sergehuber opened a new pull request, #809:
URL: https://github.com/apache/unomi/pull/809

   ## Plain-language summary
   
   Multi-tenant security had several gaps: tenant checks could read the wrong 
header, the system security context was not thread-safe at startup, and API 
keys were stored in plain text in the search index. This PR fixes those issues 
so tenant isolation and key storage are safer for 3.1 GA.
   
   ## What changed
   
   * **UNOMI-941:** `@RequiresTenant` uses the authenticated subject tenant, 
not `X-Unomi-Tenant`. System `Subject` is immutable via `AtomicReference`. 
`executeAsSystem` clears thread-local subjects with `remove()`.
   * **UNOMI-942:** `getTenantByApiKey` null-guards empty key lists. 
`createTenant` / `deleteTenant` throw on reload failure or missing tenant. 
Quota monitoring uses per-tenant profile/event counts.
   * **UNOMI-938:** API keys stored as PBKDF2 hashes + masked display values. 
Plaintext returned once via `ApiKeyCreationResult`. REST hides `keyHash` via 
`ApiKeyRestMixIn`. Migration `migrate-3.1.0-20-hashApiKeys.groovy` rehashes 
legacy keys.
   
   ## Review map
   
   | Commit | JIRA | Focus |
   |--------|------|-------|
   | `9f993faec` | UNOMI-941 | SecurityFilter, KarafSecurityService, 
ExecutionContextManagerImpl |
   | `621c8f24c` | UNOMI-942 | PersistenceService per-tenant counts, 
TenantQuotaService |
   | `ecb26a017` | UNOMI-938 | ApiKey hashing, TenantService, REST/IT/migration 
updates |
   
   ## Test plan
   
   - [x] `mvn -pl api,services-common,services,rest -am test` — 
ApiKeyHashServiceImplTest, TenantServiceImplTest, TenantQuotaServiceTest, 
TenantTest, TestTenantServiceTest, KarafSecurityServiceTest, 
ExecutionContextManagerImplTest
   - [x] `mvn -pl 
api,services-common,services,rest,persistence-elasticsearch/core,persistence-opensearch/core
 -am compile`
   - [ ] CI unit + ES/OS integration test matrix
   
   ## References
   
   UNOMI-941, UNOMI-942, UNOMI-938, UNOMI-875


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to