678f132aac..368506db41 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java @@ -30,7 +30,7 @@ import com.mercedesbenz.sechub.domain.administration.signup.AnonymousSignupRestController; import com.mercedesbenz.sechub.domain.administration.signup.SignupJsonInputValidator; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserSignup; import com.mercedesbenz.sechub.sharedkernel.validation.ApiVersionValidationFactory; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserGetAPITokenByOneTimeTokenRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserGetAPITokenByOneTimeTokenRestControllerRestDocTest.java index 7111900b60..2308ffa3b3 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserGetAPITokenByOneTimeTokenRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserGetAPITokenByOneTimeTokenRestControllerRestDocTest.java @@ -31,7 +31,7 @@ import com.mercedesbenz.sechub.domain.administration.user.AnonymousUserGetAPITokenByOneTimeTokenService; import com.mercedesbenz.sechub.domain.administration.user.AnonymousUserGetApiTokenByOneTimeTokenRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserClicksLinkToGetNewAPIToken; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java index cb295f756f..30d6ae44be 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java @@ -30,7 +30,7 @@ import com.mercedesbenz.sechub.domain.administration.user.AnonymousUserRequestNewApiTokenRestController; import com.mercedesbenz.sechub.domain.administration.user.AnonymousUserRequestsNewApiTokenService; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserRequestsNewApiToken; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ConfigAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ConfigAdministrationRestControllerRestDocTest.java index 14ae3277f8..1ad8676f10 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ConfigAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ConfigAdministrationRestControllerRestDocTest.java @@ -32,8 +32,8 @@ import com.mercedesbenz.sechub.domain.administration.config.ConfigAdministrationRestController; import com.mercedesbenz.sechub.domain.administration.scheduler.SchedulerAdministrationRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesAutoCleanupConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminUpdatesAutoCleanupConfiguration; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/DownloadsFullScanDataForJobRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/DownloadsFullScanDataForJobRestDocTest.java index d6c4772377..a853ca63dc 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/DownloadsFullScanDataForJobRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/DownloadsFullScanDataForJobRestDocTest.java @@ -37,10 +37,10 @@ import com.mercedesbenz.sechub.domain.scan.admin.ScanData; import com.mercedesbenz.sechub.domain.scan.log.ProjectScanLog; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc.SpringRestDocOutput; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminDownloadsFullScanDataForJob; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java index 9f1179d55c..e85a5223b3 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java @@ -35,8 +35,6 @@ import com.mercedesbenz.sechub.domain.administration.encryption.EncryptionAdministrationRestController; import com.mercedesbenz.sechub.domain.administration.job.JobAdministrationRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherAlgorithm; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherPasswordSourceType; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubDomainEncryptionData; @@ -45,6 +43,8 @@ import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionDataValidator; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionStatus; import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubPasswordSource; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminFetchesEncryptionStatus; import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/FalsePositiveRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/FalsePositiveRestControllerRestDocTest.java index 17a7b24f30..755823b43c 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/FalsePositiveRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/FalsePositiveRestControllerRestDocTest.java @@ -45,9 +45,9 @@ import com.mercedesbenz.sechub.domain.scan.project.*; import com.mercedesbenz.sechub.domain.scan.report.ScanReportRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserFetchesFalsePositiveConfigurationOfProject; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserMarksFalsePositives; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/JobAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/JobAdministrationRestControllerRestDocTest.java index 29d03d5115..9f1e1bc123 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/JobAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/JobAdministrationRestControllerRestDocTest.java @@ -40,8 +40,8 @@ import com.mercedesbenz.sechub.domain.administration.job.JobRestartRequestService; import com.mercedesbenz.sechub.domain.administration.job.JobStatus; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseAdminCancelsJob; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseAdminListsAllRunningJobs; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/MappingAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/MappingAdministrationRestControllerRestDocTest.java index a0ffce8f32..f421f8b05f 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/MappingAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/MappingAdministrationRestControllerRestDocTest.java @@ -36,8 +36,8 @@ import com.mercedesbenz.sechub.domain.administration.status.StatusAdministrationRestController; import com.mercedesbenz.sechub.domain.administration.status.StatusEntry; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.status.UseCaseAdminListsStatusInformation; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutionProfileRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutionProfileRestControllerRestDocTest.java index a9f5c9fe6d..c9885de327 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutionProfileRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutionProfileRestControllerRestDocTest.java @@ -49,9 +49,9 @@ import com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutionProfileService; import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminAssignsExecutionProfileToProject; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutionProfile; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutorConfigRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutorConfigRestControllerRestDocTest.java index a86fe82ad8..3e168c113a 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutorConfigRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProductExecutorConfigRestControllerRestDocTest.java @@ -50,9 +50,9 @@ import com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutorConfigService; import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutorConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminDeletesExecutorConfiguration; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectAdministrationRestControllerRestDocTest.java index a54be82299..1a30bb2ff3 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectAdministrationRestControllerRestDocTest.java @@ -68,9 +68,9 @@ import com.mercedesbenz.sechub.domain.administration.user.User; import com.mercedesbenz.sechub.server.SecHubWebMvcConfigurer; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.project.ProjectAccessLevel; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectAccessLevel; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminChangesProjectDescription; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectUpdateAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectUpdateAdministrationRestControllerRestDocTest.java index 09e3f94b29..072c1a2c0f 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectUpdateAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ProjectUpdateAdministrationRestControllerRestDocTest.java @@ -38,8 +38,8 @@ import com.mercedesbenz.sechub.domain.administration.project.ProjectUpdateWhitelistService; import com.mercedesbenz.sechub.domain.administration.project.UpdateProjectInputValidator; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectMetaData; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseUpdateProjectWhitelist; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanProjectMockDataRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanProjectMockDataRestControllerRestDocTest.java index 7110cec06e..af47f1c69c 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanProjectMockDataRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanProjectMockDataRestControllerRestDocTest.java @@ -33,7 +33,7 @@ import com.mercedesbenz.sechub.domain.scan.project.ScanProjectMockDataConfigurationService; import com.mercedesbenz.sechub.domain.scan.project.ScanProjectMockDataRestController; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserDefinesProjectMockdata; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserRetrievesProjectMockdata; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerAdministrationRestControllerRestDocTest.java index 9f9d8acbb8..dcb5773924 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerAdministrationRestControllerRestDocTest.java @@ -30,8 +30,8 @@ import com.mercedesbenz.sechub.domain.administration.scheduler.SwitchSchedulerJobProcessingService; import com.mercedesbenz.sechub.domain.administration.scheduler.TriggerSchedulerStatusRefreshService; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminDisablesSchedulerJobProcessing; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.schedule.UseCaseAdminEnablesSchedulerJobProcessing; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java index 82aa3f5248..97c1cea3b8 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java @@ -83,9 +83,9 @@ import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserService; import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfigurationValidator; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseUserListsJobsForProject; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserApprovesJob; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ServerInfoAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ServerInfoAdministrationRestControllerRestDocTest.java index 7ea44c62ce..7b8451a531 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ServerInfoAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ServerInfoAdministrationRestControllerRestDocTest.java @@ -32,8 +32,8 @@ import com.mercedesbenz.sechub.server.core.ServerInfoAdministrationRestController; import com.mercedesbenz.sechub.server.core.ServerRuntimeData; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.status.UseCaseAdminFetchesServerRuntimeData; import com.mercedesbenz.sechub.test.ExampleConstants; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java index fe560311a6..d02576634e 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java @@ -37,8 +37,8 @@ import com.mercedesbenz.sechub.domain.administration.signup.SignupDeleteService; import com.mercedesbenz.sechub.domain.administration.signup.SignupRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminDeletesSignup; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminListsOpenUserSignups; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/StatusAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/StatusAdministrationRestControllerRestDocTest.java index fc86599eb3..b59d5ed4dc 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/StatusAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/StatusAdministrationRestControllerRestDocTest.java @@ -37,9 +37,9 @@ import com.mercedesbenz.sechub.domain.administration.mapping.MappingAdministrationRestController; import com.mercedesbenz.sechub.domain.administration.mapping.UpdateMappingService; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.mapping.MappingIdentifier; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdmiUpdatesMappingConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesMappingConfiguration; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java index ac69f7025c..ded75b8140 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java @@ -46,8 +46,8 @@ import com.mercedesbenz.sechub.domain.administration.user.UserListService; import com.mercedesbenz.sechub.domain.administration.user.UserRevokeSuperAdminRightsService; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.signup.UseCaseAdminAcceptsSignup; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.user.UseCaseAdminDeletesUser; diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java index 4ffaa872bb..9f46d123a7 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java @@ -15,9 +15,9 @@ import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan-product-checkmarx/src/test/java/com/mercedesbenz/sechub/domain/scan/product/checkmarx/CheckmarxProductExecutorMockTest.java b/sechub-scan-product-checkmarx/src/test/java/com/mercedesbenz/sechub/domain/scan/product/checkmarx/CheckmarxProductExecutorMockTest.java index 0caddeeb69..3b81bf864a 100644 --- a/sechub-scan-product-checkmarx/src/test/java/com/mercedesbenz/sechub/domain/scan/product/checkmarx/CheckmarxProductExecutorMockTest.java +++ b/sechub-scan-product-checkmarx/src/test/java/com/mercedesbenz/sechub/domain/scan/product/checkmarx/CheckmarxProductExecutorMockTest.java @@ -50,10 +50,10 @@ import com.mercedesbenz.sechub.domain.scan.resolve.NetworkTargetResolver; import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.mapping.MappingIdentifier; import com.mercedesbenz.sechub.sharedkernel.metadata.DefaultMetaDataInspector; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.storage.SecHubStorageService; import com.mercedesbenz.sechub.storage.core.JobStorage; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/IntegrationTestScanRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/IntegrationTestScanRestController.java index ebb18ba623..2568951e77 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/IntegrationTestScanRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/IntegrationTestScanRestController.java @@ -38,10 +38,10 @@ import com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfigInfo; import com.mercedesbenz.sechub.domain.scan.product.config.WithoutProductExecutorConfigInfo; import com.mercedesbenz.sechub.domain.scan.report.ScanReportCountService; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; import com.mercedesbenz.sechub.sharedkernel.mapping.MappingIdentifier; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; /** * Contains additional rest call functionality for integration tests on scan diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanAssertService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanAssertService.java index bf1e13101d..0ff08f2111 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanAssertService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanAssertService.java @@ -8,8 +8,8 @@ import com.mercedesbenz.sechub.domain.scan.access.ScanUserAccessToProjectValidationService; import com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfigAccessLevelService; import com.mercedesbenz.sechub.domain.scan.report.ScanReport; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.ForbiddenException; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.AssertValidation; import com.mercedesbenz.sechub.sharedkernel.validation.ProjectIdValidation; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/access/ScanUserAccessToProjectValidationService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/access/ScanUserAccessToProjectValidationService.java index f6f9e22c12..dd9fc125d3 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/access/ScanUserAccessToProjectValidationService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/access/ScanUserAccessToProjectValidationService.java @@ -7,11 +7,11 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.domain.scan.access.ScanAccess.ProjectAccessCompositeKey; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.logging.SecurityLogService; import com.mercedesbenz.sechub.sharedkernel.logging.SecurityLogType; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; @Service public class ScanUserAccessToProjectValidationService { diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataRestController.java index 2569aeecc9..c76e1e3d92 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataRestController.java @@ -14,12 +14,12 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminDownloadsFullScanDataForJob; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataService.java index 099e44d1bd..33fe1f0484 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/admin/FullScanDataService.java @@ -13,8 +13,8 @@ import com.mercedesbenz.sechub.domain.scan.log.ProjectScanLogService; import com.mercedesbenz.sechub.domain.scan.product.ProductResult; import com.mercedesbenz.sechub.domain.scan.product.ProductResultService; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminDownloadsFullScanDataForJob; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ProjectScanLogService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ProjectScanLogService.java index 26ace64bd5..ed02699dcf 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ProjectScanLogService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ProjectScanLogService.java @@ -13,8 +13,8 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.domain.scan.SecHubExecutionContext; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ScanLogRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ScanLogRestController.java index e59c60b251..7f462ffe72 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ScanLogRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/log/ScanLogRestController.java @@ -11,9 +11,9 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.project.UseCaseAdminShowsScanLogsForProject; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/ProductResultService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/ProductResultService.java index ffb34b9adc..09935f147b 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/ProductResultService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/ProductResultService.java @@ -9,7 +9,6 @@ import org.springframework.data.domain.Example; import org.springframework.stereotype.Service; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.SecHubEnvironment; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessageFactory; @@ -17,6 +16,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingAsyncMessage; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutionProfileService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutionProfileService.java index ba8c509368..a0349c5d70 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutionProfileService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutionProfileService.java @@ -15,10 +15,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.AlreadyExistsException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutionProfile; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutorConfigService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutorConfigService.java index 5c6f253454..27b4c0bfee 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutorConfigService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/CreateProductExecutorConfigService.java @@ -12,9 +12,9 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutorConfiguration; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutionProfileService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutionProfileService.java index ec402c71c8..303f3a5706 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutionProfileService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutionProfileService.java @@ -12,10 +12,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminDeletesExecutionProfile; import com.mercedesbenz.sechub.sharedkernel.validation.ProductExecutionProfileIdValidation; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutorConfigService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutorConfigService.java index 1c98507a11..811bca5525 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutorConfigService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/DeleteProductExecutorConfigService.java @@ -12,9 +12,9 @@ import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminDeletesExecutorConfiguration; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileListService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileListService.java index cadafa94d2..6794e5a92c 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileListService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileListService.java @@ -8,9 +8,9 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesExecutionProfileList; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileService.java index 455926eb53..e144cd4790 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutionProfileService.java @@ -10,10 +10,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesExecutionProfile; import com.mercedesbenz.sechub.sharedkernel.validation.ProductExecutionProfileIdValidation; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigListService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigListService.java index ab88be46fa..6c4e4f2073 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigListService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigListService.java @@ -8,9 +8,9 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesExecutorConfigurationList; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigService.java index 8abc20fcc1..8645f76d61 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/FetchProductExecutorConfigService.java @@ -9,10 +9,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesExecutorConfiguration; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutionProfileRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutionProfileRestController.java index 8c568384a5..68aa66ac41 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutionProfileRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutionProfileRestController.java @@ -15,10 +15,10 @@ import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminAssignsExecutionProfileToProject; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutionProfile; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminDeletesExecutionProfile; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutorConfigRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutorConfigRestController.java index 748c981d78..f1bfe26970 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutorConfigRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/ProductExecutorConfigRestController.java @@ -17,10 +17,10 @@ import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminCreatesExecutorConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminDeletesExecutorConfiguration; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminFetchesExecutorConfiguration; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutionProfileService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutionProfileService.java index 1e3834039e..5cc72b0310 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutionProfileService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutionProfileService.java @@ -14,10 +14,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminAssignsExecutionProfileToProject; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminUnassignsExecutionProfileFromProject; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminUpdatesExecutorConfig; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutorConfigService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutorConfigService.java index 7307fa85e5..030f119a2f 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutorConfigService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/config/UpdateProductExecutorConfigService.java @@ -13,10 +13,10 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.config.UseCaseAdminUpdatesExecutorConfig; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveDataService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveDataService.java index 3a4ef42ebe..52836b5859 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveDataService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveDataService.java @@ -15,9 +15,9 @@ import com.mercedesbenz.sechub.domain.scan.report.ScanReport; import com.mercedesbenz.sechub.domain.scan.report.ScanReportRepository; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; @Service diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveRestController.java index 3118b813ab..c7a3411e92 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/FalsePositiveRestController.java @@ -15,9 +15,9 @@ import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserFetchesFalsePositiveConfigurationOfProject; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserMarksFalsePositives; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserUnmarksFalsePositiveByJobData; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/ScanProjectMockDataRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/ScanProjectMockDataRestController.java index 5be28399e8..713c5f3ddc 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/ScanProjectMockDataRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/project/ScanProjectMockDataRestController.java @@ -11,10 +11,10 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserDefinesProjectMockdata; import com.mercedesbenz.sechub.sharedkernel.usecases.user.UseCaseUserRetrievesProjectMockdata; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java index 43796a1a77..7c19224329 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java @@ -14,9 +14,9 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.ModelAndView; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserDownloadsJobReport; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserDownloadsSpdxJobReport; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserStartsSynchronousScanByClient; diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java index 9e96565e19..df51082068 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java @@ -19,8 +19,8 @@ import com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob; import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository; import com.mercedesbenz.sechub.domain.schedule.strategy.SchedulerStrategyProvider; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; /** * Contains additional rest call functionality for integration tests on scan diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerBinariesUploadService.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerBinariesUploadService.java index 17ac2beaf8..951c2cf6d1 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerBinariesUploadService.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerBinariesUploadService.java @@ -33,7 +33,6 @@ import com.mercedesbenz.sechub.commons.model.SecHubRuntimeException; import com.mercedesbenz.sechub.commons.model.job.ExecutionState; import com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.error.BadRequestException; import com.mercedesbenz.sechub.sharedkernel.logging.AuditLogService; @@ -44,6 +43,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.StorageMessageData; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.storage.SecHubStorageService; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserUploadsBinaries; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestController.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestController.java index 86a457ef80..7f156cae84 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestController.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestController.java @@ -15,11 +15,11 @@ import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserListPage; import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserService; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfigurationValidator; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseUserListsJobsForProject; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserApprovesJob; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserChecksJobStatus; diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerSourcecodeUploadService.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerSourcecodeUploadService.java index fde27d0299..01c40ec329 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerSourcecodeUploadService.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/SchedulerSourcecodeUploadService.java @@ -20,7 +20,6 @@ import com.mercedesbenz.sechub.commons.model.SecHubRuntimeException; import com.mercedesbenz.sechub.commons.model.job.ExecutionState; import com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.UUIDTraceLogID; import com.mercedesbenz.sechub.sharedkernel.error.BadRequestException; @@ -33,6 +32,7 @@ import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys; import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID; import com.mercedesbenz.sechub.sharedkernel.messaging.StorageMessageData; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.storage.SecHubStorageService; import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserUploadsSourceCode; import com.mercedesbenz.sechub.sharedkernel.util.ArchiveSupportProvider; diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/access/ScheduleUserAccessToProjectValidationService.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/access/ScheduleUserAccessToProjectValidationService.java index 82d397aa3a..ac02c97552 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/access/ScheduleUserAccessToProjectValidationService.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/access/ScheduleUserAccessToProjectValidationService.java @@ -7,11 +7,11 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.domain.schedule.access.ScheduleAccess.ProjectAccessCompositeKey; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; import com.mercedesbenz.sechub.sharedkernel.logging.LogSanitizer; import com.mercedesbenz.sechub.sharedkernel.logging.SecurityLogService; import com.mercedesbenz.sechub.sharedkernel.logging.SecurityLogType; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; @Service public class ScheduleUserAccessToProjectValidationService { diff --git a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactory.java b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactory.java index a5be4f1a64..f80c911b9f 100644 --- a/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactory.java +++ b/sechub-schedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactory.java @@ -18,8 +18,8 @@ import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelSupport; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionResult; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import jakarta.validation.Valid; diff --git a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestControllerMockTest.java b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestControllerMockTest.java index 00627015ed..3d78ae9167 100644 --- a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestControllerMockTest.java +++ b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/SchedulerRestControllerMockTest.java @@ -46,9 +46,9 @@ import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserService; import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfigurationValidator; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.test.TestPortProvider; import jakarta.validation.ValidationException; diff --git a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobCreator.java b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobCreator.java index 17635683dd..b96a28a62d 100644 --- a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobCreator.java +++ b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobCreator.java @@ -17,8 +17,8 @@ import com.mercedesbenz.sechub.commons.model.job.ExecutionState; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionResult; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.test.SechubTestComponent; @SechubTestComponent diff --git a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobFactoryTest.java b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobFactoryTest.java index b180e7517b..5ec9e88e37 100644 --- a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobFactoryTest.java +++ b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/JobFactoryTest.java @@ -11,8 +11,8 @@ import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelSupport; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionResult; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; public class JobFactoryTest { diff --git a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactorySpringBootTest.java b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactorySpringBootTest.java index 1e90cb0f67..48bb479746 100644 --- a/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactorySpringBootTest.java +++ b/sechub-schedule/src/test/java/com/mercedesbenz/sechub/domain/schedule/job/SecHubJobFactorySpringBootTest.java @@ -23,8 +23,8 @@ import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelSupport; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionResult; import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; @SpringBootTest(classes = SecHubJobFactory.class) class SecHubJobFactorySpringBootTest { diff --git a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/AnonymousCheckAliveRestController.java b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/AnonymousCheckAliveRestController.java index 16172d906e..2eaa63c5a2 100644 --- a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/AnonymousCheckAliveRestController.java +++ b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/AnonymousCheckAliveRestController.java @@ -6,8 +6,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.anonymous.UseCaseAnonymousCheckAlive; @RestController diff --git a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/IntegrationTestServerRestController.java b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/IntegrationTestServerRestController.java index 18c6b90bba..d6ca4aea03 100644 --- a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/IntegrationTestServerRestController.java +++ b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/IntegrationTestServerRestController.java @@ -24,10 +24,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; -import com.mercedesbenz.sechub.sharedkernel.AuthorityConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; import com.mercedesbenz.sechub.sharedkernel.autocleanup.IntegrationTestAutoCleanupResultInspector; import com.mercedesbenz.sechub.sharedkernel.autocleanup.IntegrationTestAutoCleanupResultInspector.JsonDeleteCount; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; @@ -39,6 +36,9 @@ import com.mercedesbenz.sechub.sharedkernel.metadata.IntegrationTestMetaDataInspector; import com.mercedesbenz.sechub.sharedkernel.metadata.MapStorageMetaDataInspection; import com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspector; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.AuthorityConstants; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import com.mercedesbenz.sechub.sharedkernel.storage.SecHubStorageService; import com.mercedesbenz.sechub.sharedkernel.validation.ProjectIdValidation; import com.mercedesbenz.sechub.sharedkernel.validation.ValidationResult; @@ -175,7 +175,7 @@ public void logInfo(@RequestBody String text) { @RequestMapping(path = APIConstants.API_ANONYMOUS + "integrationtest/check/role/{role}", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) public boolean checkRole(@PathVariable("role") String role) { - String authories = userContextService.getAuthories(); + String authories = userContextService.getAuthorities(); String userId = userContextService.getUserId(); LOG.info("Integration test server wants to know if current user '{}' has role '{}'", userId, role); diff --git a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/ServerInfoAdministrationRestController.java b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/ServerInfoAdministrationRestController.java index 693a3a12f8..ebf466737a 100644 --- a/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/ServerInfoAdministrationRestController.java +++ b/sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/ServerInfoAdministrationRestController.java @@ -10,10 +10,10 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.admin.status.UseCaseAdminFetchesServerRuntimeData; import jakarta.annotation.security.RolesAllowed; diff --git a/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerMDCAsyncHandlerInterceptor.java b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerMDCAsyncHandlerInterceptor.java index 2cb68bf947..a752d1cb5a 100644 --- a/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerMDCAsyncHandlerInterceptor.java +++ b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerMDCAsyncHandlerInterceptor.java @@ -8,8 +8,8 @@ import org.slf4j.MDC; import org.springframework.web.servlet.AsyncHandlerInterceptor; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.LogConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; diff --git a/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerOAuth2PropertiesConfig.java b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerOAuth2PropertiesConfig.java new file mode 100644 index 0000000000..b336bc4b12 --- /dev/null +++ b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerOAuth2PropertiesConfig.java @@ -0,0 +1,14 @@ +package com.mercedesbenz.sechub.server; + +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; + +import com.mercedesbenz.sechub.sharedkernel.Profiles; +import com.mercedesbenz.sechub.sharedkernel.security.OAuth2Properties; + +@Configuration +@EnableConfigurationProperties(OAuth2Properties.class) +@Profile(Profiles.OAUTH2) +class SecHubServerOAuth2PropertiesConfig { +} diff --git a/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerSecurityConfiguration.java b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerSecurityConfiguration.java index 89e7773d1a..edb38d24e3 100644 --- a/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerSecurityConfiguration.java +++ b/sechub-server/src/main/java/com/mercedesbenz/sechub/server/SecHubServerSecurityConfiguration.java @@ -6,7 +6,7 @@ import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; +import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration; @Configuration @EnableMethodSecurity(jsr250Enabled = true) diff --git a/sechub-server/src/test/java/com/mercedesbenz/sechub/server/SecHubMultiSpringBootTest.java b/sechub-server/src/test/java/com/mercedesbenz/sechub/server/SecHubMultiSpringBootTest.java index ddc6653165..4de149a93d 100644 --- a/sechub-server/src/test/java/com/mercedesbenz/sechub/server/SecHubMultiSpringBootTest.java +++ b/sechub-server/src/test/java/com/mercedesbenz/sechub/server/SecHubMultiSpringBootTest.java @@ -37,9 +37,9 @@ import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobFactory; import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.error.NotFoundException; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.validation.UserInputAssertion; import com.mercedesbenz.sechub.storage.core.JobStorageFactory; diff --git a/sechub-shared-kernel/build.gradle b/sechub-shared-kernel/build.gradle index 8d21e55f77..50b480d493 100644 --- a/sechub-shared-kernel/build.gradle +++ b/sechub-shared-kernel/build.gradle @@ -22,7 +22,8 @@ dependencies { implementation library.apache_commons_validator implementation library.logstashLogbackEncoder + implementation library.springboot_starter_oauth2_resource_server testImplementation project(':sechub-testframework') - + testImplementation project(':sechub-testframework-spring') } diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/Profiles.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/Profiles.java index 155b87f25c..12826e8b36 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/Profiles.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/Profiles.java @@ -26,6 +26,11 @@ private Profiles() { */ public static final String POSTGRES = "postgres"; + /** + * Security profiles + */ + public static final String OAUTH2 = "oauth2"; + public static final String MOCKED_NOTIFICATIONS = "mocked_notifications"; /** diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/AbstractSecHubAPISecurityConfiguration.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/AbstractSecHubAPISecurityConfiguration.java deleted file mode 100644 index fe29fc03f3..0000000000 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/AbstractSecHubAPISecurityConfiguration.java +++ /dev/null @@ -1,39 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel.configuration; - -import static com.mercedesbenz.sechub.sharedkernel.RoleConstants.*; - -import org.springframework.context.annotation.Bean; -import org.springframework.security.config.Customizer; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.web.SecurityFilterChain; - -import com.mercedesbenz.sechub.sharedkernel.APIConstants; - -public abstract class AbstractSecHubAPISecurityConfiguration { - - @Bean - public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { - - /* @formatter:off */ - httpSecurity.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authorizeHttpRequests((auth) -> auth. - requestMatchers(APIConstants.API_ADMINISTRATION + "**").hasAnyRole(ROLE_SUPERADMIN). - requestMatchers(APIConstants.API_USER + "**").hasAnyRole(ROLE_USER, ROLE_SUPERADMIN). - requestMatchers(APIConstants.API_PROJECT + "**").hasAnyRole(ROLE_USER, ROLE_SUPERADMIN). - requestMatchers(APIConstants.API_OWNER + "**").hasAnyRole(ROLE_OWNER, ROLE_SUPERADMIN). - - requestMatchers(APIConstants.API_ANONYMOUS + "**").permitAll(). - requestMatchers(APIConstants.ERROR_PAGE).permitAll(). - requestMatchers(APIConstants.ACTUATOR + "**").permitAll(). - requestMatchers("/**").denyAll()) - .csrf((csrf) -> csrf.disable()) // CSRF protection disabled. The CookieServerCsrfTokenRepository does - // not work since Spring Boot 3 - .httpBasic(Customizer.withDefaults()).headers((headers) -> headers - .contentSecurityPolicy((csp) -> csp.policyDirectives("default-src 'none'; style-src 'unsafe-inline'"))); - /* @formatter:on */ - - return httpSecurity.build(); - } -} diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/SecHubConfigurationValidator.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/SecHubConfigurationValidator.java index ecc4b99e2a..359f7a6647 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/SecHubConfigurationValidator.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/configuration/SecHubConfigurationValidator.java @@ -18,7 +18,7 @@ import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidationResult; import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidationResult.SecHubConfigurationModelValidationErrorData; import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidator; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; @Component public class SecHubConfigurationValidator implements Validator { diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/AuditLogService.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/AuditLogService.java index e2257d504b..f18aafb807 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/AuditLogService.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/AuditLogService.java @@ -12,7 +12,7 @@ import org.springframework.stereotype.Service; import com.mercedesbenz.sechub.sharedkernel.LogConstants; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; @Service public class AuditLogService { diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogService.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogService.java index 166d301847..4435afe50f 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogService.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogService.java @@ -19,7 +19,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.mercedesbenz.sechub.adapter.SpringUtilFactory; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/APIConstants.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/APIConstants.java similarity index 96% rename from sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/APIConstants.java rename to sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/APIConstants.java index 4ee0ece544..e9d129909e 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/APIConstants.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/APIConstants.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel; +package com.mercedesbenz.sechub.sharedkernel.security; /** * API constants, usable inside rest controllers etc. Be AWARE: its very diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AbstractSecHubAPISecurityConfiguration.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AbstractSecHubAPISecurityConfiguration.java new file mode 100644 index 0000000000..79c68d53dc --- /dev/null +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AbstractSecHubAPISecurityConfiguration.java @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static com.mercedesbenz.sechub.sharedkernel.security.RoleConstants.*; + +import org.springframework.beans.factory.NoSuchBeanDefinitionException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.core.env.Environment; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver; +import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver; +import org.springframework.security.web.SecurityFilterChain; + +import com.mercedesbenz.sechub.sharedkernel.Profiles; + +public abstract class AbstractSecHubAPISecurityConfiguration { + + /* @formatter:off */ + @Bean + public SecurityFilterChain filterChain(HttpSecurity httpSecurity, + Environment environment, + @Autowired(required = false) OAuth2Properties oAuth2Properties, + @Autowired(required = false) UserDetailsService userDetailsService, + @Autowired(required = false) JwtDecoder jwtDecoder) throws Exception { + + httpSecurity.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests((auth) -> auth. + requestMatchers(APIConstants.API_ADMINISTRATION + "**").hasAnyRole(ROLE_SUPERADMIN). + requestMatchers(APIConstants.API_USER + "**").hasAnyRole(ROLE_USER, ROLE_SUPERADMIN). + requestMatchers(APIConstants.API_PROJECT + "**").hasAnyRole(ROLE_USER, ROLE_SUPERADMIN). + requestMatchers(APIConstants.API_OWNER + "**").hasAnyRole(ROLE_OWNER, ROLE_SUPERADMIN). + + requestMatchers(APIConstants.API_ANONYMOUS + "**").permitAll(). + requestMatchers(APIConstants.ERROR_PAGE).permitAll(). + requestMatchers(APIConstants.ACTUATOR + "**").permitAll(). + requestMatchers("/**").denyAll()) + .csrf(AbstractHttpConfigurer::disable) // CSRF protection disabled. The CookieServerCsrfTokenRepository does + // not work since Spring Boot 3 + .httpBasic(Customizer.withDefaults()).headers((headers) -> headers + .contentSecurityPolicy((csp) -> csp.policyDirectives("default-src 'none'; style-src 'unsafe-inline'"))); + + if (environment.matchesProfiles(Profiles.OAUTH2)) { + if (oAuth2Properties == null) { + throw new NoSuchBeanDefinitionException(OAuth2Properties.class); + } + + if (userDetailsService == null) { + throw new NoSuchBeanDefinitionException(UserDetailsService.class); + } + + if (jwtDecoder == null) { + throw new NoSuchBeanDefinitionException(JwtDecoder.class); + } + + AuthenticationProvider authenticationProvider = new OAuth2AuthenticationProvider(userDetailsService, jwtDecoder); + BearerTokenResolver bearerTokenResolver = new DefaultBearerTokenResolver(); + + httpSecurity + .oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer + .jwt(jwt -> jwt.jwkSetUri(oAuth2Properties.getJwkSetUri())) + .bearerTokenResolver(bearerTokenResolver) + ).authenticationProvider(authenticationProvider); + } + /* @formatter:on */ + + return httpSecurity.build(); + } +} diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/AuthorityConstants.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AuthorityConstants.java similarity index 84% rename from sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/AuthorityConstants.java rename to sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AuthorityConstants.java index 89ca23d47a..3896903915 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/AuthorityConstants.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/AuthorityConstants.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel; +package com.mercedesbenz.sechub.sharedkernel.security; public class AuthorityConstants { diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/JwtDecoderConfiguration.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/JwtDecoderConfiguration.java new file mode 100644 index 0000000000..c1ab072ecb --- /dev/null +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/JwtDecoderConfiguration.java @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; + +import com.mercedesbenz.sechub.sharedkernel.Profiles; + +@Configuration +@Profile(Profiles.OAUTH2) +class JwtDecoderConfiguration { + + @Bean + JwtDecoder jwtDecoder(OAuth2Properties oAuth2Properties) { + return NimbusJwtDecoder.withJwkSetUri(oAuth2Properties.getJwkSetUri()).build(); + } +} diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2AuthenticationProvider.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2AuthenticationProvider.java new file mode 100644 index 0000000000..452f784565 --- /dev/null +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2AuthenticationProvider.java @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static java.util.Objects.requireNonNull; + +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; + +/** + *

+ * This class integrates authentication and authorization in SecHub by combining + * OAuth2-based authentication with custom + * {@link com.mercedesbenz.sechub.domain.authorization.AuthUserDetailsService} + * for authorization. While OAuth2 manages the authentication process, our + * system fetches roles and permissions from the database to handle + * authorization. + *

+ * + *

+ * The {@link org.springframework.security.oauth2.jwt.JwtDecoder} is employed to + * decode the JWT token, extracting the username by interacting with the + * identity provider. This username is then utilized to retrieve user details + * from the user details service. These details are subsequently used to create + * a + * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}, + * which encapsulates information about the authenticated user and their roles. + *

+ * + * @see com.mercedesbenz.sechub.domain.authorization.AuthUserDetailsService + * @see org.springframework.security.oauth2.jwt.JwtDecoder + * @see org.springframework.security.core.userdetails.UserDetailsService + * @see org.springframework.security.authentication.AuthenticationProvider + * + * @author hamidonos + */ +@SuppressWarnings("JavadocReference") +class OAuth2AuthenticationProvider implements AuthenticationProvider { + + private final UserDetailsService userDetailsService; + private final JwtDecoder jwtDecoder; + + public OAuth2AuthenticationProvider(UserDetailsService userDetailsService, JwtDecoder jwtDecoder) { + this.userDetailsService = requireNonNull(userDetailsService, "Property userDetailsService must not be null"); + this.jwtDecoder = requireNonNull(jwtDecoder, "Property jwtDecoder must not be null"); + } + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + if (!(authentication instanceof BearerTokenAuthenticationToken bearerToken)) { + return null; + } + + Jwt jwt; + try { + jwt = jwtDecoder.decode(bearerToken.getToken()); + } catch (Exception e) { + throw new BadCredentialsException("The presented JWT could not be decoded", e); + } + String username = jwt.getSubject(); + UserDetails userDetails = userDetailsService.loadUserByUsername(username); + + return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); + } + + @Override + public boolean supports(Class authentication) { + return BearerTokenAuthenticationToken.class.isAssignableFrom(authentication); + } + +} \ No newline at end of file diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2Properties.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2Properties.java new file mode 100644 index 0000000000..2cb22f6a33 --- /dev/null +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2Properties.java @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static java.util.Objects.requireNonNull; + +import org.springframework.boot.context.properties.ConfigurationProperties; + +@ConfigurationProperties(OAuth2Properties.PREFIX) +public class OAuth2Properties { + + static final String PREFIX = "sechub.security.oauth2"; + + private final String jwkSetUri; + + public OAuth2Properties(String jwkSetUri) { + this.jwkSetUri = requireNonNull(jwkSetUri, "The property 'sechub.security.oauth2.jwk-set-uri' must not be null"); + } + + public String getJwkSetUri() { + return jwkSetUri; + } +} \ No newline at end of file diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/RoleConstants.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstants.java similarity index 76% rename from sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/RoleConstants.java rename to sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstants.java index 533eb333c6..42d3bc4d36 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/RoleConstants.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstants.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel; +package com.mercedesbenz.sechub.sharedkernel.security; /** * SecHub role constants without {@link AuthorityConstants#AUTHORITY_ROLE_PREFIX @@ -21,15 +21,15 @@ public class RoleConstants { private RoleConstants() { } - public static final boolean isSuperAdminRole(String role) { + public static boolean isSuperAdminRole(String role) { return ROLE_SUPERADMIN.equals(role); } - public static final boolean isUserRole(String role) { + public static boolean isUserRole(String role) { return ROLE_USER.equals(role); } - public static final boolean isOwnerRole(String role) { + public static boolean isOwnerRole(String role) { return ROLE_OWNER.equals(role); } diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/UserContextService.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/UserContextService.java similarity index 80% rename from sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/UserContextService.java rename to sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/UserContextService.java index db4c31b9ac..b714791527 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/UserContextService.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/security/UserContextService.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel; +package com.mercedesbenz.sechub.sharedkernel.security; import java.util.Collection; @@ -14,7 +14,7 @@ public class UserContextService { /** - * @return user id of current logged in user or null + * @return user id of current logged-in user or null */ public String getUserId() { Authentication authentication = getAuthentication(); @@ -31,17 +31,19 @@ public boolean isSuperAdmin() { return hasRole(RoleConstants.ROLE_SUPERADMIN); } - public String getAuthories() { + public String getAuthorities() { StringBuilder sb = new StringBuilder(); Authentication authentication = getAuthentication(); - Collection authorities = authentication.getAuthorities(); - for (GrantedAuthority auth : authorities) { - if (auth == null) { - continue; + if (authentication != null) { + Collection authorities = authentication.getAuthorities(); + for (GrantedAuthority auth : authorities) { + if (auth == null) { + continue; + } + sb.append(auth.getAuthority()); + sb.append(" "); } - sb.append(auth.getAuthority()); - sb.append(" "); } return sb.toString().trim(); } diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseAdministrationAutoCleanExecution.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseAdministrationAutoCleanExecution.java index 537a2e0de2..d5add1f9e0 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseAdministrationAutoCleanExecution.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseAdministrationAutoCleanExecution.java @@ -6,9 +6,9 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.autocleanup.AutoCleanupConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseGroup; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScanAutoCleanExecution.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScanAutoCleanExecution.java index a41650d5f1..e55b6464cc 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScanAutoCleanExecution.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScanAutoCleanExecution.java @@ -6,9 +6,9 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.autocleanup.AutoCleanupConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseGroup; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScheduleAutoCleanExecution.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScheduleAutoCleanExecution.java index a8aa4be2cc..a2e58eb438 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScheduleAutoCleanExecution.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/autocleanup/UseCaseScheduleAutoCleanExecution.java @@ -6,9 +6,9 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Step; import com.mercedesbenz.sechub.sharedkernel.autocleanup.AutoCleanupConstants; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseGroup; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/job/UseCaseSchedulerStartsJob.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/job/UseCaseSchedulerStartsJob.java index 650b062f69..ac06fd7dec 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/job/UseCaseSchedulerStartsJob.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/usecases/job/UseCaseSchedulerStartsJob.java @@ -6,8 +6,8 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Step; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseGroup; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserIdValidationImpl.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserIdValidationImpl.java index d6b03f2fee..727305cd7f 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserIdValidationImpl.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserIdValidationImpl.java @@ -6,13 +6,13 @@ @Component public class UserIdValidationImpl extends AbstractSimpleStringValidation implements UserIdValidation { - public static final int USERNAME_LENGTH_MIN = 5; - public static final int USERNAME_LENGTH_MAX = 40; + public static final int USER_ID_LENGTH_MIN = 5; + public static final int USER_ID_LENGTH_MAX = 40; @Override protected void setup(ValidationConfig config) { - config.minLength = USERNAME_LENGTH_MIN; - config.maxLength = USERNAME_LENGTH_MAX; + config.minLength = USER_ID_LENGTH_MIN; + config.maxLength = USER_ID_LENGTH_MAX; } @Override diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogServiceTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogServiceTest.java index 5ecc3931d1..dedb9e87af 100644 --- a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogServiceTest.java +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/logging/DefaultSecurityLogServiceTest.java @@ -19,7 +19,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.mercedesbenz.sechub.sharedkernel.UserContextService; +import com.mercedesbenz.sechub.sharedkernel.security.UserContextService; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2IntegrationTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2IntegrationTest.java new file mode 100644 index 0000000000..e199795cf4 --- /dev/null +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2IntegrationTest.java @@ -0,0 +1,138 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration.ADMIN; +import static com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration.OWNER; +import static com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration.USER; +import static com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration.getJwtAuthHeader; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.apache.http.HttpHeaders; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; + +import com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; + +/** + * This test class verifies the integration of Spring Security OAuth2 + * components. + * + *

+ * Unlike {@link SecHubApiSecurityConfigurationTest}, which primarily tests if a + * endpoint is secured on an abstract level, this class exercises the full + * OAuth2 flow with real OAuth2 mechanisms. We do that by relying on the + * {@link AbstractSecHubAPISecurityConfiguration}. + *

+ * + *

+ * In a typical setup, the + * {@link org.springframework.security.oauth2.jwt.JwtDecoder} decodes JWT tokens + * by integrating with a identity provider. With this configuration, however, we + * mock the identity provider to avoid external dependencies. Additionally, we + * mock the user's roles, which are otherwise fetched from the database. + *

+ * + *

+ * Note: This test class is not intended for verifying whether security + * is enabled on specific endpoints. For that, use + * {@link SecHubApiSecurityConfigurationTest}. + *

+ * + * @see AbstractSecHubAPISecurityConfiguration + * @see com.mercedesbenz.sechub.domain.authorization.AuthUserDetailsService + * @see OAuth2AuthenticationProvider + * @see org.springframework.security.oauth2.jwt.JwtDecoder + * @see SecHubApiSecurityConfigurationTest + * + * @author hamidonos + */ +@SuppressWarnings("JavadocReference") +@WebMvcTest +@TestPropertySource(locations = "classpath:application-test.yml", factory = YamlPropertyLoaderFactory.class) +@ActiveProfiles("oauth2") +class OAuth2IntegrationTest { + + /** + * For this test we call the API endpoint + * /api/project/mock-project/false-positives. It is just a mock endpoint to test + * the OAuth2 integration. It could also be any other endpoint. + */ + private static final String PROJECT_FALSE_POSITIVES_PATH = "/api/project/mock-project/false-positives"; + + private final MockMvc mockMvc; + + @Autowired + OAuth2IntegrationTest(MockMvc mockMvc) { + this.mockMvc = mockMvc; + } + + @Test + void api_call_projects_false_positives_anonymously_is_unauthorized() throws Exception { + /* execute & test */ + /* @formatter:off */ + mockMvc + .perform(MockMvcRequestBuilders.get(PROJECT_FALSE_POSITIVES_PATH)) + .andExpect(status().isUnauthorized()); + /* @formatter:on */ + } + + @Test + void api_call_projects_false_positives_as_admin_user_is_ok() throws Exception { + /* prepare */ + String authHeader = getJwtAuthHeader(ADMIN); + + /* execute & test */ + /* @formatter:off */ + mockMvc + .perform(MockMvcRequestBuilders.get(PROJECT_FALSE_POSITIVES_PATH).header(HttpHeaders.AUTHORIZATION, authHeader)) + .andExpect(status().isOk()); + /* @formatter:on */ + } + + @Test + void api_call_projects_false_positives_as_owner_is_forbidden() throws Exception { + /* prepare */ + String authHeader = getJwtAuthHeader(OWNER); + + /* execute & test */ + /* @formatter:off */ + mockMvc + .perform(MockMvcRequestBuilders.get(PROJECT_FALSE_POSITIVES_PATH).header(HttpHeaders.AUTHORIZATION, authHeader)) + .andExpect(status().isForbidden()); + /* @formatter:on */ + } + + @Test + void api_call_projects_false_positives_as_user_is_ok() throws Exception { + /* prepare */ + String authHeader = getJwtAuthHeader(USER); + + /* execute & test */ + /* @formatter:off */ + mockMvc + .perform(MockMvcRequestBuilders.get(PROJECT_FALSE_POSITIVES_PATH).header(HttpHeaders.AUTHORIZATION, authHeader)) + .andExpect(status().isOk()); + /* @formatter:on */ + } + + @Configuration + @Import(OAuth2SecurityTestConfiguration.class) + @EnableConfigurationProperties(OAuth2Properties.class) + static class TestConfig extends AbstractSecHubAPISecurityConfiguration { + + @Bean + TestSecurityController testSecurityController() { + return new TestSecurityController(); + } + } +} diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2PropertiesTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2PropertiesTest.java new file mode 100644 index 0000000000..891fb9b58a --- /dev/null +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/OAuth2PropertiesTest.java @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.context.annotation.Configuration; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.TestPropertySource; + +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; + +@SpringBootTest +@ActiveProfiles("oauth2") +@TestPropertySource(locations = "classpath:application-test.yml", factory = YamlPropertyLoaderFactory.class) +class OAuth2PropertiesTest { + + private final OAuth2Properties properties; + + @Autowired + OAuth2PropertiesTest(OAuth2Properties properties) { + this.properties = properties; + } + + @Test + void construct_o_auth_2_properties_with_valid_properties_file_succeeds() { + assertThat(properties.getJwkSetUri()).isEqualTo("https://example.org/jwk-set-uri"); + } + + /* @formatter:off */ + @Test + void construct_o_auth_2_properties_with_null_jwk_set_uri_property_fails() { + assertThatThrownBy(() -> new OAuth2Properties(null)) + .isInstanceOf(NullPointerException.class) + .hasMessageContaining("The property 'sechub.security.oauth2.jwk-set-uri' must not be null"); + } + /* @formatter:on */ + + @Configuration + @EnableConfigurationProperties(OAuth2Properties.class) + static class TestConfig { + } +} \ No newline at end of file diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/RoleConstantsTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstantsTest.java similarity index 95% rename from sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/RoleConstantsTest.java rename to sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstantsTest.java index 7a049a0a16..f9c9d754f7 100644 --- a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/RoleConstantsTest.java +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/RoleConstantsTest.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.sharedkernel; +package com.mercedesbenz.sechub.sharedkernel.security; import static org.junit.Assert.*; diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/SecHubApiSecurityConfigurationTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/SecHubApiSecurityConfigurationTest.java new file mode 100644 index 0000000000..6a75279463 --- /dev/null +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/SecHubApiSecurityConfigurationTest.java @@ -0,0 +1,184 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpStatus; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; + +/** + * This test class makes sure that the defined API security rules from + * {@link AbstractSecHubAPISecurityConfiguration} are working properly. + * + *

+ * Using {@link WithMockUser} to set up a mocked + * {@link org.springframework.security.core.context.SecurityContext}, we can + * test how the endpoints behave when accessed by different roles. + *

+ * + *

+ * Note: Here we don't test the integration of OAuth2 or Basic Auth. For + * that, see {@link OAuth2IntegrationTest}. This test class is only concerned + * with verifying if the security rules are correctly applied on an abstract + * level. + *

+ * + * @see WithMockUser + * @see OAuth2IntegrationTest + * @see AbstractSecHubAPISecurityConfiguration + * + * @author hamidonos + */ +@WebMvcTest +class SecHubApiSecurityConfigurationTest { + + private static final String SUPERADMIN = "SUPERADMIN"; + private static final String USER = "USER"; + private static final String OWNER = "OWNER"; + + private final MockMvc mockMvc; + + @Autowired + SecHubApiSecurityConfigurationTest(MockMvc mockMvc) { + this.mockMvc = mockMvc; + } + + /* Super Admin */ + + @Test + @WithMockUser(roles = SUPERADMIN) + void api_admin_is_accessible_with_superadmin_role() throws Exception { + getAndExpect("/api/admin", HttpStatus.OK); + } + + @Test + @WithMockUser(roles = SUPERADMIN) + void api_user_is_accessible_with_superadmin_role() throws Exception { + getAndExpect("/api/user", HttpStatus.OK); + } + + @Test + @WithMockUser(roles = SUPERADMIN) + void api_project_is_accessible_with_superadmin_role() throws Exception { + getAndExpect("/api/project", HttpStatus.OK); + } + + @Test + @WithMockUser(roles = SUPERADMIN) + void api_owner_is_accessible_with_superadmin_role() throws Exception { + getAndExpect("/api/owner", HttpStatus.OK); + } + + /* User */ + + @Test + @WithMockUser(roles = USER) + void api_admin_is_not_accessible_with_user_role() throws Exception { + getAndExpect("/api/admin", HttpStatus.FORBIDDEN); + } + + @Test + @WithMockUser(roles = USER) + void api_user_is_accessible_with_user_role() throws Exception { + getAndExpect("/api/user", HttpStatus.OK); + } + + @Test + @WithMockUser(roles = USER) + void api_project_is_accessible_with_user_role() throws Exception { + getAndExpect("/api/project", HttpStatus.OK); + } + + @Test + @WithMockUser(roles = USER) + void api_owner_is_not_accessible_with_user_role() throws Exception { + getAndExpect("/api/owner", HttpStatus.FORBIDDEN); + } + + /* Owner */ + + @Test + @WithMockUser(roles = OWNER) + void api_admin_is_not_accessible_with_owner_role() throws Exception { + getAndExpect("/api/admin", HttpStatus.FORBIDDEN); + } + + @Test + @WithMockUser(roles = OWNER) + void api_user_is_not_accessible_with_owner_role() throws Exception { + getAndExpect("/api/user", HttpStatus.FORBIDDEN); + } + + @Test + @WithMockUser(roles = OWNER) + void api_project_is_not_accessible_with_owner_role() throws Exception { + getAndExpect("/api/project", HttpStatus.FORBIDDEN); + } + + @Test + @WithMockUser(roles = OWNER) + void api_owner_is_accessible_with_owner_role() throws Exception { + getAndExpect("/api/owner", HttpStatus.OK); + } + + /* Anonymous */ + + @Test + void api_admin_is_not_accessible_anonymously() throws Exception { + getAndExpect("/api/admin", HttpStatus.UNAUTHORIZED); + } + + @Test + void api_user_is_not_accessible_anonymously() throws Exception { + getAndExpect("/api/user", HttpStatus.UNAUTHORIZED); + } + + @Test + void api_project_is_not_accessible_anonymously() throws Exception { + getAndExpect("/api/project", HttpStatus.UNAUTHORIZED); + } + + @Test + void api_owner_is_not_accessible_anonymously() throws Exception { + getAndExpect("/api/owner", HttpStatus.UNAUTHORIZED); + } + + @Test + void api_anonymous_is_accessible_anonymously() throws Exception { + getAndExpect("/api/anonymous", HttpStatus.OK); + } + + @Test + void error_page_is_accessible_anonymously() throws Exception { + getAndExpect("/error", HttpStatus.OK); + } + + @Test + void actuator_is_accessible_anonymously() throws Exception { + getAndExpect("/actuator", HttpStatus.OK); + } + + private void getAndExpect(String path, HttpStatus httpStatus) throws Exception { + /* @formatter:off */ + mockMvc + .perform(MockMvcRequestBuilders.get(path)) + .andExpect(status().is(httpStatus.value())); + /* @formatter:on */ + } + + @Configuration + static class TestConfig extends AbstractSecHubAPISecurityConfiguration { + + @Bean + TestSecurityController testSecurityController() { + return new TestSecurityController(); + } + } +} diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/TestSecurityController.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/TestSecurityController.java new file mode 100644 index 0000000000..e3d256616e --- /dev/null +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/security/TestSecurityController.java @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.sharedkernel.security; + +import java.util.Set; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RestController; + +/** + * This controller spins up a mock API for testing the + * {@link AbstractSecHubAPISecurityConfiguration} of the SecHub application. + * + *

+ * Note: The sechub-shared-kernel module is a library that does + * not contain the actual implementation of the endpoints, hence a mock + * controller is used here. + *

+ * + * @author hamidonos + */ +@RestController +class TestSecurityController { + + private static final String OK = HttpStatus.OK.getReasonPhrase(); + + @GetMapping("/api/admin") + String apiAdmin() { + return OK; + } + + @GetMapping("/api/user") + String apiUser() { + return OK; + } + + @GetMapping("/api/project") + String apiProject() { + return OK; + } + + @GetMapping("/api/project/{projectId}/false-positives") + Set apiProjectFalsePositives(@PathVariable("projectId") String _ignored) { + return Set.of("false-positive-1", "false-positive-2", "false-positive-3"); + } + + @GetMapping("/api/owner") + String apiOwner() { + return OK; + } + + @GetMapping("/api/anonymous") + String apiAnonymous() { + return OK; + } + + @GetMapping("/error") + String errorPage() { + return OK; + } + + @GetMapping("/actuator") + String actuator() { + return OK; + } +} diff --git a/sechub-shared-kernel/src/test/resources/application-test.yml b/sechub-shared-kernel/src/test/resources/application-test.yml new file mode 100644 index 0000000000..9b9ccf87b9 --- /dev/null +++ b/sechub-shared-kernel/src/test/resources/application-test.yml @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: MIT + +sechub: + security: + oauth2: + jwk-set-uri: https://example.org/jwk-set-uri \ No newline at end of file diff --git a/sechub-statistic/src/main/java/com/mercedesbenz/sechub/domain/statistic/IntegrationTestStatisticRestController.java b/sechub-statistic/src/main/java/com/mercedesbenz/sechub/domain/statistic/IntegrationTestStatisticRestController.java index 4591512dac..3e227c9129 100644 --- a/sechub-statistic/src/main/java/com/mercedesbenz/sechub/domain/statistic/IntegrationTestStatisticRestController.java +++ b/sechub-statistic/src/main/java/com/mercedesbenz/sechub/domain/statistic/IntegrationTestStatisticRestController.java @@ -23,8 +23,8 @@ import com.mercedesbenz.sechub.domain.statistic.job.JobStatisticData; import com.mercedesbenz.sechub.domain.statistic.job.JobStatisticDataRepository; import com.mercedesbenz.sechub.domain.statistic.job.JobStatisticRepository; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; /** * Contains additional rest call functionality for integration tests on scan diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RequestMappingForAdminAPImarkedWithAdminAccessProfileTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RequestMappingForAdminAPImarkedWithAdminAccessProfileTest.java index 7e2234c06c..9d17f53ae8 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RequestMappingForAdminAPImarkedWithAdminAccessProfileTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RequestMappingForAdminAPImarkedWithAdminAccessProfileTest.java @@ -18,8 +18,8 @@ import com.mercedesbenz.sechub.docgen.reflections.Reflections; import com.mercedesbenz.sechub.docgen.util.ReflectionsFactory; -import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.Profiles; +import com.mercedesbenz.sechub.sharedkernel.security.APIConstants; /** * This tests that SecHub REST API for administrators is protected by special diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RoutesTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RoutesTest.java index fa7be1ecba..1003424310 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RoutesTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/RoutesTest.java @@ -46,7 +46,7 @@ import com.mercedesbenz.sechub.pds.usecase.PDSUseCaseDefinition; import com.mercedesbenz.sechub.pds.usecase.PDSUseCaseIdentifier; import com.mercedesbenz.sechub.sharedkernel.Profiles; -import com.mercedesbenz.sechub.sharedkernel.RoleConstants; +import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseDefinition; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseIdentifier; diff --git a/sechub-testframework-spring/build.gradle b/sechub-testframework-spring/build.gradle new file mode 100644 index 0000000000..88f9a87a72 --- /dev/null +++ b/sechub-testframework-spring/build.gradle @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT +/*============================================================================ +* Build file for subproject +* +* Root build file: "${rootProject.projectDir}/build.gradle" +* ============================================================================ +*/ +dependencies { + + implementation project(':sechub-authorization') + implementation library.springboot_starter_security + implementation library.springboot_starter_oauth2_resource_server + implementation library.springboot_starter_test + implementation library.springframework_security_test + +} diff --git a/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/JwtMockAuthenticationTestConfiguration.java b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/JwtMockAuthenticationTestConfiguration.java new file mode 100644 index 0000000000..1a7c4a1480 --- /dev/null +++ b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/JwtMockAuthenticationTestConfiguration.java @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.testframework.spring; + +import org.opentest4j.TestAbortedException; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.oauth2.jwt.JwtException; +import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; + +@Configuration +public class JwtMockAuthenticationTestConfiguration { + + public static final String JWT = "jwt"; + public static final String ENCRYPTED_JWT_B64_ENCODED = "37eb9nQkgX13l41KCOR7nA=="; + public static final String ACCESS_TOKEN = "access_token"; + + @Bean + AuthenticationManager authenticationManager() { + return requestedAuth -> { + Authentication configuredAuth = SecurityContextHolder.getContext().getAuthentication(); + + if (configuredAuth == null) { + /* + * Test in execution has no authentication configured in the background. This is + * a valid test case. + */ + throw new AuthenticationException("No user authentication is provided in the security context") { + }; + } + + String requestedJwt = ((BearerTokenAuthenticationToken) requestedAuth).getToken(); + String configuredJwt = ((BearerTokenAuthenticationToken) configuredAuth).getToken(); + + if (configuredJwt == null || configuredJwt.isEmpty()) { + /* + * Test in execution has no actual JWT value in the configured authentication + * context. This is not a valid test case. If a test is configured to use a JWT + * token, it must be provided. + */ + throw new TestAbortedException("No JWT token is configured"); + } + + if (!configuredJwt.equals(requestedJwt)) { + /* + * This means that the JWT provided in the request cookies does not match the + * JWT configured in the authentication context. This is a valid test case. + */ + throw new JwtException("Invalid token"); + } + + return configuredAuth; + }; + } +} diff --git a/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/OAuth2SecurityTestConfiguration.java b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/OAuth2SecurityTestConfiguration.java new file mode 100644 index 0000000000..d1b1494424 --- /dev/null +++ b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/OAuth2SecurityTestConfiguration.java @@ -0,0 +1,120 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.testframework.spring; + +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.Optional; +import java.util.Set; +import java.util.UUID; + +import org.opentest4j.TestAbortedException; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.jwt.JwtException; + +import com.mercedesbenz.sechub.domain.authorization.AuthUser; +import com.mercedesbenz.sechub.domain.authorization.AuthUserDetailsService; +import com.mercedesbenz.sechub.domain.authorization.AuthUserRepository; + +/** + * This configuration class provides the necessary beans to test Springs OAuth2 + * integration with SecHub components. + * + * @author hamidonos + */ +@Configuration +@Import({ AuthUserDetailsService.class }) +public class OAuth2SecurityTestConfiguration { + + public static final String BEARER_PREFIX = OAuth2AccessToken.TokenType.BEARER.getValue() + " "; + + public static final String ADMIN = "SUPERADMIN"; + public static final String OWNER = "OWNER"; + public static final String USER = "USER"; + + private static final String ADMIN_JWT = "admin-jwt"; + private static final String OWNER_JWT = "owner-jwt"; + private static final String USER_JWT = "user-jwt"; + + private static final String ADMIN_ID = UUID.randomUUID().toString(); + private static final String OWNER_ID = UUID.randomUUID().toString(); + private static final String USER_ID = UUID.randomUUID().toString(); + private static final String ALGORITHM = "alg"; + private static final String ALGORITHM_NONE = "none"; + + /** + * This bean provides a {@link JwtDecoder} that decodes the JWT token and + * returns a {@link Jwt} object. The behaviour is completely mocked and the + * possible JWT tokens are pre-defined. Every possible JWT value is mapped to a + * specific subject (or user id). The subject will be returned as part of the + * JWT decode process. To keep testing as simple as possible, we map only ONE + * role to ONE user and provide here no combinations. + */ + @Bean + JwtDecoder jwtDecoder() { + JwtDecoder jwtDecoder = mock(); + when(jwtDecoder.decode(anyString())).thenAnswer(invocation -> { + String jwtTokenValue = invocation.getArgument(0); + Jwt.Builder builder = Jwt.withTokenValue(jwtTokenValue).header(ALGORITHM, ALGORITHM_NONE); + if (ADMIN_JWT.equals(jwtTokenValue)) { + return builder.subject(ADMIN_ID).build(); + } + if (OWNER_JWT.equals(jwtTokenValue)) { + return builder.subject(OWNER_ID).build(); + } + if (USER_JWT.equals(jwtTokenValue)) { + return builder.subject(USER_ID).build(); + } + + throw new JwtException("Invalid JWT token"); + }); + return jwtDecoder; + } + + /** + * Here we mock the {@link AuthUserRepository} to return a {@link AuthUser} + * object based on the user id (or subject). The subject is determined by the + * {@link com.mercedesbenz.sechub.testframework.spring.OAuth2SecurityTestConfiguration#jwtDecoder()} + * bean. Depending on the user id, the {@link AuthUser} object will have the + * corresponding role enabled. + */ + @Bean + AuthUserRepository authUserRepository() { + AuthUserRepository authUserRepository = mock(); + when(authUserRepository.findByUserId(anyString())).thenAnswer(invocation -> { + String userId = invocation.getArgument(0); + if (!Set.of(ADMIN_ID, OWNER_ID, USER_ID).contains(userId)) { + return Optional.empty(); + } + AuthUser authUser = new AuthUser(); + authUser.setUserId(userId); + if (ADMIN_ID.equals(userId)) { + authUser.setRoleUser(true); + } + if (OWNER_ID.equals(userId)) { + authUser.setRoleOwner(true); + } + if (USER_ID.equals(userId)) { + authUser.setRoleSuperAdmin(true); + } + return Optional.of(authUser); + }); + return authUserRepository; + } + + public static String getJwtAuthHeader(String role) { + return BEARER_PREFIX + switch (role) { + case ADMIN -> ADMIN_JWT; + case OWNER -> OWNER_JWT; + case USER -> USER_JWT; + default -> throw new TestAbortedException("Invalid role"); + }; + } + +} diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtSecurityContextFactory.java b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtSecurityContextFactory.java similarity index 96% rename from sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtSecurityContextFactory.java rename to sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtSecurityContextFactory.java index be1aef58ba..91cfd35ee1 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtSecurityContextFactory.java +++ b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtSecurityContextFactory.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.webserver.security; +package com.mercedesbenz.sechub.testframework.spring; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtUser.java b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtUser.java similarity index 85% rename from sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtUser.java rename to sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtUser.java index 153ccfa0a7..a9bb444c37 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/WithMockJwtUser.java +++ b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/WithMockJwtUser.java @@ -1,8 +1,10 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.webserver.security; +package com.mercedesbenz.sechub.testframework.spring; +import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; import org.springframework.security.test.context.support.WithSecurityContext; @@ -61,8 +63,9 @@ * * @author hamidonos */ +@Target({ ElementType.METHOD, ElementType.TYPE }) @Retention(RetentionPolicy.RUNTIME) @WithSecurityContext(factory = WithMockJwtSecurityContextFactory.class) public @interface WithMockJwtUser { - String jwt() default SecurityTestConfiguration.JWT; + String jwt() default JwtMockAuthenticationTestConfiguration.JWT; } \ No newline at end of file diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/YamlPropertyLoaderFactory.java b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/YamlPropertyLoaderFactory.java similarity index 96% rename from sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/YamlPropertyLoaderFactory.java rename to sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/YamlPropertyLoaderFactory.java index 28bff1975c..1037c5f884 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/YamlPropertyLoaderFactory.java +++ b/sechub-testframework-spring/src/main/java/com/mercedesbenz/sechub/testframework/spring/YamlPropertyLoaderFactory.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.webserver; +package com.mercedesbenz.sechub.testframework.spring; import java.io.IOException; import java.util.List; diff --git a/sechub-web-server/build.gradle b/sechub-web-server/build.gradle index c5eb56bdfc..d2980c1d3f 100644 --- a/sechub-web-server/build.gradle +++ b/sechub-web-server/build.gradle @@ -21,6 +21,7 @@ dependencies { implementation library.springboot_starter_oauth2_client implementation library.springboot_starter_oauth2_resource_server + testImplementation project(':sechub-testframework-spring') testImplementation library.springboot_starter_test testImplementation library.springframework_security_test diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/encryption/AES256EncryptionPropertiesTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/encryption/AES256EncryptionPropertiesTest.java index 0a8e23f70f..8fb707d986 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/encryption/AES256EncryptionPropertiesTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/encryption/AES256EncryptionPropertiesTest.java @@ -15,7 +15,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.test.context.TestPropertySource; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; @SpringBootTest @TestPropertySource(locations = "classpath:application-test.yml", factory = YamlPropertyLoaderFactory.class) diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/HomeControllerTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/HomeControllerTest.java index 19951ef78d..82bdb672e5 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/HomeControllerTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/HomeControllerTest.java @@ -13,9 +13,9 @@ import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.RequestPostProcessor; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.WithMockJwtUser; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; import com.mercedesbenz.sechub.webserver.security.SecurityTestConfiguration; -import com.mercedesbenz.sechub.webserver.security.WithMockJwtUser; @WebMvcTest(HomeController.class) @Import(SecurityTestConfiguration.class) diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerClassicAuthEnabledTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerClassicAuthEnabledTest.java index 45a196a4b5..3072978cd1 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerClassicAuthEnabledTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerClassicAuthEnabledTest.java @@ -16,7 +16,7 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.web.servlet.MockMvc; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; import com.mercedesbenz.sechub.webserver.security.SecurityTestConfiguration; @WebMvcTest(LoginController.class) diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2AndClassicAuthEnabledTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2AndClassicAuthEnabledTest.java index 95f0ffb6bf..3cbbc8a18b 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2AndClassicAuthEnabledTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2AndClassicAuthEnabledTest.java @@ -15,7 +15,7 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.web.servlet.MockMvc; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; import com.mercedesbenz.sechub.webserver.security.OAuth2Properties; import com.mercedesbenz.sechub.webserver.security.SecurityTestConfiguration; diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2EnabledTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2EnabledTest.java index e8a796b6d2..b1052d982a 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2EnabledTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/page/LoginControllerOAuth2EnabledTest.java @@ -16,7 +16,7 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.web.servlet.MockMvc; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; import com.mercedesbenz.sechub.webserver.security.OAuth2Properties; import com.mercedesbenz.sechub.webserver.security.SecurityTestConfiguration; diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/OAuth2PropertiesTest.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/OAuth2PropertiesTest.java index 3a0028ae06..a05632e1c0 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/OAuth2PropertiesTest.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/OAuth2PropertiesTest.java @@ -19,7 +19,7 @@ import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.TestPropertySource; -import com.mercedesbenz.sechub.webserver.YamlPropertyLoaderFactory; +import com.mercedesbenz.sechub.testframework.spring.YamlPropertyLoaderFactory; @SpringBootTest @ActiveProfiles("oauth2-enabled") diff --git a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/SecurityTestConfiguration.java b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/SecurityTestConfiguration.java index e1345ef19f..acdc095dc8 100644 --- a/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/SecurityTestConfiguration.java +++ b/sechub-web-server/src/test/java/com/mercedesbenz/sechub/webserver/security/SecurityTestConfiguration.java @@ -1,72 +1,23 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.webserver.security; -import org.opentest4j.TestAbortedException; import org.springframework.boot.test.context.TestConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Import; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.jwt.JwtException; -import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; import org.springframework.test.web.servlet.request.RequestPostProcessor; +import com.mercedesbenz.sechub.testframework.spring.JwtMockAuthenticationTestConfiguration; import com.mercedesbenz.sechub.webserver.encryption.AES256Encryption; import jakarta.servlet.http.Cookie; @TestConfiguration -@Import({ SecurityConfiguration.class, OAuth2PropertiesConfig.class, AES256Encryption.class }) +@Import({ SecurityConfiguration.class, JwtMockAuthenticationTestConfiguration.class, OAuth2PropertiesConfig.class, AES256Encryption.class }) public class SecurityTestConfiguration { - public static final String JWT = "jwt"; - public static final String ENCRYPTED_JWT_B64_ENCODED = "37eb9nQkgX13l41KCOR7nA=="; - public static final String ACCESS_TOKEN = "access_token"; - @Bean public RequestPostProcessor requestPostProcessor() { - Cookie cookie = new Cookie(ACCESS_TOKEN, ENCRYPTED_JWT_B64_ENCODED); + Cookie cookie = new Cookie(JwtMockAuthenticationTestConfiguration.ACCESS_TOKEN, JwtMockAuthenticationTestConfiguration.ENCRYPTED_JWT_B64_ENCODED); return new TestCookieRequestPostProcessor(cookie); } - - @Bean - AuthenticationManager authenticationManager() { - return requestedAuth -> { - Authentication configuredAuth = SecurityContextHolder.getContext().getAuthentication(); - - if (configuredAuth == null) { - /* - * Test in execution has no authentication configured in the background. This is - * a valid test case. - */ - throw new AuthenticationException("No user authentication is provided in the security context") { - }; - } - - String requestedJwt = ((BearerTokenAuthenticationToken) requestedAuth).getToken(); - String configuredJwt = ((BearerTokenAuthenticationToken) configuredAuth).getToken(); - - if (configuredJwt == null || configuredJwt.isEmpty()) { - /* - * Test in execution has no actual JWT value in the configured authentication - * context. This is not a valid test case. If a test is configured to use a JWT - * token, it must be provided. - */ - throw new TestAbortedException("No JWT token is configured"); - } - - if (!configuredJwt.equals(requestedJwt)) { - /* - * This means that the JWT provided in the request cookies does not match the - * JWT configured in the authentication context. This is a valid test case. - */ - throw new JwtException("Invalid token"); - } - - return configuredAuth; - }; - } - } diff --git a/settings.gradle b/settings.gradle index 73bc3c39de..f5ab620d51 100644 --- a/settings.gradle +++ b/settings.gradle @@ -72,6 +72,7 @@ include 'sechub-cli', 'sechub-test', /* a special overall test project - has ALL dependencies */ 'sechub-testframework', +'sechub-testframework-spring', 'sechub-scan-testframework', 'sechub-commons-model-testframework',