Remove hard servlet dependency from SystemSecurityContext (eclipse-ha…

…wkbit#1812) Signed-off-by: Marinov Avgustin <[email protected]>
bosch-io · Aug 11, 2024 · d851fa4 · d851fa4
1 parent e874cf5
commit d851fa4
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 34 deletions.
diff --git a/...rc/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/...rc/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
@@ -206,7 +206,7 @@ protected SecurityFilterChain filterChainDDI(final HttpSecurity http) throws Exc
                         .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
             }
 
-            MDCHandler.getInstance().addLoggingFilter(http);
+            MDCHandler.Filter.addLoggingFilter(http);
 
             return http.build();
         }
@@ -323,7 +323,7 @@ protected SecurityFilterChain filterChainDDIDL(final HttpSecurity http) throws E
                         .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
             }
 
-            MDCHandler.getInstance().addLoggingFilter(http);
+            MDCHandler.Filter.addLoggingFilter(http);
 
             return http.build();
         }
@@ -387,7 +387,7 @@ protected SecurityFilterChain filterChainDLID(
                     .addFilterBefore(downloadIdAuthenticationFilter, AuthorizationFilter.class)
                     .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
-            MDCHandler.getInstance().addLoggingFilter(http);
+            MDCHandler.Filter.addLoggingFilter(http);
 
             return http.build();
         }
@@ -491,7 +491,7 @@ SecurityFilterChain filterChainREST(
                 httpSecurityCustomizer.customize(http);
             }
 
-            MDCHandler.getInstance().addLoggingFilter(http);
+            MDCHandler.Filter.addLoggingFilter(http);
 
             return http.build();
         }

diff --git a/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/MDCHandler.java b/hawkbit-security-core/src/main/java/org/eclipse/hawkbit/security/MDCHandler.java
@@ -9,6 +9,7 @@
  */
 package org.eclipse.hawkbit.security;
 
+import ch.qos.logback.classic.turbo.MDCFilter;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -76,36 +77,6 @@ public <T> T withLogging(final Callable<T> callable) throws Exception  {
         }
     }
 
-    public void addLoggingFilter(final HttpSecurity httpSecurity) {
-        httpSecurity.addFilterBefore(new OncePerRequestFilter() {
-            @Override
-            protected void doFilterInternal(
-                    final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
-                    throws ServletException, IOException {
-                try {
-                    withLogging(() -> {
-                        filterChain.doFilter(request, response);
-                        return null;
-                    });
-                } catch (final RuntimeException re) {
-                    throw re;
-                } catch (final WrappedException we) {
-                    final Throwable cause = we.getCause();
-                    if (cause instanceof ServletException se) {
-                        throw se;
-                    } else if (cause instanceof IOException ioe) {
-                        throw ioe;
-                    } else {
-                        throw we.toRuntimeException();
-                    }
-                } catch (final Exception e) {
-                    // should never be here - if mdc is handler is enabled non-runtime exceptions are always wrapped
-                    throw new RuntimeException(e);
-                }
-            }
-        }, AuthorizationFilter.class);
-    }
-
     private <T> T putUserAndCall(final Callable<T> callable) throws WrappedException {
         final String user = springSecurityAuditorAware
                 .getCurrentAuditor()
@@ -151,4 +122,40 @@ public RuntimeException toRuntimeException() {
             return new RuntimeException(getCause() == null ? this : getCause());
         }
     }
+
+    public static class Filter {
+
+        public static void addLoggingFilter(final HttpSecurity httpSecurity) {
+            httpSecurity.addFilterBefore(new OncePerRequestFilter() {
+
+                private final MDCHandler mdcFilter = MDCHandler.getInstance();
+
+                @Override
+                protected void doFilterInternal(
+                        final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
+                        throws ServletException, IOException {
+                    try {
+                        mdcFilter.withLogging(() -> {
+                            filterChain.doFilter(request, response);
+                            return null;
+                        });
+                    } catch (final RuntimeException re) {
+                        throw re;
+                    } catch (final WrappedException we) {
+                        final Throwable cause = we.getCause();
+                        if (cause instanceof ServletException se) {
+                            throw se;
+                        } else if (cause instanceof IOException ioe) {
+                            throw ioe;
+                        } else {
+                            throw we.toRuntimeException();
+                        }
+                    } catch (final Exception e) {
+                        // should never be here - if mdc is handler is enabled non-runtime exceptions are always wrapped
+                        throw new RuntimeException(e);
+                    }
+                }
+            }, AuthorizationFilter.class);
+        }
+    }
 }