@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); RequestHeaderAuthenticationFilterConfig authConfig = (RequestHeaderAuthenticationFilterConfig) config; setPrincipalHeaderAttribute(authConfig.getPrincipalHeaderAttribute()); }
/** * Calculates roles using the String found in the http header attribute if no role string is * found, anempty collection is returned * * <p>The result contains personalized roles * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromHttpAttribute( HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>(); String rolesString = request.getHeader(getRolesHeaderAttribute()); if (rolesString == null || rolesString.trim().length() == 0) { LOGGER.log(Level.WARNING, "No roles in header attribute: " + getRolesHeaderAttribute()); return roles; } roles.addAll(getConverter().convertRolesFromString(rolesString, principal)); LOGGER.log( Level.FINE, "for principal " + principal + " found roles " + StringUtils.collectionToCommaDelimitedString(roles) + " in header " + getRolesHeaderAttribute()); return roles; }
@Override protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { // avoid retrieving the user name more than once if (request.getAttribute(UserNameAlreadyRetrieved) != null) return (String) request.getAttribute(UserName); String principal = getPreAuthenticatedPrincipalName(request); if (principal != null && principal.trim().length() == 0) principal = null; try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); GeoServerUser u = service.getUserByUsername(principal); if (u != null && u.isEnabled() == false) { principal = null; handleDisabledUser(u, request); } } } catch (IOException ex) { throw new RuntimeException(ex); } request.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE); if (principal != null) request.setAttribute(UserName, principal); return principal; }
@Override protected Collection<GeoServerRole> getRoles(HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles; if (PreAuthenticatedUserNameRoleSource.RoleService.equals(getRoleSource())) { roles = getRolesFromRoleService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) { roles = getRolesFromUserGroupService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { roles = getRolesFromHttpAttribute(request, principal); } else { throw new RuntimeException("Never should reach this point"); } LOGGER.log( Level.FINE, "Got roles {0} from {1} for principal {2}", new Object[] {roles, getRoleSource(), principal}); return roles; }
/** * Calculates roles from a {@link GeoServerRoleService} The default service is {@link * GeoServerSecurityManager#getActiveRoleService()} * * <p>The result contains all inherited roles, but no personalized roles * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromRoleService( HttpServletRequest request, String principal) throws IOException { boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); RoleCalculator calc = new RoleCalculator(service); return calc.calculateRoles(principal); }
protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { String principal = super.getPreAuthenticatedPrincipal(request); HttpSession session = request.getSession(false); if (principal!=null && session!=null) { session.setAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY, request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY)); request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); getHandler().recordSession(request); } if (principal==null) { request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); } return principal; }
super.doFilter(req, res, chain);
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); PreAuthenticatedUserNameFilterConfig authConfig = (PreAuthenticatedUserNameFilterConfig) config; roleSource = authConfig.getRoleSource(); rolesHeaderAttribute = authConfig.getRolesHeaderAttribute(); userGroupServiceName = authConfig.getUserGroupServiceName(); roleConverterName = authConfig.getRoleConverterName(); roleServiceName = authConfig.getRoleServiceName(); // TODO, Justin, is this ok ? if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { String converterName = authConfig.getRoleConverterName(); if (converterName == null || converterName.length() == 0) setConverter(GeoServerExtensions.bean(GeoServerRoleConverter.class)); else setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(converterName)); } }
@Override public String getCacheKey(HttpServletRequest request) { // caching does not make sense if everything is in the header if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) return null; return super.getCacheKey(request); }
protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { String principal = super.getPreAuthenticatedPrincipal(request); HttpSession session = request.getSession(false); if (principal != null && session != null) { session.setAttribute( GeoServerCasConstants.CAS_ASSERTION_KEY, request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY)); request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); getHandler().process(request, null); } if (principal == null) { request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); } return principal; }
super.doFilter(req, res, chain);
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); aep = filterConfig.getAuthenticationEntryPoint(); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); CasAuthenticationFilterConfig authConfig = (CasAuthenticationFilterConfig) config; validator = new GeoServerCas20ProxyTicketValidator(authConfig.getCasServerUrlPrefix()); validator.setAcceptAnyProxy(true); validator.setProxyGrantingTicketStorage(pgtStorageFilter); validator.setRenew(authConfig.isSendRenew()); if (StringUtils.hasLength(authConfig.getProxyCallbackUrlPrefix())) validator.setProxyCallbackUrl(GeoServerCasConstants.createProxyCallBackURl(authConfig.getProxyCallbackUrlPrefix())); casLogoutURL=GeoServerCasConstants.createCasURl(authConfig.getCasServerUrlPrefix(), GeoServerCasConstants.LOGOUT_URI); if (StringUtils.hasLength(authConfig.getUrlInCasLogoutPage())) casLogoutURL+="?"+GeoServerCasConstants.LOGOUT_URL_PARAM+"="+URLEncoder.encode(authConfig.getUrlInCasLogoutPage(),"utf-8"); singleSignOut=authConfig.isSingleSignOut(); aep = new GeoServerCasAuthenticationEntryPoint(authConfig); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config);