public void validateRemoveRoleService(SecurityRoleServiceConfig config) throws SecurityConfigException { validateRemoveNamedService(GeoServerRoleService.class, config); if (manager.getActiveRoleService().getName().equals(config.getName())) { throw createSecurityException(ROLE_SERVICE_ACTIVE_$1, config.getName()); } }
@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { GeoServerUser user = null; try { user = getUserByUsername(username); if (user == null) throw new UsernameNotFoundException(userNotFoundMessage(username)); RoleCalculator calculator = new RoleCalculator(this, getSecurityManager().getActiveRoleService()); user.setAuthorities(calculator.calculateRoles(user)); } catch (IOException e) { throw new UsernameNotFoundException(userNotFoundMessage(username), e); } return user; }
/** * Implements roles retrieval from the J2EE container. * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromJ2EE( HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>(); boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); for (GeoServerRole role : service.getRoles()) if (request.isUserInRole(role.getAuthority())) roles.add(role); RoleCalculator calc = new RoleCalculator(service); calc.addInheritedRoles(roles); calc.addMappedSystemRoles(roles); return roles; } }
/** * Calculates roles from a {@link GeoServerRoleService} The default service is {@link * GeoServerSecurityManager#getActiveRoleService()} * * <p>The result contains all inherited roles, but no personalized roles * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromRoleService( HttpServletRequest request, String principal) throws IOException { boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); RoleCalculator calc = new RoleCalculator(service); return calc.calculateRoles(principal); }
.andReturn(new TreeSet<String>(Arrays.asList(XMLRoleService.DEFAULT_NAME))) .anyTimes(); expect(secMgr.getActiveRoleService()).andReturn(roleStore).anyTimes();
GeoServerRoleService roleService = secMgr.getActiveRoleService(); GeoServerRoleStore roleStore = roleService.createStore(); for (String roleName : roles) {
@GetMapping( value = "/user/{user}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE} ) protected JaxbRoleList getUser(@PathVariable("user") String userName) throws IOException { return getUser(securityManager.getActiveRoleService(), userName); }
@DeleteMapping(value = "/role/{role}/user/{user}") public @ResponseStatus(HttpStatus.OK) void disassociate( @PathVariable("role") String roleName, @PathVariable("user") String userName) throws IOException { disassociate(securityManager.getActiveRoleService(), roleName, userName); }
@PostMapping( value = "/role/{role}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE} ) public @ResponseStatus(HttpStatus.CREATED) void insert(@PathVariable("role") String roleName) throws IOException { insert(securityManager.getActiveRoleService(), roleName); }
@DeleteMapping( value = "/role/{role}", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE} ) public @ResponseStatus(HttpStatus.OK) void delete(@PathVariable("role") String roleName) throws IOException { delete(securityManager.getActiveRoleService(), roleName); }
@GetMapping( value = "", produces = {MediaType.APPLICATION_XML_VALUE, MediaType.APPLICATION_JSON_VALUE} ) public JaxbRoleList get() throws IOException { return get(securityManager.getActiveRoleService()); }
@PostMapping(value = "/role/{role}/user/{user}") public @ResponseStatus(HttpStatus.OK) void associate( @PathVariable("role") String roleName, @PathVariable("user") String userName) throws IOException { associate(securityManager.getActiveRoleService(), roleName, userName); }
@Override protected Collection<GeoServerRole> load() { GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); try { return new ArrayList(secMgr.getActiveRoleService().getRoles()); } catch(IOException e) { throw new WicketRuntimeException(e); } }
@Override protected Collection<GeoServerRole> load() { GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); try { return new ArrayList(secMgr.getActiveRoleService().getRoles()); } catch(IOException e) { throw new WicketRuntimeException(e); } }
@Override protected Collection<GeoServerRole> load() { GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); try { return new ArrayList(secMgr.getActiveRoleService().getRoles()); } catch (IOException e) { throw new WicketRuntimeException(e); } } }
@Test public void testWrapRoleService() throws Exception { GeoServerRoleService roleService = getSecurityManager().getActiveRoleService(); assertFalse(roleService instanceof GroupAdminRoleService); setAuth(); roleService = getSecurityManager().getActiveRoleService(); assertTrue(roleService instanceof GroupAdminRoleService); }
@Test public void testRoleServiceReadOnly() throws Exception { setAuth(); GeoServerRoleService roleService = getSecurityManager().getActiveRoleService(); assertFalse(roleService.canCreateStore()); assertNull(roleService.createStore()); }
@Test public void testHideAdminRole() throws Exception { GeoServerRoleService roleService = getSecurityManager().getActiveRoleService(); GeoServerRole adminRole = roleService.createRoleObject("adminRole"); assertTrue(roleService.getRoles().contains(adminRole)); assertNotNull(roleService.getAdminRole()); assertNotNull(roleService.getRoleByName("adminRole")); setAuth(); roleService = getSecurityManager().getActiveRoleService(); assertFalse(roleService.getRoles().contains(adminRole)); assertNull(roleService.getAdminRole()); assertNull(roleService.getRoleByName("adminRole")); }
@Test public void testConfiguration() throws Exception { setServices("config"); assertEquals(roleService, getSecurityManager().getActiveRoleService()); // assertEquals(usergroupService,getSecurityManager().getActiveUserGroupService()); assertEquals( usergroupService.getName(), getSecurityManager().loadUserGroupService("config").getName()); assertTrue(roleService.canCreateStore()); assertTrue(usergroupService.canCreateStore()); }
@Test public void testConfiguration() throws Exception { setServices("config"); assertEquals(roleService, getSecurityManager().getActiveRoleService()); // assertEquals(usergroupService,getSecurityManager().getActiveUserGroupService()); assertEquals( usergroupService.getName(), getSecurityManager().loadUserGroupService(getFixtureId()).getName()); assertTrue(roleService.canCreateStore()); assertTrue(usergroupService.canCreateStore()); } }