.getAuthenticationCache() .put(getName(), cacheKey, postAuthentication, idleSecs, liveSecs);
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String cacheKey = authenticateFromCache(this, (HttpServletRequest) request); if (SecurityContextHolder.getContext().getAuthentication() == null) { doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response); Authentication postAuthentication = SecurityContextHolder.getContext().getAuthentication(); if (postAuthentication != null && cacheKey != null) { if (cacheAuthentication(postAuthentication, (HttpServletRequest) request)) { getSecurityManager() .getAuthenticationCache() .put(getName(), cacheKey, postAuthentication); } } } request.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, aep); chain.doFilter(request, response); }
/** * Tries to authenticate from cache if a key can be derived and the {@link Authentication} * object is not in the cache, the key will be returned. * * <p>A not <code>null</code> return value indicates a missing cache entry * * @param filter * @param request */ protected String authenticateFromCache( AuthenticationCachingFilter filter, HttpServletRequest request) { Authentication authFromCache = null; String cacheKey = null; if (SecurityContextHolder.getContext().getAuthentication() == null) { cacheKey = filter.getCacheKey(request); if (cacheKey != null) { authFromCache = getSecurityManager().getAuthenticationCache().get(getName(), cacheKey); if (authFromCache != null) SecurityContextHolder.getContext().setAuthentication(authFromCache); else return cacheKey; } } return null; }
/** Try to authenticate if there is no authenticated principal */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String cacheKey = authenticateFromCache(this, (HttpServletRequest) request); if (SecurityContextHolder.getContext().getAuthentication() == null) { doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response); Authentication postAuthentication = SecurityContextHolder.getContext().getAuthentication(); if (postAuthentication != null && cacheKey != null) { if (cacheAuthentication(postAuthentication, (HttpServletRequest) request)) { getSecurityManager() .getAuthenticationCache() .put(getName(), cacheKey, postAuthentication); } } } request.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, aep); chain.doFilter(request, response); }
protected TestingAuthenticationCache getCache() { return (TestingAuthenticationCache) getSecurityManager().getAuthenticationCache(); }
public void removeFilter(SecurityNamedServiceConfig config) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerSecurityFilter.class, config.getClassName()); validator.validateRemoveFilter(config); getAuthenticationCache().removeAll(config.getName()); filterHelper.removeConfig(config.getName()); }
securityManager.getAuthenticationCache().removeAll();
public void saveFilter(SecurityNamedServiceConfig config, MigrationHelper migrationHelper) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerSecurityFilter.class, config.getClassName()); boolean fireChanged = false; if (config.getId() == null) { config.initBeforeSave(); validator.validateAddFilter(config); } else { validator.validateModifiedFilter( config, filterHelper.loadConfig(config.getName(), migrationHelper)); // remove all cached authentications for this filter getAuthenticationCache().removeAll(config.getName()); if (!securityConfig .getFilterChain() .patternsForFilter(config.getName(), true) .isEmpty()) { fireChanged = true; } } filterHelper.saveConfig(config); if (fireChanged) { fireChanged(); } }
LOG.log(Level.FINE, () -> "cachinig auth for " + authn.getName()); mgr.getAuthenticationCache().put(getName(), cacheKey, authn);
/** * Get an authn from the Spring context or cache. * * @param request source of the cache key * @return the corresponding value from the cache, or {@code null} if unavailable */ protected AuthResults loadAuthn(HttpServletRequest request) { LOG.log(Level.FINER, "GeoServerKeycloakFilter.getCachedAuthn ENTRY"); // get auth from context Authentication contextAuthn = SecurityContextHolder.getContext().getAuthentication(); if (contextAuthn != null && contextAuthn.isAuthenticated()) { LOG.log(Level.FINE, "auth already exists in context"); return new AuthResults(contextAuthn); } // get auth from cache GeoServerSecurityManager mgr = getSecurityManager(); String cacheKey = getCacheKey(request); if (mgr != null && cacheKey != null && !cacheKey.isEmpty()) { Authentication authn = mgr.getAuthenticationCache().get(getName(), cacheKey); if (authn != null) { LOG.log(Level.FINE, () -> "auth located in cache for " + authn.getName()); return new AuthResults(authn); } } return new AuthResults(); }
if (cacheAuthentication(postAuthentication, (HttpServletRequest) request)) { getSecurityManager() .getAuthenticationCache() .put( getName(),
getSecurityManager().getAuthenticationCache().removeAll(); updateUser("ug1", testUserName, false); request = createRequest("/foo/bar");
getSecurityManager().getAuthenticationCache().removeAll(); updateUser("ug1", testUserName, false); request = createRequest("/foo/bar");
getSecurityManager().getAuthenticationCache().get(filterName, authKey); assertNotNull(auth); assertNull(request.getSession(false)); getSecurityManager().getAuthenticationCache().removeAll(); assertNull(getSecurityManager().getAuthenticationCache().get(filterName, authKey)); assertNull(SecurityContextHolder.getContext().getAuthentication()); updateUser("ug1", username, true);