/** Checks the specified password against the master password. */ public boolean checkMasterPassword(char[] passwd) { return checkMasterPassword(passwd, true); }
/** Checks the specified password against the master password. */ public boolean checkMasterPassword(String passwd, boolean forLogin) { return checkMasterPassword(passwd.toCharArray(), forLogin); }
/** Checks the specified password against the master password. */ public boolean checkMasterPassword(String passwd) { return checkMasterPassword(passwd.toCharArray(), true); }
@Override public Authentication authenticate(Authentication authentication, HttpServletRequest request) throws AuthenticationException { UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication; // check if name is root if (GeoServerUser.ROOT_USERNAME.equals(token.getPrincipal()) == false) return null; // check password if (token.getCredentials() != null) { if (getSecurityManager().checkMasterPassword(token.getCredentials().toString())) { Collection<GrantedAuthority> roles = new ArrayList<GrantedAuthority>(); roles.add(GeoServerRole.ADMIN_ROLE); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( GeoServerUser.ROOT_USERNAME, null, roles); result.setDetails(token.getDetails()); return result; } } // not BadCredentialException is thrown, maybe there is another user with // the same name log(new BadCredentialsException("Bad credentials for: " + token.getPrincipal())); return null; } }
@Test public void testPutAsXML() throws Exception { String body = MessageFormat.format(xmlTemplate, "geoserver", "geoserver1"); assertEquals(200, putAsServletResponse(MP_URI_XML, body, "text/xml").getStatus()); assertTrue(getSecurityManager().checkMasterPassword("geoserver1")); body = MessageFormat.format(xmlTemplate, "geoserver1", "geoserver"); assertEquals(200, putAsServletResponse(MP_URI_XML, body, "text/xml").getStatus()); assertTrue(getSecurityManager().checkMasterPassword("geoserver")); }
@Test public void testPutAsJSON() throws Exception { String body = String.format(jsonTemplate, "geoserver", "geoserver1"); assertEquals(200, putAsServletResponse(MP_URI_JSON, body, "text/json").getStatus()); assertTrue(getSecurityManager().checkMasterPassword("geoserver1")); body = String.format(jsonTemplate, "geoserver1", "geoserver"); assertEquals(200, putAsServletResponse(MP_URI_JSON, body, "text/json").getStatus()); assertTrue(getSecurityManager().checkMasterPassword("geoserver")); } }
boolean visibility = manager.checkMasterPassword( DEFAULT_ADMIN_PASSWD);
boolean visibility = manager.checkMasterPassword( DEFAULT_ADMIN_PASSWD);
boolean visibility = manager.checkMasterPassword(DEFAULT_ADMIN_PASSWD, false);