/** * Removes an authentication provider configuration. * * @param config The authentication provider configuration. */ public void removeAuthenticationProvider(SecurityAuthProviderConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerAuthenticationProvider.class, config.getClassName()); validator.validateRemoveAuthProvider(config); authProviderHelper.removeConfig(config.getName()); }
/** * Removes a password validator configuration. * * @param config The password validator configuration. */ public void removePasswordValidator(PasswordPolicyConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( PasswordValidator.class, config.getClassName()); validator.validateRemovePasswordPolicy(config); passwordValidators.remove(config.getName()); passwordValidatorHelper.removeConfig(config.getName()); }
/** * Removes a role service configuration. * * @param config The role service configuration. */ public void removeRoleService(SecurityRoleServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerRoleService.class, config.getClassName()); validator.validateRemoveRoleService(config); roleServices.remove(config.getName()); roleServiceHelper.removeConfig(config.getName()); }
public void validateAddNamedService(Class<?> extensionPoint, SecurityNamedServiceConfig config) throws SecurityConfigException { checkExtensionPont(extensionPoint, config.getClassName()); checkServiceName(extensionPoint, config.getName()); SortedSet<String> names = getNamesFor(extensionPoint); if (names.contains(config.getName())) throw createSecurityException(alreadyExistsErrorCode(extensionPoint), config.getName()); }
public void validateModifiedNamedService( Class<?> extensionPoint, SecurityNamedServiceConfig config) throws SecurityConfigException { checkExtensionPont(extensionPoint, config.getClassName()); checkServiceName(extensionPoint, config.getName()); SortedSet<String> names = getNamesFor(extensionPoint); if (names.contains(config.getName()) == false) throw createSecurityException(notFoundErrorCode(extensionPoint), config.getName()); }
/** Removes a master password provider configuration. */ public void removeMasterPasswordProvder(MasterPasswordProviderConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( MasterPasswordProvider.class, config.getClassName()); validator.validateRemoveMasterPasswordProvider(config); masterPasswordProviderHelper.removeConfig(config.getName()); }
@Test public void testNamedServices() { SecurityConfigValidator validator = new SecurityConfigValidator(getSecurityManager()); Class<?>[] extensionPoints = new Class<?>[] { validator.checkExtensionPont(ep, "a.b.c"); fail("unknown class should fail"); } catch (SecurityConfigException ex) { validator.checkExtensionPont(ep, "java.lang.String"); fail("wrong class should fail"); } catch (SecurityConfigException ex) { validator.checkExtensionPont(ep, className); fail("no class should fail"); } catch (SecurityConfigException ex) { validator.checkServiceName(ep, name); fail("no name should fail"); } catch (SecurityConfigException ex) { validator.validateAddPasswordPolicy( createPolicyConfig( PasswordValidator.DEFAULT_NAME, PasswordValidatorImpl.class, 1, 10)); validator.validateModifiedPasswordPolicy(pwConfig, pwConfig); fail("unknown passwd policy should fail"); } catch (SecurityConfigException ex) {
/** * Removes a user group service configuration. * * @param config The user group service configuration. */ public void removeUserGroupService(SecurityUserGroupServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerUserGroupService.class, config.getClassName()); validator.validateRemoveUserGroupService(config); userGroupServices.remove(config.getName()); userGroupServiceHelper.removeConfig(config.getName()); }
public void removeFilter(SecurityNamedServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerSecurityFilter.class, config.getClassName()); validator.validateRemoveFilter(config); getAuthenticationCache().removeAll(config.getName()); filterHelper.removeConfig(config.getName()); }
"default2"); SecurityConfigValidator validator = new SecurityConfigValidator(getSecurityManager()); try { config.setName("default2"); validator.validateAddAuthProvider(config); fail("user group service not found should fail"); validator.validateAddAuthProvider(config); fail("user group service not found should fail"); validator.validateRemoveAuthProvider(config); fail("no name should fail"); validator.validateRemoveAuthProvider(config); fail("active auth provieder should fail");
GeoServerRole.ADMIN_ROLE.getAuthority()); SecurityConfigValidator validator = new SecurityConfigValidator(getSecurityManager()); try { config.setName(null); validator.validateRemoveRoleService(config); fail("no name should fail"); config.setAdminRoleName(role.getAuthority()); try { validator.validateAddRoleService(config); fail("reserved role name should fail"); config.setGroupAdminRoleName(role.getAuthority()); try { validator.validateAddRoleService(config); fail("resoerved role name should fail"); validator.validateRemoveRoleService(config); fail("role service active should fail");
@Test public void testPasswordPolicy() throws IOException { SecurityConfigValidator validator = new SecurityConfigValidator(getSecurityManager()); PasswordPolicyConfig config = createPolicyConfig( validator.validateAddPasswordPolicy(config); fail("invalid min length should fail"); validator.validateAddPasswordPolicy(config); fail("invalid min length should fail"); validator.validateAddPasswordPolicy(config); fail("invalid max length should fail"); getSecurityManager().savePasswordPolicy(config); validator.validateAddPasswordPolicy(config); fail("invalid max length should fail"); } catch (SecurityConfigException ex) { validator.validateRemovePasswordPolicy(config); fail("no name should fail"); validator.validateRemovePasswordPolicy(config); fail("remove active should fail"); validator.validateRemovePasswordPolicy(config); fail("remove master should fail");
SecurityConfigValidator validator = new SecurityConfigValidator(getSecurityManager()); validator.validateAddUserGroupService(config); fail("invalid config password encoder should fail"); validator.validateAddUserGroupService(config); fail("invalid strong password encoder should fail"); config.setName("other"); config.setPasswordEncoderName("xxx"); validator.validateAddUserGroupService(config); fail("invalid config password encoder should fail"); config.setName("default2"); config.setPasswordEncoderName(""); validator.validateAddUserGroupService(config); fail("no password encoder should fail"); validator.validateAddUserGroupService(config); fail("no password encoder should fail"); } catch (SecurityConfigException ex) { config.setName("default2"); config.setPasswordPolicyName("default2"); validator.validateAddUserGroupService(config); fail("unknown password policy should fail"); config.setName("default3"); config.setPasswordPolicyName("default2");
protected void handleSubmit(Form<?> form) { RequestFilterChain chain = chainWrapper.getChain(); try { new SecurityConfigValidator(getSecurityManager()) .validateRequestFilterChain(chainWrapper.getChain()); if (isNew) secMgrConfig.getFilterChain().getRequestChains().add(chain); // getSecurityManager().saveSecurityConfig(secMgrConfig); doReturn(); } catch (Exception e) { LOGGER.log(Level.WARNING, "Error saving config", e); error(e); } }
/** Saves/persists a password policy configuration. */ public void savePasswordPolicy(PasswordPolicyConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( PasswordValidator.class, config.getClassName()); if (config.getId() == null) { config.initBeforeSave(); validator.validateAddPasswordPolicy(config); } else { validator.validateModifiedPasswordPolicy( config, passwordValidatorHelper.loadConfig(config.getName())); } passwordValidatorHelper.saveConfig(config); }
/** Saves/persists a user group service configuration. */ public void saveUserGroupService(SecurityUserGroupServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerUserGroupService.class, config.getClassName()); if (config.getId() == null) { config.initBeforeSave(); validator.validateAddUserGroupService(config); } else { validator.validateModifiedUserGroupService( config, userGroupServiceHelper.loadConfig(config.getName())); } userGroupServiceHelper.saveConfig(config); // remove from cache userGroupServices.remove(config.getName()); }
/** Saves/persists a role service configuration. */ public void saveRoleService(SecurityRoleServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerRoleService.class, config.getClassName()); if (config.getId() == null) { config.initBeforeSave(); validator.validateAddRoleService(config); } else { validator.validateModifiedRoleService( config, roleServiceHelper.loadConfig(config.getName())); } roleServiceHelper.saveConfig(config); // remove from cache roleServices.remove(config.getName()); // update active role service if (activeRoleService != null && config.getName().equals(activeRoleService.getName())) { synchronized (activeRoleService) { activeRoleService.initializeFromConfig(config); } } }
public void saveAuthenticationProvider(SecurityAuthProviderConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerAuthenticationProvider.class, config.getClassName()); if (config.getId() == null) { config.initBeforeSave(); validator.validateAddAuthProvider(config); } else { validator.validateModifiedAuthProvider( config, authProviderHelper.loadConfig(config.getName())); } // update the running auth providers if (authProviders != null) { GeoServerAuthenticationProvider authProvider = null; for (GeoServerAuthenticationProvider ap : authProviders) { if (config.getName().equals(ap.getName())) { authProvider = ap; break; } } if (authProvider != null) { synchronized (authProvider) { authProvider.initializeFromConfig(config); } } } authProviderHelper.saveConfig(config); }
public synchronized void saveSecurityConfig(SecurityManagerConfig config) throws Exception { SecurityManagerConfig oldConfig = new SecurityManagerConfig(this.securityConfig); SecurityConfigValidator validator = new SecurityConfigValidator(this); validator.validateManagerConfig( (SecurityManagerConfig) config.clone(true), (SecurityManagerConfig) oldConfig.clone(true)); // save the current config to fall back to // The whole try block should run as a transaction, unfortunately // this is not possible with files. try { // set the new configuration init(config); if (config.getConfigPasswordEncrypterName() .equals(oldConfig.getConfigPasswordEncrypterName()) == false) { updateConfigurationFilesWithEncryptedFields(); } // save out new configuration xStreamPersist(security().get(CONFIG_FILENAME), config, globalPersister()); } catch (IOException e) { // exception, revert back to known working config LOGGER.log(Level.SEVERE, "Error saving security config, reverting back to previous", e); init(oldConfig); return; } fireChanged(); }
/** * Saves master password provider configuration, optionally skipping validation. * * <p>Validation only skipped during migration. */ void saveMasterPasswordProviderConfig(MasterPasswordProviderConfig config, boolean validate) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( MasterPasswordProvider.class, config.getClassName()); if (config.getId() == null) { config.initBeforeSave(); if (validate) { validator.validateAddMasterPasswordProvider(config); } } else { if (validate) { validator.validateModifiedMasterPasswordProvider( config, masterPasswordProviderHelper.loadConfig(config.getName())); } } masterPasswordProviderHelper.saveConfig(config); }