/** * Create the standard password validator * * @param config */ public PasswordValidator createPasswordValidator( PasswordPolicyConfig config, GeoServerSecurityManager securityManager) { return new PasswordValidatorImpl(securityManager); }
@Override public void validatePassword(char[] password) throws PasswordPolicyException { // if (password==null) // throw createSecurityException(PW_IS_NULL); if (password == null) { // treat as "empty" password = new char[] {}; } if (password.length < config.getMinLength()) throw createSecurityException(MIN_LENGTH_$1, config.getMinLength()); if (config.getMaxLength() >= 0 && password.length > config.getMaxLength()) throw createSecurityException(MAX_LENGTH_$1, config.getMaxLength()); if (config.isDigitRequired()) { if (checkUsingMethod("isDigit", password) == false) throw createSecurityException(NO_DIGIT); } if (config.isUppercaseRequired()) { if (checkUsingMethod("isUpperCase", password) == false) throw createSecurityException(NO_UPPERCASE); } if (config.isLowercaseRequired()) { if (checkUsingMethod("isLowerCase", password) == false) throw createSecurityException(NO_LOWERCASE); } String prefix = passwordStartsWithEncoderPrefix(password); if (prefix != null) throw createSecurityException(RESERVED_PREFIX_$1, prefix); }
/** * Checks if the password starts with an encoder prefix, if true return the prefix, if false * return <code>null</code> * * @param password */ public static String passwordStartsWithEncoderPrefix(char[] password) { if (password == null) return null; O: for (String prefix : getNotAllowedPrefixes()) { if (prefix.length() > password.length) continue; for (int i = 0; i < prefix.length(); i++) { if (prefix.charAt(i) != password[i]) continue O; } return prefix; } return null; }
expect(masterPasswdPolicyConfig.getMaxLength()).andReturn(-1).anyTimes(); PasswordValidatorImpl masterPasswdValidator = new PasswordValidatorImpl(secMgr); masterPasswdValidator.setConfig(masterPasswdPolicyConfig);
/** * validates and encodes the password. Do nothing for a not changed password of an existing user * * @param user * @throws IOException */ protected void preparePassword(GeoServerUser user) throws IOException, PasswordPolicyException { char[] passwordArray = user.getPassword() != null ? user.getPassword().toCharArray() : null; if (PasswordValidatorImpl.passwordStartsWithEncoderPrefix(passwordArray) != null) return; // do nothing, password already encoded // we have a plain text password // validate it getSecurityManager() .loadPasswordValidator(getPasswordValidatorName()) .validatePassword(passwordArray); // validation ok, initializer encoder and set encoded password GeoServerPasswordEncoder enc = getSecurityManager().loadPasswordEncoder(getPasswordEncoderName()); enc.initializeFor(this); user.setPassword(enc.encodePassword(user.getPassword(), null)); }
@Test public void testPasswords() throws PasswordPolicyException { checkForException(null, IS_NULL); validator.validatePassword("".toCharArray()); validator.validatePassword("a".toCharArray()); checkForException("plain:a", RESERVED_PREFIX_$1, "plain:"); checkForException("crypt1:a", RESERVED_PREFIX_$1, "crypt1:"); checkForException("digest1:a", RESERVED_PREFIX_$1, "digest1:"); validator.validatePassword("plain".toCharArray()); validator.validatePassword("plaina".toCharArray()); config.setMinLength(2); checkForException("a", MIN_LENGTH_$1, 2); validator.validatePassword("aa".toCharArray()); config.setMaxLength(10); checkForException("01234567890", MAX_LENGTH_$1, 10); validator.validatePassword("0123456789".toCharArray()); config.setDigitRequired(true); checkForException("abcdef", NO_DIGIT); validator.validatePassword("abcde4".toCharArray()); config.setUppercaseRequired(true); checkForException("abcdef4", NO_UPPERCASE); validator.validatePassword("abcde4F".toCharArray()); config.setLowercaseRequired(true); checkForException("ABCDE4F", NO_LOWERCASE); validator.validatePassword("abcde4F".toCharArray()); }
@Before public void init() throws Exception { config = new PasswordPolicyConfig(); validator = new PasswordValidatorImpl(getSecurityManager()); validator.setConfig(config); }
/** * validates and encodes the password. Do nothing * for a not changed password of an existing user * * @param user * @throws IOException */ protected void preparePassword(GeoServerUser user) throws IOException,PasswordPolicyException { char []passwordArray = user.getPassword() != null ? user.getPassword().toCharArray() : null; if (PasswordValidatorImpl.passwordStartsWithEncoderPrefix(passwordArray)!=null) return; // do nothing, password already encoded // we have a plain text password // validate it getSecurityManager().loadPasswordValidator(getPasswordValidatorName()). validatePassword(passwordArray); // validation ok, initializer encoder and set encoded password GeoServerPasswordEncoder enc = getSecurityManager().loadPasswordEncoder(getPasswordEncoderName()); enc.initializeFor(this); user.setPassword(enc.encodePassword(user.getPassword(), null)); }
protected void checkForException(String password, String id, Object... params) { try { validator.validatePassword(password != null ? password.toCharArray() : null); } catch (PasswordPolicyException ex) { assertEquals(id, ex.getId()); assertEquals(params.length, ex.getArgs().length); for (int i = 0; i < params.length; i++) { assertEquals(params[i], ex.getArgs()[i]); } } } }