Package org.geoserver.security

Examples of org.geoserver.security.GeoServerSecurityManager

40
41
42
43
44
45
46
47
48
49
50
    public void testDigestConfigValidation() throws Exception{
        DigestAuthenticationFilterConfig config = new DigestAuthenticationFilterConfig();
        config.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        config.setName("testDigest");

        GeoServerSecurityManager secMgr = getSecurityManager();

        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
       
        try {
            validator.validateFilterConfig(config);
View Full Code Here
83
84
85
86
87
88
89
90
91
92
93
    public void testRoleFilterConfigValidation() throws Exception{
        RoleFilterConfig config = new RoleFilterConfig();
        config.setClassName(GeoServerRoleFilter.class.getName());
        config.setName("testRoleFilter");
       
        GeoServerSecurityManager secMgr = getSecurityManager();
        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
        try {
            validator.validateFilterConfig(config);
            fail("no header attribute should fail");
        } catch (FilterConfigException ex){
View Full Code Here
114
115
116
117
118
119
120
121
122
123
124
    public void testSecurityInterceptorFilterConfigValidation() throws Exception{
        SecurityInterceptorFilterConfig config = new SecurityInterceptorFilterConfig();
        config.setClassName(GeoServerSecurityInterceptorFilter.class.getName());
        config.setName("testInterceptFilter");

        GeoServerSecurityManager secMgr = getSecurityManager();
        FilterConfigValidator validator = new FilterConfigValidator(secMgr);
         try {
             validator.validateFilterConfig(config);
             fail("no metadata source should fail");
         } catch (FilterConfigException ex){
View Full Code Here
68
69
70
71
72
73
74
75
76
77
78
79
    class EncryptionPanel extends FormComponentPanel {

        public EncryptionPanel(String id) {
            super(id, new Model());

            GeoServerSecurityManager secMgr = getSecurityManager();
            if (secMgr.isStrongEncryptionAvailable()) {
               
                add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", this, null))
                    .add(new AttributeAppender("class", new Model("info-link"), " ")));
            }
            else {
View Full Code Here
38
39
40
41
42
43
44
45
46
47
48
    static Logger LOGGER = Logging.getLogger(SecurityHomePageContentProvider.class);

    @Override
    public Component getPageBodyComponent(String id) {
        //do a check that the root password is not set
        GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager();
        if (secMgr.checkAuthenticationForAdminRole()) {
            return new SecurityWarningsPanel(id);
        }
        return null;
    }
View Full Code Here
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
    @Test
    public void testMappedRoles() throws Exception {
        setMockCreator(new MockCreator() {
            @Override
            public GeoServerSecurityManager createSecurityManager(MockTestData testData) throws Exception {
                GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);

                GeoServerRoleStore roleStore =
                    createRoleStore("test", secMgr, "admin", "groupAdmin", "role1");
                addRolesToCreate(roleStore, "admin", "groupAdmin");
                expect(roleStore.getAdminRole()).andReturn(new GeoServerRole("admin")).anyTimes();
                expect(roleStore.getGroupAdminRole()).andReturn(new GeoServerRole("groupAdmin")).anyTimes();

                replay(roleStore, secMgr);
                return secMgr;
            }
        });

        GeoServerSecurityManager secMgr = getSecurityManager();
        RoleStoreValidationWrapper store =
            new RoleStoreValidationWrapper((GeoServerRoleStore)secMgr.loadRoleService("test"));

        try {
            store.removeRole(store.createRoleObject("admin"));
            fail("removing admin role should fail");
        } catch (IOException ex) {
View Full Code Here
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
    @Override
    public void onLayerGroup(String name, LayerGroupInfo lg, MockCatalogBuilder b) {
    }

    public GeoServerSecurityManager createSecurityManager(MockTestData testData) throws Exception {
        final GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class);
   
        //application context
        ApplicationContext appContext = createNiceMock(ApplicationContext.class);
        expect(secMgr.getApplicationContext()).andReturn(appContext).anyTimes();
   
        //master password provider
        MasterPasswordProvider masterPasswdProvider = createNiceMock(MasterPasswordProvider.class);
        expect(masterPasswdProvider.getName()).andReturn(MasterPasswordProvider.DEFAULT_NAME).anyTimes();
        expect(secMgr.listMasterPasswordProviders()).andReturn(
            new TreeSet<String>(Arrays.asList(MasterPasswordProvider.DEFAULT_NAME))).anyTimes();
   
        //password validators
        PasswordValidator passwdValidator = createNiceMock(PasswordValidator.class);
        expect(secMgr.loadPasswordValidator(PasswordValidator.DEFAULT_NAME))
            .andReturn(passwdValidator).anyTimes();
   
        PasswordPolicyConfig masterPasswdPolicyConfig = createNiceMock(PasswordPolicyConfig.class);
        expect(masterPasswdPolicyConfig.getMinLength()).andReturn(8).anyTimes();
        expect(masterPasswdPolicyConfig.getMaxLength()).andReturn(-1).anyTimes();
       
   
        PasswordValidatorImpl masterPasswdValidator = new PasswordValidatorImpl(secMgr);
        masterPasswdValidator.setConfig(masterPasswdPolicyConfig);
   
        expect(secMgr.loadPasswordValidator(PasswordValidator.MASTERPASSWORD_NAME))
            .andReturn(masterPasswdValidator).anyTimes();
        expect(secMgr.listPasswordValidators()).andReturn(
                new TreeSet<String>(Arrays.asList(PasswordValidator.DEFAULT_NAME, PasswordValidator.MASTERPASSWORD_NAME))).anyTimes();;
   
        //default user group store
        GeoServerUserGroupStore ugStore =
            createUserGroupStore(XMLUserGroupService.DEFAULT_NAME, secMgr);
        expect(secMgr.listUserGroupServices()).andReturn(
            new TreeSet<String>(Arrays.asList(XMLUserGroupService.DEFAULT_NAME))).anyTimes();
   
        SecurityUserGroupServiceConfig ugConfig = createNiceMock(SecurityUserGroupServiceConfig.class);
        expect(ugConfig.getName()).andReturn(XMLUserGroupService.DEFAULT_NAME).anyTimes();
        expect(ugConfig.getPasswordPolicyName()).andReturn(PasswordValidator.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadUserGroupServiceConfig(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(ugConfig).anyTimes();
   
        //default role store
        GeoServerRoleStore roleStore =
            createRoleStore(XMLRoleService.DEFAULT_NAME, secMgr);
        expect(secMgr.listRoleServices()).andReturn(
            new TreeSet<String>(Arrays.asList(XMLRoleService.DEFAULT_NAME))).anyTimes();
        expect(secMgr.getActiveRoleService()).andReturn(roleStore).anyTimes();
   
        //auth providers
        SecurityAuthProviderConfig authProviderConfig = createNiceMock(SecurityAuthProviderConfig.class);
        expect(authProviderConfig.getName()).andReturn(GeoServerAuthenticationProvider.DEFAULT_NAME).anyTimes();
        expect(authProviderConfig.getUserGroupServiceName()).andReturn(XMLUserGroupService.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadAuthenticationProviderConfig(GeoServerAuthenticationProvider.DEFAULT_NAME))
            .andReturn(authProviderConfig).anyTimes();
       
        GeoServerAuthenticationProvider authProvider = createNiceMock(GeoServerAuthenticationProvider.class);
        expect(authProvider.getName()).andReturn(GeoServerAuthenticationProvider.DEFAULT_NAME).anyTimes();
        expect(secMgr.loadAuthenticationProvider(GeoServerAuthenticationProvider.DEFAULT_NAME))
            .andReturn(authProvider).anyTimes();
        expect(secMgr.listAuthenticationProviders()).andReturn(
            new TreeSet<String>(Arrays.asList(GeoServerAuthenticationProvider.DEFAULT_NAME))).anyTimes();
        expect(secMgr.getAuthenticationProviders()).andReturn(Arrays.asList(authProvider)).anyTimes();
   
        //security filters
        SecurityInterceptorFilterConfig filterConfig = createNiceMock(SecurityInterceptorFilterConfig.class);       
        expect(secMgr.loadFilterConfig(
            GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR)).andReturn(filterConfig).anyTimes();
       
        GeoServerAnonymousAuthenticationFilter authFilter = createNiceMock(GeoServerAnonymousAuthenticationFilter.class);
        expect(authFilter.applicableForServices()).andReturn(true).anyTimes();
        expect(authFilter.applicableForHtml()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.ANONYMOUS_FILTER)).andReturn(authFilter).anyTimes();
       
        GeoServerRoleFilter roleFilter = createNiceMock(GeoServerRoleFilter.class);
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.ROLE_FILTER)).andReturn(roleFilter).anyTimes();

        GeoServerUserNamePasswordAuthenticationFilter formFilter = createNiceMock(GeoServerUserNamePasswordAuthenticationFilter.class);
        expect(formFilter.applicableForHtml()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.FORM_LOGIN_FILTER)).andReturn(formFilter).anyTimes();

        GeoServerBasicAuthenticationFilter basicFilter = createNiceMock(GeoServerBasicAuthenticationFilter.class);
        expect(basicFilter.applicableForServices()).andReturn(true).anyTimes();
        expect(secMgr.loadFilter(
                GeoServerSecurityFilterChain.BASIC_AUTH_FILTER)).andReturn(basicFilter).anyTimes();

   
        //password encoders
        expect(secMgr.loadPasswordEncoder(GeoServerEmptyPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerEmptyPasswordEncoder>() {
                @Override
                public GeoServerEmptyPasswordEncoder answer() throws Throwable {
                    return createEmptyPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("emptyPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createEmptyPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerPlainTextPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerPlainTextPasswordEncoder>() {
                @Override
                public GeoServerPlainTextPasswordEncoder answer() throws Throwable {
                    return createPlainTextPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("plainTextPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createPlainTextPasswordEncoder(secMgr);
                }
            }).anyTimes();
   
        expect(secMgr.loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null,false)).andAnswer(
            new IAnswer<GeoServerPBEPasswordEncoder>() {
                @Override
                public GeoServerPBEPasswordEncoder answer() throws Throwable {
                    return createPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("pbePasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
       
        expect(secMgr.loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null,true)).andAnswer(
            new IAnswer<GeoServerPBEPasswordEncoder>() {
                @Override
                public GeoServerPBEPasswordEncoder answer() throws Throwable {
                    return createStrongPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("strongPbePasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createStrongPbePasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerDigestPasswordEncoder.class, null,true)).andAnswer(
            new IAnswer<GeoServerDigestPasswordEncoder>() {
                @Override
                public GeoServerDigestPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder(GeoServerDigestPasswordEncoder.class)).andAnswer(
            new IAnswer<GeoServerDigestPasswordEncoder>() {
                @Override
                public GeoServerDigestPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoder("digestPasswordEncoder")).andAnswer(
            new IAnswer<GeoServerPasswordEncoder>() {
                @Override
                public GeoServerPasswordEncoder answer() throws Throwable {
                    return createDigestPasswordEncoder(secMgr);
                }
            }).anyTimes();
        expect(secMgr.loadPasswordEncoders()).andAnswer(
            new IAnswer<List<GeoServerPasswordEncoder>>() {
                @Override
                public List<GeoServerPasswordEncoder> answer()
                        throws Throwable {
                    return (List) Arrays.asList(
                        createEmptyPasswordEncoder(secMgr),
                        createPlainTextPasswordEncoder(secMgr), createPbePasswordEncoder(secMgr),
                        createStrongPbePasswordEncoder(secMgr), createDigestPasswordEncoder(secMgr));
                }
            }).anyTimes();
   
        //keystore provider
        KeyStoreProvider keyStoreProvider = createNiceMock(KeyStoreProvider.class);
        expect(keyStoreProvider.isKeyStorePassword(aryEq("geoserver".toCharArray())))
            .andReturn(true).anyTimes();
        expect(keyStoreProvider.containsAlias(KeyStoreProviderImpl.CONFIGPASSWORDKEY))
            .andReturn(true).anyTimes();;
        expect(keyStoreProvider.getSecretKey(KeyStoreProviderImpl.CONFIGPASSWORDKEY))
            .andReturn(new SecretKeySpec(toBytes("geoserver".toCharArray()),"PBE")).anyTimes();
        expect(keyStoreProvider.hasUserGroupKey(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(true).anyTimes();
   
        String alias = "ugServiceAlias";
        expect(keyStoreProvider.aliasForGroupService(XMLUserGroupService.DEFAULT_NAME))
            .andReturn(alias).anyTimes();
        expect(keyStoreProvider.containsAlias(alias)).andReturn(true).anyTimes();;
        expect(keyStoreProvider.getSecretKey(alias)).andReturn(
                new SecretKeySpec(toBytes("geoserver".toCharArray()),"PBE")).anyTimes();
        expect(secMgr.getKeyStoreProvider()).andReturn(keyStoreProvider).anyTimes();
       
        replay(keyStoreProvider, masterPasswdProvider, ugStore, ugConfig, roleStore, authProvider,
            authProviderConfig, filterConfig, passwdValidator, masterPasswdPolicyConfig, appContext,
            secMgr,roleFilter,formFilter,authFilter,basicFilter);
        return secMgr;
View Full Code Here
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
        SecurityContextHolder.getContext().setAuthentication(
            new UsernamePasswordAuthenticationToken(username,password,l));
    }

    protected void addUser(String username, String password, List<String> groups, List<String> roles) throws Exception {
        GeoServerSecurityManager secMgr = getSecurityManager();
        GeoServerUserGroupService ugService = secMgr.loadUserGroupService("default");

        GeoServerUserGroupStore ugStore = ugService.createStore();
        GeoServerUser user = ugStore.createUserObject(username, password, true);
        ugStore.addUser(user);

        if (groups != null && !groups.isEmpty()) {
            for (String groupName : groups) {
                GeoServerUserGroup group = ugStore.getGroupByGroupname(groupName);
                if (group == null) {
                    group = ugStore.createGroupObject(groupName, true);
                    ugStore.addGroup(group);
                }
   
                ugStore.associateUserToGroup(user, group);
            }
        }
        ugStore.store();

        if (roles != null && !roles.isEmpty()) {
            GeoServerRoleService roleService = secMgr.getActiveRoleService();
            GeoServerRoleStore roleStore = roleService.createStore();
            for (String roleName : roles) {
                GeoServerRole role = roleStore.getRoleByName(roleName);
                if (role == null) {
                    role = roleStore.createRoleObject(roleName);
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
69
        executor.shutdown();
    }

    private GeoServerBasicAuthenticationFilter createAuthenticationFilter() {
        GeoServerBasicAuthenticationFilter authenticationFilter = new GeoServerBasicAuthenticationFilter();
        GeoServerSecurityManager sm = null;
        try {
            sm = new GeoServerSecurityManager(new GeoServerDataDirectory(new File("target")));
            authenticationFilter.setSecurityManager(sm);
            BasicAuthenticationFilterConfig config = new BasicAuthenticationFilterConfig();
            authenticationFilter.initializeFromConfig(config);
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize authentication authenticationFilter.");
View Full Code Here
171
172
173
174
175
176
177
178
179
180
        // we don't show the node id to all users, only to the admin
        Authentication auth = ((GeoServerSession) parent.getSession()).getAuthentication();
        if (auth == null || !auth.isAuthenticated() || auth instanceof AnonymousAuthenticationToken) {
            return false;
        } else {
            GeoServerSecurityManager securityManager = GeoServerApplication.get()
                    .getSecurityManager();
            return securityManager.checkAuthenticationForAdminRole(auth);
        }
    }
View Full Code Here
TOP

Related Classes of org.geoserver.security.GeoServerSecurityManager

  • com.thoughtworks.xstream.converters.Converter
  • org.geoserver.cluster.impl.web.ClusterHomePageContentProvider
  • org.geoserver.config.util.XStreamPersister
  • org.geoserver.config.util.XStreamPersister$BreifMapConverter
  • org.geoserver.config.util.XStreamPersister$StoreInfoConverter
  • org.geoserver.jdbcconfig.web.JDBCConfigStatusProvider
  • org.geoserver.platform.resource.Resource
  • org.geoserver.script.rest.FinderSupport
  • org.geoserver.script.ScriptIntTestSupport
  • org.geoserver.security.concurrent.LockingRoleService
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.