public void validateFilterConfig(X509CertificateAuthenticationFilterConfig config) throws FilterConfigException { validateFilterConfig((J2eeAuthenticationBaseFilterConfig) config); }
@Override public SecurityConfigValidator createConfigurationValidator( GeoServerSecurityManager securityManager) { return new FilterConfigValidator(securityManager); } }
public void validateFilterConfig(J2eeAuthenticationBaseFilterConfig config) throws FilterConfigException { validateFilterConfig((PreAuthenticatedUserNameFilterConfig) config); if (config.getRoleSource().equals(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE)) { checkExistingRoleService(config.getRoleServiceName()); } }
public void validateFilterConfig(RequestHeaderAuthenticationFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getPrincipalHeaderAttribute()) == false) throw createFilterException(FilterConfigException.PRINCIPAL_HEADER_ATTRIBUTE_NEEDED); validateFilterConfig((PreAuthenticatedUserNameFilterConfig) config); }
protected void checkExistingUGService(String ugServiceName) throws FilterConfigException { if (isNotEmpty(ugServiceName) == false) throw createFilterException(FilterConfigException.USER_GROUP_SERVICE_NEEDED); try { if (manager.listUserGroupServices().contains(ugServiceName) == false) throw createFilterException( FilterConfigException.UNKNOWN_USER_GROUP_SERVICE, ugServiceName); } catch (IOException e) { throw new RuntimeException(e); } }
public void validateFilterConfig(SecurityInterceptorFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getSecurityMetadataSource()) == false) throw createFilterException(FilterConfigException.SECURITY_METADATA_SOURCE_NEEDED); try { lookupBean(config.getSecurityMetadataSource()); } catch (NoSuchBeanDefinitionException ex) { throw createFilterException( FilterConfigException.UNKNOWN_SECURITY_METADATA_SOURCE, config.getSecurityMetadataSource()); } }
@Test public void testUsernamePasswordFilterConfigValidation() throws Exception { UsernamePasswordAuthenticationFilterConfig config = new UsernamePasswordAuthenticationFilterConfig(); config.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); config.setName("testUsernamePassword"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); try { validator.validateFilterConfig(config); fail("no user should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.USER_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setUsernameParameterName("user"); try { validator.validateFilterConfig(config); fail("no password should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setPasswordParameterName("password"); validator.validateFilterConfig(config); }
throw createFilterException(FilterConfigException.ROLE_SOURCE_NEEDED); PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource .RoleService)) checkExistingRoleService(config.getRoleServiceName()); PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource .UserGroupService)) checkExistingUGService(config.getUserGroupServiceName()); PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource .Header)) { if (isNotEmpty(config.getRolesHeaderAttribute()) == false) throw createFilterException(FilterConfigException.ROLES_HEADER_ATTRIBUTE_NEEDED); if (isNotEmpty(config.getRoleConverterName())) { try { lookupBean(config.getRoleConverterName()); } catch (NoSuchBeanDefinitionException ex) { throw createFilterException( FilterConfigException.UNKNOWN_ROLE_CONVERTER, config.getRoleConverterName());
public void validateFilterConfig(DigestAuthenticationFilterConfig config) throws FilterConfigException { checkExistingUGService(config.getUserGroupServiceName()); if (config.getNonceValiditySeconds() < 0) throw createFilterException(FilterConfigException.INVALID_SECONDS); }
@Test public void testRequestHeaderFilterConfigValidation() throws Exception { RequestHeaderAuthenticationFilterConfig config = new RequestHeaderAuthenticationFilterConfig(); config.setClassName(GeoServerRequestHeaderAuthenticationFilter.class.getName()); config.setName("testRequestHeader"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); try { validator.validateFilterConfig(config); fail("no principal header attribute should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.PRINCIPAL_HEADER_ATTRIBUTE_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setPrincipalHeaderAttribute("user"); check((PreAuthenticatedUserNameFilterConfig) config); } }
public void validateFilterConfig(RoleFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getHttpResponseHeaderAttrForIncludedRoles()) == false) { throw createFilterException(FilterConfigException.HEADER_ATTRIBUTE_NAME_REQUIRED); } if (isNotEmpty(config.getRoleConverterName())) { try { lookupBean(config.getRoleConverterName()); } catch (NoSuchBeanDefinitionException ex) { throw createFilterException( FilterConfigException.UNKNOWN_ROLE_CONVERTER, config.getRoleConverterName()); } } }
public void validateFilterConfig(UsernamePasswordAuthenticationFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getUsernameParameterName()) == false) { throw createFilterException(FilterConfigException.USER_PARAMETER_NAME_NEEDED); } if (isNotEmpty(config.getPasswordParameterName()) == false) { throw createFilterException(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED); } }
public void check(J2eeAuthenticationBaseFilterConfig config) throws Exception { check((PreAuthenticatedUserNameFilterConfig) config); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); config.setRoleSource(J2EERoleSource.J2EE); config.setRoleServiceName("blabla"); try { validator.validateFilterConfig(config); fail("unknown role service should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.UNKNOWN_ROLE_SERVICE, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("blabla", ex.getArgs()[0]); } config.setRoleServiceName(XMLRoleService.DEFAULT_NAME); }
public void validateFilterConfig(J2eeAuthenticationFilterConfig config) throws FilterConfigException { validateFilterConfig((J2eeAuthenticationBaseFilterConfig) config); }
protected void checkExistingRoleService(String roleServiceName) throws FilterConfigException { if (isNotEmpty(roleServiceName) == false) return; // the active role service should be used try { if (manager.listRoleServices().contains(roleServiceName) == false) throw createFilterException( FilterConfigException.UNKNOWN_ROLE_SERVICE, roleServiceName); } catch (IOException e) { throw new RuntimeException(e); } }
@Test public void testRoleFilterConfigValidation() throws Exception { RoleFilterConfig config = new RoleFilterConfig(); config.setClassName(GeoServerRoleFilter.class.getName()); config.setName("testRoleFilter"); GeoServerSecurityManager secMgr = getSecurityManager(); FilterConfigValidator validator = new FilterConfigValidator(secMgr); try { validator.validateFilterConfig(config); fail("no header attribute should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.HEADER_ATTRIBUTE_NAME_REQUIRED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setHttpResponseHeaderAttrForIncludedRoles("roles"); config.setRoleConverterName("unknown"); try { validator.validateFilterConfig(config); fail("unkonwn role converter should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.UNKNOWN_ROLE_CONVERTER, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("unknown", ex.getArgs()[0]); } config.setRoleConverterName(null); validator.validateFilterConfig(config); }
public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof BasicAuthenticationFilterConfig) validateFilterConfig((BasicAuthenticationFilterConfig) config); if (config instanceof DigestAuthenticationFilterConfig) validateFilterConfig((DigestAuthenticationFilterConfig) config); if (config instanceof RoleFilterConfig) validateFilterConfig((RoleFilterConfig) config); if (config instanceof X509CertificateAuthenticationFilterConfig) validateFilterConfig((X509CertificateAuthenticationFilterConfig) config); if (config instanceof UsernamePasswordAuthenticationFilterConfig) validateFilterConfig((UsernamePasswordAuthenticationFilterConfig) config); if (config instanceof RequestHeaderAuthenticationFilterConfig) validateFilterConfig((RequestHeaderAuthenticationFilterConfig) config); if (config instanceof J2eeAuthenticationFilterConfig) validateFilterConfig((J2eeAuthenticationFilterConfig) config); if (config instanceof ExceptionTranslationFilterConfig) validateFilterConfig((ExceptionTranslationFilterConfig) config); if (config instanceof SecurityContextPersistenceFilterConfig) validateFilterConfig((SecurityContextPersistenceFilterConfig) config); if (config instanceof RememberMeAuthenticationFilterConfig) validateFilterConfig((RememberMeAuthenticationFilterConfig) config); if (config instanceof AnonymousAuthenticationFilterConfig) validateFilterConfig((AnonymousAuthenticationFilterConfig) config); if (config instanceof SecurityInterceptorFilterConfig) validateFilterConfig((SecurityInterceptorFilterConfig) config); if (config instanceof LogoutFilterConfig) validateFilterConfig((LogoutFilterConfig) config); // TODO, check rememberme }
public void validateFilterConfig(ExceptionTranslationFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getAuthenticationFilterName())) { try { SecurityNamedServiceConfig filterConfig = manager.loadFilterConfig(config.getAuthenticationFilterName()); if (filterConfig == null) throw createFilterException( FilterConfigException.INVALID_ENTRY_POINT, config.getAuthenticationFilterName()); boolean valid = false; if (filterConfig instanceof SecurityFilterConfig) { if (((SecurityFilterConfig) filterConfig).providesAuthenticationEntryPoint()) valid = true; } if (!valid) { throw createFilterException( FilterConfigException.NO_AUTH_ENTRY_POINT, config.getAuthenticationFilterName()); } } catch (IOException ex) { throw new RuntimeException(ex); } } } }
@Test public void testExceptionTranslationFilterConfigValidation() throws Exception { ExceptionTranslationFilterConfig config = new ExceptionTranslationFilterConfig(); config.setClassName(GeoServerExceptionTranslationFilter.class.getName()); config.setName("testEx"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); config.setAuthenticationFilterName("unknown"); try { validator.validateFilterConfig(config); fail("invalid entry point should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.INVALID_ENTRY_POINT, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("unknown", ex.getArgs()[0]); } config.setAuthenticationFilterName( GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR); try { validator.validateFilterConfig(config); fail("no auth entry point should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.NO_AUTH_ENTRY_POINT, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals(GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR, ex.getArgs()[0]); } config.setAuthenticationFilterName(null); validator.validateFilterConfig(config); }
@Override public void validateModifiedFilter( SecurityNamedServiceConfig config, SecurityNamedServiceConfig oldConfig) throws SecurityConfigException { super.validateModifiedFilter(config, oldConfig); validateFilterConfig(config); }