Package org.geoserver.security

Examples of org.geoserver.security.GeoServerSecurityManager$AuthProviderHelper


    public void testDigestConfigValidation() throws Exception{
        DigestAuthenticationFilterConfig config = new DigestAuthenticationFilterConfig();
        config.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        config.setName("testDigest");

        GeoServerSecurityManager secMgr = getSecurityManager();

        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
       
        try {
            validator.validateFilterConfig(config);
View Full Code Here


    public void testRoleFilterConfigValidation() throws Exception{
        RoleFilterConfig config = new RoleFilterConfig();
        config.setClassName(GeoServerRoleFilter.class.getName());
        config.setName("testRoleFilter");
       
        GeoServerSecurityManager secMgr = getSecurityManager();
        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
        try {
            validator.validateFilterConfig(config);
            fail("no header attribute should fail");
        } catch (FilterConfigException ex){
View Full Code Here

    public void testSecurityInterceptorFilterConfigValidation() throws Exception{
        SecurityInterceptorFilterConfig config = new SecurityInterceptorFilterConfig();
        config.setClassName(GeoServerSecurityInterceptorFilter.class.getName());
        config.setName("testInterceptFilter");

        GeoServerSecurityManager secMgr = getSecurityManager();
        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
         try {
             validator.validateFilterConfig(config);
             fail("no metadata source should fail");
         } catch (FilterConfigException ex){
View Full Code Here

    class EncryptionPanel extends FormComponentPanel {

        public EncryptionPanel(String id) {
            super(id, new Model());

            GeoServerSecurityManager secMgr = getSecurityManager();
            if (secMgr.isStrongEncryptionAvailable()) {
               
                add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", this, null))
                    .add(new AttributeAppender("class", new Model("info-link"), " ")));
            }
            else {
View Full Code Here

    static Logger LOGGER = Logging.getLogger(SecurityHomePageContentProvider.class);

    @Override
    public Component getPageBodyComponent(String id) {
        //do a check that the root password is not set
        GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager();
        if (secMgr.checkAuthenticationForAdminRole()) {
            return new SecurityWarningsPanel(id);
        }
        return null;
    }
View Full Code Here

    @Test
    public void testMappedRoles() throws Exception {
        setMockCreator(new MockCreator() {
            @Override
            public GeoServerSecurityManager createSecurityManager(MockTestData testData) throws Exception {
                GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);

                GeoServerRoleStore roleStore =
                    createRoleStore("test", secMgr, "admin", "groupAdmin", "role1");
                addRolesToCreate(roleStore, "admin", "groupAdmin");
                expect(roleStore.getAdminRole()).andReturn(new GeoServerRole("admin")).anyTimes();
                expect(roleStore.getGroupAdminRole()).andReturn(new GeoServerRole("groupAdmin")).anyTimes();

                replay(roleStore, secMgr);
                return secMgr;
            }
        });

        GeoServerSecurityManager secMgr = getSecurityManager();
        RoleStoreValidationWrapper store =
            new RoleStoreValidationWrapper((GeoServerRoleStore)secMgr.loadRoleService("test"));

        try {
            store.removeRole(store.createRoleObject("admin"));
            fail("removing admin role should fail");
        } catch (IOException ex) {
View Full Code Here

    @Override
    public void onLayerGroup(String name, LayerGroupInfo lg, MockCatalogBuilder b) {
    }

    public GeoServerSecurityManager createSecurityManager(MockTestData testData) throws Exception {
        final GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);
   
        //application context
        ApplicationContext appContext = createNiceMock(ApplicationContext.class);
        expect(secMgr.getApplicationContext()).andReturn(appContext).anyTimes();
   
        //master password provider
        MasterPasswordProvider masterPasswdProvider = createNiceMock(MasterPasswordProvider.class);
        expect(masterPasswdProvider.getName()).andReturn(MasterPasswordProvider.DEFAULT_NAME).anyTimes();
        expect(secMgr.listMasterPasswordProviders()).andReturn(
            new TreeSet<String>(Arrays.asList(MasterPasswordProvider.DEFAULT_NAME))).anyTimes();
   
        //password validators
        PasswordValidator passwdValidator = createNiceMock(PasswordValidator.class);
        expect(secMgr.loadPasswordValidator(PasswordValidator.DEFAULT_NAME))
            .andReturn(passwdValidator).anyTimes();
   
        PasswordPolicyConfig masterPasswdPolicyConfig = createNiceMock(PasswordPolicyConfig.class);
        expect(masterPasswdPolicyConfig.getMinLength()).andReturn(8).anyTimes();
        expect(masterPasswdPolicyConfig.getMaxLength()).andReturn(-1).anyTimes();
       
   
        PasswordValidatorImpl masterPasswdValidator = new PasswordValidatorImpl(secMgr);
        masterPasswdValidator.setConfig(masterPasswdPolicyConfig);
   
        expect(secMgr.loadPasswordValidator(PasswordValidator.MASTERPASSWORD_NAME))
            .andReturn(masterPasswdValidator).anyTimes();
        expect(secMgr.listPasswordValidators()).andReturn(
                new TreeSet<String>(Arrays.asList(PasswordValidator.DEFAULT_NAME, PasswordValidator.MASTERPASSWORD_NAME))).anyTimes();;
   
        //default user group store
        GeoServerUserGroupStore ugStore =
            createUserGroupStore(XMLUserGroupService.DEFAULT_NAME, secMgr);
        expect(secMgr.listUserGroupServices()).andReturn(
            new TreeSet<String>(Arrays.asList(XMLUserGroupService.DEFAULT_NAME))).anyTimes();
   
        SecurityUserGroupServiceConfig ugConfig = createNiceMock(SecurityUserGroupServiceConfig.class);
        expect(ugConfig.getName()).andReturn(XMLUserGroupService.DEFAULT_NAME).anyTimes();
        expect(ugConfig.getPasswordPolicyName()).andReturn(PasswordValidator.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadUserGroupServiceConfig(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(ugConfig).anyTimes();
   
        //default role store
        GeoServerRoleStore roleStore =
            createRoleStore(XMLRoleService.DEFAULT_NAME, secMgr);
        expect(secMgr.listRoleServices()).andReturn(
            new TreeSet<String>(Arrays.asList(XMLRoleService.DEFAULT_NAME))).anyTimes();
        expect(secMgr.getActiveRoleService()).andReturn(roleStore).anyTimes();
   
        //auth providers
        SecurityAuthProviderConfig authProviderConfig = createNiceMock(SecurityAuthProviderConfig.class);
        expect(authProviderConfig.getName()).andReturn(GeoServerAuthenticationProvider.DEFAULT_NAME).anyTimes();
        expect(authProviderConfig.getUserGroupServiceName()).andReturn(XMLUserGroupService.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadAuthenticationProviderConfig(GeoServerAuthenticationProvider.DEFAULT_NAME))
            .andReturn(authProviderConfig).anyTimes();
       
        GeoServerAuthenticationProvider authProvider = createNiceMock(GeoServerAuthenticationProvider.class);
        expect(authProvider.getName()).andReturn(GeoServerAuthenticationProvider.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadAuthenticationProvider(GeoServerAuthenticationProvider.DEFAULT_NAME))
            .andReturn(authProvider).anyTimes();
        expect(secMgr.listAuthenticationProviders()).andReturn(
            new TreeSet<String>(Arrays.asList(GeoServerAuthenticationProvider.DEFAULT_NAME))).anyTimes();
        expect(secMgr.getAuthenticationProviders()).andReturn(Arrays.asList(authProvider)).anyTimes();
   
        //security filters
        SecurityInterceptorFilterConfig filterConfig = createNiceMock(SecurityInterceptorFilterConfig.class);       
        expect(secMgr.loadFilterConfig(
            GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR)).andReturn(filterConfig).anyTimes();
       
        GeoServerAnonymousAuthenticationFilter authFilter = createNiceMock(GeoServerAnonymousAuthenticationFilter.class);
        expect(authFilter.applicableForServices()).andReturn(true).anyTimes();
        expect(authFilter.applicableForHtml()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.ANONYMOUS_FILTER)).andReturn(authFilter).anyTimes();
       
        GeoServerRoleFilter roleFilter = createNiceMock(GeoServerRoleFilter.class);
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.ROLE_FILTER)).andReturn(roleFilter).anyTimes();

        GeoServerUserNamePasswordAuthenticationFilter formFilter = createNiceMock(GeoServerUserNamePasswordAuthenticationFilter.class);
        expect(formFilter.applicableForHtml()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.FORM_LOGIN_FILTER)).andReturn(formFilter).anyTimes();

        GeoServerBasicAuthenticationFilter basicFilter = createNiceMock(GeoServerBasicAuthenticationFilter.class);
        expect(basicFilter.applicableForServices()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.BASIC_AUTH_FILTER)).andReturn(basicFilter).anyTimes();

   
        //password encoders
        expect(secMgr.loadPasswordEncoder(GeoServerEmptyPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerEmptyPasswordEncoder>() {
                @Override
                public GeoServerEmptyPasswordEncoder answer() throws Throwable {
                    return createEmptyPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("emptyPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createEmptyPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerPlainTextPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerPlainTextPasswordEncoder>() {
                @Override
                public GeoServerPlainTextPasswordEncoder answer() throws Throwable {
                    return createPlainTextPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("plainTextPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createPlainTextPasswordEncoder(secMgr);
                }
            }).anyTimes();
   
        expect(secMgr.loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null,false)).andAnswer(
            new IAnswer<GeoServerPBEPasswordEncoder>() {
                @Override
                public GeoServerPBEPasswordEncoder answer() throws Throwable {
                    return createPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("pbePasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
       
        expect(secMgr.loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null,true)).andAnswer(
            new IAnswer<GeoServerPBEPasswordEncoder>() {
                @Override
                public GeoServerPBEPasswordEncoder answer() throws Throwable {
                    return createStrongPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("strongPbePasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createStrongPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerDigestPasswordEncoder.class, null,true)).andAnswer(
            new IAnswer<GeoServerDigestPasswordEncoder>() {
                @Override
                public GeoServerDigestPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerDigestPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerDigestPasswordEncoder>() {
                @Override
                public GeoServerDigestPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("digestPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoders()).andAnswer(
            new IAnswer<List<GeoServerPasswordEncoder>>() {
                @Override
                public List<GeoServerPasswordEncoder> answer()
                        throws Throwable {
                    return (List) Arrays.asList(
                        createEmptyPasswordEncoder(secMgr),
                        createPlainTextPasswordEncoder(secMgr), createPbePasswordEncoder(secMgr),
                        createStrongPbePasswordEncoder(secMgr), createDigestPasswordEncoder(secMgr));
                }
            }).anyTimes();
   
        //keystore provider
        KeyStoreProvider keyStoreProvider = createNiceMock(KeyStoreProvider.class);
        expect(keyStoreProvider.isKeyStorePassword(aryEq("geoserver".toCharArray())))
            .andReturn(true).anyTimes();
        expect(keyStoreProvider.containsAlias(KeyStoreProviderImpl.CONFIGPASSWORDKEY))
            .andReturn(true).anyTimes();;
        expect(keyStoreProvider.getSecretKey(KeyStoreProviderImpl.CONFIGPASSWORDKEY))
            .andReturn(new SecretKeySpec(toBytes("geoserver".toCharArray()),"PBE")).anyTimes();
        expect(keyStoreProvider.hasUserGroupKey(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(true).anyTimes();
   
        String alias = "ugServiceAlias";
        expect(keyStoreProvider.aliasForGroupService(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(alias).anyTimes();
        expect(keyStoreProvider.containsAlias(alias)).andReturn(true).anyTimes();;
        expect(keyStoreProvider.getSecretKey(alias)).andReturn(
                new SecretKeySpec(toBytes("geoserver".toCharArray()),"PBE")).anyTimes();
        expect(secMgr.getKeyStoreProvider()).andReturn(keyStoreProvider).anyTimes();
       
        replay(keyStoreProvider, masterPasswdProvider, ugStore, ugConfig, roleStore, authProvider,
            authProviderConfig, filterConfig, passwdValidator, masterPasswdPolicyConfig, appContext,
            secMgr,roleFilter,formFilter,authFilter,basicFilter);
        return secMgr;
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(
            new UsernamePasswordAuthenticationToken(username,password,l));
    }

    protected void addUser(String username, String password, List<String> groups, List<String> roles) throws Exception {
        GeoServerSecurityManager secMgr = getSecurityManager();
        GeoServerUserGroupService ugService = secMgr.loadUserGroupService("default");

        GeoServerUserGroupStore ugStore = ugService.createStore();
        GeoServerUser user = ugStore.createUserObject(username, password, true);
        ugStore.addUser(user);

        if (groups != null && !groups.isEmpty()) {
            for (String groupName : groups) {
                GeoServerUserGroup group = ugStore.getGroupByGroupname(groupName);
                if (group == null) {
                    group = ugStore.createGroupObject(groupName, true);
                    ugStore.addGroup(group);
                }
   
                ugStore.associateUserToGroup(user, group);
            }
        }
        ugStore.store();

        if (roles != null && !roles.isEmpty()) {
            GeoServerRoleService roleService = secMgr.getActiveRoleService();
            GeoServerRoleStore roleStore = roleService.createStore();
            for (String roleName : roles) {
                GeoServerRole role = roleStore.getRoleByName(roleName);
                if (role == null) {
                    role = roleStore.createRoleObject(roleName);
View Full Code Here

        executor.shutdown();
    }

    private GeoServerBasicAuthenticationFilter createAuthenticationFilter() {
        GeoServerBasicAuthenticationFilter authenticationFilter = new GeoServerBasicAuthenticationFilter();
        GeoServerSecurityManager sm = null;
        try {
            sm = new GeoServerSecurityManager(new GeoServerDataDirectory(new File("target")));
            authenticationFilter.setSecurityManager(sm);
            BasicAuthenticationFilterConfig config = new BasicAuthenticationFilterConfig();
            authenticationFilter.initializeFromConfig(config);
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize authentication authenticationFilter.");
View Full Code Here

        // we don't show the node id to all users, only to the admin
        Authentication auth = ((GeoServerSession) parent.getSession()).getAuthentication();
        if (auth == null || !auth.isAuthenticated() || auth instanceof AnonymousAuthenticationToken) {
            return false;
        } else {
            GeoServerSecurityManager securityManager = GeoServerApplication.get()
                    .getSecurityManager();
            return securityManager.checkAuthenticationForAdminRole(auth);
        }
    }
View Full Code Here

TOP

Related Classes of org.geoserver.security.GeoServerSecurityManager$AuthProviderHelper

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.