@Override protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { // avoid retrieving the user name more than once if (request.getAttribute(UserNameAlreadyRetrieved) != null) return (String) request.getAttribute(UserName); String principal = getPreAuthenticatedPrincipalName(request); if (principal != null && principal.trim().length() == 0) principal = null; try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); GeoServerUser u = service.getUserByUsername(principal); if (u != null && u.isEnabled() == false) { principal = null; handleDisabledUser(u, request); } } } catch (IOException ex) { throw new RuntimeException(ex); } request.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE); if (principal != null) request.setAttribute(UserName, principal); return principal; }
@Override public boolean equals(RoleSource other) { return other != null && other.toString().equals(toString()); } };
try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service =
assertNull(SecurityContextHolder.getContext().getAuthentication()); for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { config.setRoleSource(rs); getSecurityManager().saveFilter(config); chain = new MockFilterChain(); request.addHeader("principal", testUserName); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { request.addHeader("roles", derivedRole + ";" + rootRole); for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { config.setRoleSource(rs); getSecurityManager().saveFilter(config);
assertNull(SecurityContextHolder.getContext().getAuthentication()); for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { getCache().removeAll(); chain = new MockFilterChain(); request.addHeader("principal", testUserName); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { request.addHeader("roles", derivedRole + ";" + rootRole); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); Authentication auth = getAuth(testFilterName4, testUserName, null, null); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { continue; // no cache for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { getCache().removeAll(); config.setRoleSource(rs); getProxy().doFilter(request, response, chain); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { continue; // no cache
assertNull(SecurityContextHolder.getContext().getAuthentication()); for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { getCache().removeAll(); config.setRoleSource(rs); response = new MockHttpServletResponse(); chain = new MockFilterChain(); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { request.addHeader("roles", derivedRole + ";" + rootRole); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { continue; // no cache for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) { getCache().removeAll(); config.setRoleSource(rs); getProxy().doFilter(request, response, chain); assertEquals(HttpServletResponse.SC_OK, response.getStatus()); if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) { continue; // no cache
protected void createRoleSourceDropDown() { add( roleSourceChoice = new DropDownChoice<RoleSource>( "roleSource", Arrays.asList(PreAuthenticatedUserNameRoleSource.values()), new RoleSourceChoiceRenderer())); }
protected Panel getRoleSourcePanel(RoleSource model) { if (PreAuthenticatedUserNameRoleSource.UserGroupService.equals(model)) { return new UserGroupServicePanel("panel"); } else if (PreAuthenticatedUserNameRoleSource.RoleService.equals(model)) { return new RoleServicePanel("panel"); } else if (PreAuthenticatedUserNameRoleSource.Header.equals(model)) { return new HeaderPanel("panel"); } return new EmptyPanel("panel"); }
PreAuthenticatedUserNameRoleSource.valueOf(rs.toString()));
@Override protected Collection<GeoServerRole> getRoles(HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles; if (PreAuthenticatedUserNameRoleSource.RoleService.equals(getRoleSource())) { roles = getRolesFromRoleService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) { roles = getRolesFromUserGroupService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { roles = getRolesFromHttpAttribute(request, principal); } else { throw new RuntimeException("Never should reach this point"); } LOGGER.log( Level.FINE, "Got roles {0} from {1} for principal {2}", new Object[] {roles, getRoleSource(), principal}); return roles; }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); PreAuthenticatedUserNameFilterConfig authConfig = (PreAuthenticatedUserNameFilterConfig) config; roleSource = authConfig.getRoleSource(); rolesHeaderAttribute = authConfig.getRolesHeaderAttribute(); userGroupServiceName = authConfig.getUserGroupServiceName(); roleConverterName = authConfig.getRoleConverterName(); roleServiceName = authConfig.getRoleServiceName(); // TODO, Justin, is this ok ? if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { String converterName = authConfig.getRoleConverterName(); if (converterName == null || converterName.length() == 0) setConverter(GeoServerExtensions.bean(GeoServerRoleConverter.class)); else setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(converterName)); } }
@Override public String getCacheKey(HttpServletRequest request) { // caching does not make sense if everything is in the header if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) return null; return super.getCacheKey(request); }