/** * converts an 2.3.x security configuration to 2.4.x * * @return <code>true</code> if migration has taken place */ boolean migrateFrom23() throws Exception { SecurityManagerConfig config = loadSecurityConfig(); RequestFilterChain webChain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_CHAIN_NAME); boolean migrated = false; List<String> patterns = webChain.getPatterns(); if (patterns.contains("/") == false) { patterns.add("/"); saveSecurityConfig(config); migrated |= true; } return migrated; }
/** Constructor cloning all collections */ public GeoServerSecurityFilterChain(GeoServerSecurityFilterChain other) { this.requestChains = new ArrayList<RequestFilterChain>(other.getRequestChains()); }
new GeoServerSecurityFilterChain(config.getFilterChain()); filterChain.postConfigure(securityManager); for (RequestFilterChain chain : filterChain.getRequestChains()) { RequestMatcher matcher = matcherForChain(chain); List<Filter> filters = new ArrayList<Filter>();
public static RequestFilterChain lookupRequestChainByPattern( String pattern, GeoServerSecurityManager secMgr) { // this is kind of a hack but we create an initial filter chain and run it through the // security provider extension points to get an actual final chain, and then look through // the elements for a matching name GeoServerSecurityFilterChain filterChain = createInitialChain(); filterChain.postConfigure(secMgr); for (RequestFilterChain requestChain : filterChain.getRequestChains()) { if (requestChain.getPatterns().contains(pattern)) { return requestChain; } } return null; }
protected void prepareFilterChain(Class filterChainClass, String pattern, String... filterNames) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); GeoServerSecurityFilterChain filterChain = config.getFilterChain(); filterChain.removeForPattern(pattern); Constructor<?> cons = filterChainClass.getConstructor(new Class[] {String[].class}); String[] args = new String[] {pattern}; RequestFilterChain requestChain = (RequestFilterChain) cons.newInstance(new Object[] {args}); requestChain = new HtmlLoginFilterChain(pattern); requestChain.setName("testChain"); requestChain.setFilterNames(filterNames); // insert before default filterChain.getRequestChains().add(filterChain.getRequestChains().size() - 2, requestChain); getSecurityManager().saveSecurityConfig(config); }
for (RequestFilterChain oldRequestChain : oldChain.getRequestChains()) { if (chain.getRequestChainByName(oldRequestChain.getName()) == null) { if (oldRequestChain.canBeRemoved() == false) { throw createSecurityException( for (RequestFilterChain requestChain : chain.getRequestChains()) { Set<String> chainNames = new HashSet<String>(); for (RequestFilterChain requestChain : chain.getRequestChains()) { validateRequestFilterChain(requestChain);
List<RequestFilterChain> clones = new ArrayList<RequestFilterChain>(); for (RequestFilterChain chain : config.getFilterChain().getRequestChains()) { try { clones.add((RequestFilterChain)chain.clone()); config.setFilterChain(new GeoServerSecurityFilterChain(clones));
@Override public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { GeoServerSecurityFilterChain filterChain = new GeoServerSecurityFilterChain(); GeoServerSecurityFilterChain.lookupRequestChainByPattern( path, GeoServerSecurityManager.this); if (requestChain != null) { filterChain.getRequestChains().add(requestChain);
/** Create the initial {@link GeoServerSecurityFilterChain} */ public static GeoServerSecurityFilterChain createInitialChain() { return new GeoServerSecurityFilterChain(new ArrayList<RequestFilterChain>(INITIAL)); }
config.setRememberMeService(rememberMeConfig); config.setFilterChain(GeoServerSecurityFilterChain.createInitialChain()); saveSecurityConfig(config);
@Override public void configureFilterChain(GeoServerSecurityFilterChain filterChain) { if ( filterChain.getRequestChainByName(PROXYRECEPTORCHAIN) != null) return; RequestFilterChain casChain = new ConstantFilterChain(GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN, GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN+"/"); casChain.setFilterNames(pgtCallback.getName()); casChain.setName(PROXYRECEPTORCHAIN); filterChain.getRequestChains().add(0,casChain); }
List<RequestFilterChain> clones = new ArrayList<RequestFilterChain>(); for (RequestFilterChain chain : config.getFilterChain().getRequestChains()) { try { clones.add((RequestFilterChain) chain.clone()); config.setFilterChain(new GeoServerSecurityFilterChain(clones));
public static RequestFilterChain lookupRequestChainByName( String name, GeoServerSecurityManager secMgr) { // this is kind of a hack but we create an initial filter chain and run it through the // security provider extension points to get an actual final chain, and then look through // the elements for a matching name GeoServerSecurityFilterChain filterChain = createInitialChain(); filterChain.postConfigure(secMgr); for (RequestFilterChain requestChain : filterChain.getRequestChains()) { if (requestChain.getName().equals(name)) { return requestChain; } } return null; }
private Object readResolve() { authProviderNames = authProviderNames != null ? authProviderNames : new ArrayList<String>(); filterChain = filterChain != null ? filterChain : new GeoServerSecurityFilterChain(); rememberMeService = rememberMeService != null ? rememberMeService : new RememberMeServicesConfig(); bruteForcePrevention = bruteForcePrevention != null ? bruteForcePrevention : new BruteForcePreventionConfig(); return this; }
handler.destroySession(httpReq); LogoutFilterChain logOutChain = (LogoutFilterChain) getSecurityManager().getSecurityConfig().getFilterChain().getRequestChainByName("webLogout"); logOutChain.doLogout(getSecurityManager(), httpReq, httpRes,getName()); } else
@Override public void configureFilterChain(GeoServerSecurityFilterChain filterChain) { if (filterChain.getRequestChainByName(PROXYRECEPTORCHAIN) != null) return; RequestFilterChain casChain = new ConstantFilterChain( GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN, GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN + "/"); casChain.setFilterNames(pgtCallback.getName()); casChain.setName(PROXYRECEPTORCHAIN); filterChain.getRequestChains().add(0, casChain); } }
public List<RequestFilterChain> getVariableRequestChains() { List<RequestFilterChain> result = new ArrayList<RequestFilterChain>(); for (RequestFilterChain chain : getRequestChains()) if (chain.isConstant() == false) result.add(chain); return result; }
GeoServerSecurityFilterChain filterChain = new GeoServerSecurityFilterChain(); config.setFilterChain(filterChain); filterChain.getRequestChains().add(chain);
public SecurityManagerConfig(SecurityManagerConfig config) { this.roleServiceName = config.getRoleServiceName(); this.authProviderNames = config.getAuthProviderNames() != null ? new ArrayList<String>(config.getAuthProviderNames()) : null; this.filterChain = config.getFilterChain() != null ? new GeoServerSecurityFilterChain(config.getFilterChain()) : null; this.rememberMeService = new RememberMeServicesConfig(config.getRememberMeService()); this.bruteForcePrevention = new BruteForcePreventionConfig(config.getBruteForcePrevention()); this.encryptingUrlParams = config.isEncryptingUrlParams(); this.configPasswordEncrypterName = config.getConfigPasswordEncrypterName(); // this.masterPasswordURL=config.getMasterPasswordURL(); // this.masterPasswordStrategy=config.getMasterPasswordStrategy(); }
.getSecurityConfig() .getFilterChain() .getRequestChainByName("webLogout"); logOutChain.doLogout(getSecurityManager(), httpReq, httpRes, getName()); handler.process(httpReq, httpRes);