Examples of org.geoserver.security.password.GeoServerMultiplexingPasswordEncoder

• org.geoserver.security.password.GeoServerMultiplexingPasswordEncoder
  Multiplexing password encoder.

  The purpose of this class is to decode a previously encoded password without knowing before hand which password encoder was used. The prefix contained in the encoded password is used to route to the appropriate delegate encoder. Therefore only {@link GeoserverPasswordEncoder} implementations that use a prefix in the encoded password are valid for this encoder.

  This class can also encode (although not typically used to do so). Encoding simply returns the first avaialble and successful encoder.

  @author christian

        //set up the password encoder
        // multiplex password encoder actually allows us to handle all types of passwords for
        // decoding purposes, regardless of whatever the current one used by the user group service
        // is
        authProvider.setPasswordEncoder(
            new GeoServerMultiplexingPasswordEncoder(getSecurityManager(),ugService));

        try {
            authProvider.afterPropertiesSet();
        } catch (Exception e) {
            throw new IOException(e);

    public HttpDigestUserDetailsServiceWrapper(GeoServerUserGroupService service,Charset charSet) {
       this.service= service;
       this.charSet=charSet;
       manager = service.getSecurityManager();
       enc = new GeoServerMultiplexingPasswordEncoder(service.getSecurityManager(),service);
        try {
            digest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No MD5 algorithm available!");
        }

    static public void copyFrom(GeoServerUserGroupService service, GeoServerUserGroupStore store) throws IOException,PasswordPolicyException {

        GeoServerPasswordEncoder encoder = store.getSecurityManager().loadPasswordEncoder(store.getPasswordEncoderName());
        encoder.initializeFor(store);

        GeoServerMultiplexingPasswordEncoder mEncoder = new
                GeoServerMultiplexingPasswordEncoder(store.getSecurityManager(),service);


        store.clear();
        Map<String,GeoServerUser> newUserDict = new HashMap<String,GeoServerUser>();
        Map<String,GeoServerUserGroup> newGroupDict = new HashMap<String,GeoServerUserGroup>();

        for (GeoServerUser user : service.getUsers()) {

            String rawPassword = null;
            String encPassword = null;
            try {
                rawPassword = mEncoder.decode(user.getPassword());
                encPassword= encoder.encodePassword(rawPassword, null);
            } catch (UnsupportedOperationException ex) {
                LOGGER.warning("Cannot recode user: "+user.getUsername()+" password: "+user.getPassword());
                encPassword=user.getPassword();
            }

     */
    public static void recodePasswords( GeoServerUserGroupStore store) throws IOException{
        GeoServerPasswordEncoder encoder = store.getSecurityManager().loadPasswordEncoder(store.getPasswordEncoderName());
        encoder.initializeFor(store);

        GeoServerMultiplexingPasswordEncoder mEncoder = new
                GeoServerMultiplexingPasswordEncoder(store.getSecurityManager(),store);
        for (GeoServerUser user : store.getUsers()) {
            if (encoder.isResponsibleForEncoding(user.getPassword()))
                continue; // nothing to do
            try {
                String rawpass= mEncoder.decode(user.getPassword());
                // to avoid password policy exceptions, recode explicitly
                String encPass=encoder.encodePassword(rawpass, null);
                user.setPassword(encPass);
                try {
                    store.updateUser(user);

        /*assertFalse(user1.isGroupAdmin());
        assertFalse(user2.isGroupAdmin());
        assertTrue(groupAdminUser.isGroupAdmin());*/

        GeoServerMultiplexingPasswordEncoder encoder = getEncoder(userGroupService);
        assertTrue(encoder.isPasswordValid(admin.getPassword(), "geoserver", null));
        assertTrue(encoder.isPasswordValid(user1.getPassword(), "11111", null));
        assertTrue(encoder.isPasswordValid(user2.getPassword(), "22222", null));
        assertTrue(encoder.isPasswordValid(disableduser.getPassword(), "", null));

        assertEquals(0,admin.getProperties().size());
        assertEquals(0,user1.getProperties().size());
        assertEquals(0,disableduser.getProperties().size());

    }
    protected void checkValuesModified(GeoServerUserGroupService userGroupService) throws IOException {
        GeoServerUser disableduser = userGroupService.getUserByUsername("disableduser");
        assertTrue(disableduser.isEnabled());
        GeoServerMultiplexingPasswordEncoder encoder = getEncoder(userGroupService);
        assertTrue(encoder.isPasswordValid(disableduser.getPassword(), "hallo", null));
        assertEquals(1, disableduser.getProperties().size());
        assertEquals("miller", disableduser.getProperties().getProperty("lastname"));

        GeoServerUser user2 = userGroupService.getUserByUsername("user2");
        assertEquals(1, user2.getProperties().size());

    protected boolean isJDBCTest() {
        return false;
    }

    protected GeoServerMultiplexingPasswordEncoder getEncoder(GeoServerUserGroupService ugService) throws IOException {
        return new GeoServerMultiplexingPasswordEncoder(getSecurityManager(),ugService);
    }

        assertEquals(9,roleService.getRoles().size());

        GeoServerUser admin = (GeoServerUser) userService.loadUserByUsername("admin");
        assertNotNull(admin);
        GeoServerMultiplexingPasswordEncoder enc= getEncoder(userService);
        assertTrue(enc.isPasswordValid(admin.getPassword(), "gs", null));

        assertTrue(admin.isEnabled());

        GeoServerUser wfs = (GeoServerUser) userService.loadUserByUsername("wfs");
        assertNotNull(wfs);
        assertTrue(enc.isPasswordValid(wfs.getPassword(), "webFeatureService", null));
        assertTrue(wfs.isEnabled());

        GeoServerUser disabledUser = (GeoServerUser) userService.loadUserByUsername("disabledUser");
        assertNotNull(disabledUser);
        assertTrue(enc.isPasswordValid(disabledUser.getPassword(), "nah", null));
        assertFalse(disabledUser.isEnabled());

        GeoServerRole role_admin = roleService.getRoleByName(XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE);
        assertNotNull(role_admin);
        GeoServerRole role_wfs_read = roleService.getRoleByName("ROLE_WFS_READ");

            GeoServerUser admin= service.getUserByUsername(GeoServerUser.ADMIN_USERNAME);
            assertNotNull(admin);
            assertEquals(GeoServerUser.AdminEnabled,admin.isEnabled());

            GeoServerMultiplexingPasswordEncoder enc= getEncoder(service);
            assertTrue(enc.isPasswordValid(admin.getPassword(), GeoServerUser.DEFAULT_ADMIN_PASSWD,null));
            assertEquals(admin.getProperties().size(),0);

            assertEquals(0, service.getGroupsForUser(admin).size());

        } catch (IOException ex) {