Refactor header authority controller authentication#2954
Merged
avgustinmm merged 1 commit intoeclipse-hawkbit:masterfrom Mar 12, 2026
Merged
Conversation
Contributor
avgustinmm
commented
Mar 10, 2026
avgustinmm
commented
- (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly.
- (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority
- Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1
- Doc fixed
- As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy
avgustinmm
force-pushed
the
refector_header_authority_auth
branch
2 times, most recently
from
2036e0b to
93ec3e3
Compare
vasilchev
reviewed
Mar 11, 2026
...urity/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
Outdated
Show resolved
Hide resolved
...urity/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
Outdated
Show resolved
Hide resolved
...urity/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
Outdated
Show resolved
Hide resolved
...urity/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
Outdated
Show resolved
Hide resolved
...urity/src/main/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticator.java
Show resolved
Hide resolved
...y/src/test/java/org/eclipse/hawkbit/security/controller/SecurityHeaderAuthenticatorTest.java
Outdated
Show resolved
Hide resolved
...di-security/src/main/java/org/eclipse/hawkbit/security/controller/DdiSecurityProperties.java
Show resolved
Hide resolved
avgustinmm
force-pushed
the
refector_header_authority_auth
branch
from
93ec3e3 to
7b1f589
Compare
vasilchev
approved these changes
Mar 12, 2026
avgustinmm
force-pushed
the
refector_header_authority_auth
branch
3 times, most recently
from
706dc13 to
ed4b8d6
Compare
1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly. 2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority 3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1 4. Doc fixed 5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
avgustinmm
force-pushed
the
refector_header_authority_auth
branch
from
ed4b8d6 to
636425d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.