/** * Checks if the currently authenticated user has the administrator role. * * <p>This method is shorthand for: <code> * <pre> * checkAuthenticationForAdminRole(SecurityContextHolder.getContext().getAuthentication()) * </pre> * </code> */ public boolean checkAuthenticationForAdminRole() { if (SecurityContextHolder.getContext() == null) return checkAuthenticationForAdminRole(null); else return checkAuthenticationForAdminRole( SecurityContextHolder.getContext().getAuthentication()); }
/** * Checks if the current user is authenticated and is the administrator. Protected to allow * overriding in tests. */ protected boolean isAdmin(Authentication authentication) { return GeoServerExtensions.bean(GeoServerSecurityManager.class) .checkAuthenticationForAdminRole(authentication); }
private static boolean isAuthenticatedAsAdmin() { return GeoServerExtensions.bean(GeoServerSecurityManager.class) .checkAuthenticationForAdminRole(); }
/** * Get master password for REST configuraton * * <p>The method inspects the stack trace to check for an authorized calling method. The * authenticated principal has to be an administrator * * <p>If authorization fails, an IOException is thrown * * @throws IOException */ public char[] getMasterPasswordForREST() throws IOException { if (checkAuthenticationForAdminRole() == false) { throw new IOException("Unauthorized user tries to read master password"); } String[][] allowedMethods = new String[][] { {"org.geoserver.rest.security.MasterPasswordController", "masterPasswordGet"} }; String result = checkStackTrace(10, allowedMethods); if (result != null) { throw new IOException("Unauthorized method wants to read master password\n" + result); } return getMasterPassword(); }
GeoServerUserGroupService wrapUserGroupService(GeoServerUserGroupService ugService) throws IOException { if (!initialized) { // starting up return ugService; } Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (checkAuthenticationForAdminRole(auth)) { // full admin, no need to wrap return ugService; } // check for group administrator and wrap accordingly if (checkAuthenticationForRole(auth, GeoServerRole.GROUP_ADMIN_ROLE)) { ugService = new GroupAdminUserGroupService( ugService, calculateAdminGroups((UserDetails) auth.getPrincipal())); } return ugService; }
GeoServerRoleService wrapRoleService(GeoServerRoleService roleService) throws IOException { if (!initialized) { // starting up return roleService; } // check for group administrator and wrap accordingly Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (checkAuthenticationForAdminRole(auth)) { // admin, no need to wrap return roleService; } // check for group admin if (checkAuthenticationForRole(auth, GeoServerRole.GROUP_ADMIN_ROLE)) { roleService = new GroupAdminRoleService( roleService, calculateAdminGroups((UserDetails) auth.getPrincipal())); } return roleService; }
return false; if (checkAuthenticationForAdminRole() == false) { LOGGER.warning("Unautorized user tries to dump master password"); return false;
/** Checks if the current user is authenticated and is the administrator */ private boolean isAdmin(Authentication authentication) { return GeoServerExtensions.bean(GeoServerSecurityManager.class) .checkAuthenticationForAdminRole(authentication); } }
/** Determines if the current user is authenticated as full administrator. */ protected boolean isAuthenticatedAsAdmin() { return SecurityContextHolder.getContext() != null && GeoServerExtensions.bean(GeoServerSecurityManager.class) .checkAuthenticationForAdminRole(); }
public boolean isAccessAllowed(Class componentClass, Authentication authentication) { if (authentication == null) { return false; } return getSecurityManager().checkAuthenticationForAdminRole(authentication); }
protected void checkUserIsAdmin() { if (!getManager().checkAuthenticationForAdminRole()) { throw new RestException("Amdinistrative priveleges required", HttpStatus.FORBIDDEN); } }
protected void checkUserIsAdmin() { if (!getManager().checkAuthenticationForAdminRole()) { throw new RestException("Amdinistrative priveleges required", HttpStatus.FORBIDDEN); } }
@Override public Component getPageBodyComponent(String id) { // do a check that the root password is not set GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); if (secMgr.checkAuthenticationForAdminRole()) { return new SecurityWarningsPanel(id); } return null; }
@Override public Component getPageBodyComponent(String id) { //do a check that the root password is not set GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); if (secMgr.checkAuthenticationForAdminRole()) { return new SecurityWarningsPanel(id); } return null; }
@Override public Component getPageBodyComponent(String id) { GeoServerSecurityManager secMgr = GeoServerExtensions.bean(GeoServerSecurityManager.class); if (secMgr.checkAuthenticationForAdminRole()) { return new NodePanel(id, config); } return new WebMarkupContainer(id); }
@Override public Component getPageBodyComponent(String id) { //do a check that the root password is not set GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); if (secMgr.checkAuthenticationForAdminRole()) { return new SecurityWarningsPanel(id); } return null; }
@Override public Component getPageBodyComponent(String id) { GeoServerSecurityManager secMgr = GeoServerExtensions.bean(GeoServerSecurityManager.class); if (secMgr.checkAuthenticationForAdminRole() && cluster.isEnabled()) { return new NodeLinkPanel(id, cluster); } return new WebMarkupContainer(id); } }
@Test public void testAdminRole() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); assertTrue(secMgr.checkAuthenticationForAdminRole(auth)); }
@Override protected void oneTimeSetUp() throws Exception { super.oneTimeSetUp(); scriptMgr = getScriptManager(); // mock security manager to facilitate the requred admin access GeoServerSecurityManager secMgr = createNiceMock(GeoServerSecurityManager.class); expect(secMgr.checkAuthenticationForAdminRole()).andReturn(true).anyTimes(); replay(secMgr); scriptMgr.setSecurityManager(secMgr); }
public SecurityNamedServiceTablePanel( String id, SecurityNamedServiceProvider<T> dataProvider) { super(id, dataProvider, true); }