path, GeoServerSecurityManager.this); if (requestChain != null) { name = requestChain.getName(); } else { name = path; throw new RuntimeException(ex); requestChain.setName(name); if (StringUtils.hasLength(disabledString)) { requestChain.setDisabled(Boolean.parseBoolean(disabledString)); requestChain.setAllowSessionCreation( Boolean.parseBoolean(allowSessionCreationString)); requestChain.setRequireSSL(Boolean.parseBoolean(sslString)); requestChain.setMatchHTTPMethod(Boolean.parseBoolean(matchHTTPMethodString)); requestChain.getHttpMethods().add(HTTPMethod.fromString(method)); requestChain.setRoleFilterName(roleFilterName); .DYNAMIC_EXCEPTION_TRANSLATION_FILTER); requestChain.setFilterNames(filterNames); filterChain.getRequestChains().add(requestChain);
for (String s : requestChain.getPatterns()) { sb.append(s).append(","); if (requestChain.getName() != null) { writer.addAttribute("name", requestChain.getName()); if (StringUtils.hasLength(requestChain.getRoleFilterName())) writer.addAttribute("roleFilterName", requestChain.getRoleFilterName()); writer.addAttribute("disabled", Boolean.toString(requestChain.isDisabled())); writer.addAttribute( "allowSessionCreation", Boolean.toString(requestChain.isAllowSessionCreation())); writer.addAttribute("ssl", Boolean.toString(requestChain.isRequireSSL())); writer.addAttribute( "matchHTTPMethod", Boolean.toString(requestChain.isMatchHTTPMethod())); if (requestChain.getHttpMethods() != null && requestChain.getHttpMethods().size() > 0) { writer.addAttribute( "httpMethods", StringUtils.collectionToCommaDelimitedString( requestChain.getHttpMethods())); for (String filterName : requestChain.getFilterNames()) { writer.startNode("filter"); writer.setValue(filterName);
public List<String> getCompiledFilterNames() { if (isDisabled() == true) return Collections.emptyList(); List<String> result = new ArrayList<String>(); if (isRequireSSL()) result.add(GeoServerSecurityFilterChain.SSL_FILTER); if (isAllowSessionCreation()) result.add(GeoServerSecurityFilterChain.SECURITY_CONTEXT_ASC_FILTER); else result.add(GeoServerSecurityFilterChain.SECURITY_CONTEXT_NO_ASC_FILTER); if (StringUtils.hasLength(getRoleFilterName())) result.add(getRoleFilterName()); createCompiledFilterList(result); return result; }
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + (isConstant() ? 1231 : 1237); result = prime * result + (isAllowSessionCreation() ? 17 : 19); result = prime * result + (isDisabled() ? 23 : 29); result = prime * result + (isRequireSSL() ? 31 : 37); result = prime * result + (isMatchHTTPMethod() ? 41 : 49); result = prime * ((roleFilterName == null) ? 1 : roleFilterName.hashCode()); result = prime * result + ((httpMethods == null) ? 0 : httpMethods.hashCode()); result = prime * result + ((filterNames == null) ? 0 : filterNames.hashCode()); result = prime * result + ((name == null) ? 0 : name.hashCode()); result = prime * result + ((patterns == null) ? 0 : patterns.hashCode()); return result; }
/** * Get a list of patterns having the filter in their chain. If includeAll is false, only * authentication filters are searched */ public List<String> patternsForFilter(String filterName, boolean includeAll) { List<String> result = new ArrayList<String>(); for (RequestFilterChain requestChain : requestChains) { List<String> filterNames = includeAll ? requestChain.getCompiledFilterNames() : requestChain.getFilterNames(); if (filterNames.contains(filterName)) { result.addAll(requestChain.getPatterns()); } } return result; }
public void setFilterNames(String... filterNames) { setFilterNames(new ArrayList<String>(Arrays.asList(filterNames))); }
for (RequestFilterChain chain : config.getFilterChain().getRequestChains()) { assertFalse( chain.getFilterNames() .contains( GeoServerSecurityFilterChain .DYNAMIC_EXCEPTION_TRANSLATION_FILTER)); assertFalse( chain.getFilterNames() .remove(GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR)); assertFalse( chain.getFilterNames() .remove(GeoServerSecurityFilterChain.FILTER_SECURITY_REST_INTERCEPTOR)); assertFalse( chain.getFilterNames() .remove(GeoServerSecurityFilterChain.SECURITY_CONTEXT_ASC_FILTER)); assertFalse( chain.getFilterNames() .remove(GeoServerSecurityFilterChain.SECURITY_CONTEXT_NO_ASC_FILTER)); assertFalse(chain.isDisabled()); assertFalse(chain.isRequireSSL()); assertFalse(StringUtils.hasLength(chain.getRoleFilterName())); if (GeoServerSecurityFilterChain.WEB_CHAIN_NAME.equals(chain.getName()) || GeoServerSecurityFilterChain.WEB_LOGIN_CHAIN_NAME.equals(chain.getName()) || GeoServerSecurityFilterChain.WEB_LOGOUT_CHAIN_NAME.equals(chain.getName())) assertTrue(chain.isAllowSessionCreation()); else assertFalse(chain.isAllowSessionCreation());
protected void prepareFilterChain(Class filterChainClass, String pattern, String... filterNames) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); GeoServerSecurityFilterChain filterChain = config.getFilterChain(); filterChain.removeForPattern(pattern); Constructor<?> cons = filterChainClass.getConstructor(new Class[] {String[].class}); String[] args = new String[] {pattern}; RequestFilterChain requestChain = (RequestFilterChain) cons.newInstance(new Object[] {args}); requestChain = new HtmlLoginFilterChain(pattern); requestChain.setName("testChain"); requestChain.setFilterNames(filterNames); // insert before default filterChain.getRequestChains().add(filterChain.getRequestChains().size() - 2, requestChain); getSecurityManager().saveSecurityConfig(config); }
public void validateRequestFilterChain(RequestFilterChain requestChain) throws SecurityConfigException { if (isNotEmpty(requestChain.getName()) == false) { throw createSecurityException(SecurityConfigException.FILTER_CHAIN_NAME_MANDATORY); if (requestChain.getPatterns().isEmpty()) { throw createSecurityException( SecurityConfigException.PATTERN_LIST_EMPTY_$1, requestChain.getName()); String roleFilterName = requestChain.getRoleFilterName(); if (StringUtils.hasLength(roleFilterName)) { try { throw createSecurityException( SecurityConfigException.UNKNOWN_ROLE_FILTER_$2, requestChain.getName(), roleFilterName); if (requestChain.isDisabled() == false && requestChain.getFilterNames().isEmpty()) throw createSecurityException( SecurityConfigException.FILTER_CHAIN_EMPTY_$1, requestChain.getName()); throw createSecurityException( SecurityConfigException.UNKNOWN_INTERCEPTOR_FILTER_$2, requestChain.getName(), interceptorFilterName); throw createSecurityException( SecurityConfigException.INTERCEPTOR_FILTER_MANDATORY_$1, requestChain.getName());
/** Removes a filter by name from all filter request chains. */ public boolean remove(String filterName) { boolean removed = false; for (RequestFilterChain requestChain : requestChains) { removed |= requestChain.getFilterNames().remove(filterName); } return removed; }
SecurityManagerConfig config = loadSecurityConfig(); for (RequestFilterChain chain : config.getFilterChain().getRequestChains()) { if (chain.getFilterNames() .contains(GeoServerSecurityFilterChain.SECURITY_CONTEXT_ASC_FILTER)) { chain.setAllowSessionCreation(true); chain.getFilterNames() .remove(GeoServerSecurityFilterChain.SECURITY_CONTEXT_ASC_FILTER); if (chain.getFilterNames() .contains(GeoServerSecurityFilterChain.SECURITY_CONTEXT_NO_ASC_FILTER)) { chain.setAllowSessionCreation(false); chain.getFilterNames() .remove(GeoServerSecurityFilterChain.SECURITY_CONTEXT_NO_ASC_FILTER); if (GeoServerSecurityFilterChain.WEB_CHAIN_NAME.equals(chain.getName())) { chain.getFilterNames() .indexOf( GeoServerSecurityFilterChain .GUI_EXCEPTION_TRANSLATION_FILTER); if (index != -1) chain.getFilterNames() .set( index, if (chain.getFilterNames().indexOf(GeoServerSecurityFilterChain.FORM_LOGIN_FILTER) == -1) { index = chain.getFilterNames()
public RequestFilterChain getRequestChainByName(String name) { for (RequestFilterChain requestChain : requestChains) { if (requestChain.getName().equals(name)) { return requestChain; } } return null; }
protected void modifyChain( String pattern, boolean disabled, boolean allowSessionCreation, String roleFilterName) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); RequestFilterChain chain = config.getFilterChain().find(pattern); chain.setDisabled(disabled); chain.setAllowSessionCreation(allowSessionCreation); chain.setRoleFilterName(roleFilterName); getSecurityManager().saveSecurityConfig(config); return; }
if (chain.getRequestChainByName(oldRequestChain.getName()) == null) { if (oldRequestChain.canBeRemoved() == false) { throw createSecurityException( SecurityConfigException.FILTER_CHAIN_NOT_REMOVEABLE_$1, oldRequestChain.getName()); Set<String> chainNames = new HashSet<String>(); if (isNotEmpty(requestChain.getName()) == false) { throw createSecurityException(SecurityConfigException.FILTER_CHAIN_NAME_MANDATORY); if (chainNames.contains(requestChain.getName())) { throw createSecurityException( SecurityConfigException.FILTER_CHAIN_NAME_NOT_UNIQUE_$1, requestChain.getName()); chainNames.add(requestChain.getName());
public void setName(String name) { chain.setName(name); }
public boolean isAllowSessionCreation() { return chain.isAllowSessionCreation(); } public void setAllowSessionCreation(boolean allowSessionCreation) {
public String getRoleFilterName() { return chain.getRoleFilterName(); } public void setRoleFilterName(String roleFilterName) {
public void setDisabled(boolean disabled) { chain.setDisabled(disabled); }
public boolean isRequireSSL() { return chain.isRequireSSL(); }
public void setAllowSessionCreation(boolean allowSessionCreation) { chain.setAllowSessionCreation(allowSessionCreation); }