private BruteForcePreventionConfig getConfig() { BruteForcePreventionConfig config = securityManager.getSecurityConfig().getBruteForcePrevention(); if (config == null) { return BruteForcePreventionConfig.DEFAULT; } else { return config; } }
/** * Encrypts a parameter value. * * <p>If no encoder is configured then the value is returned as is. */ public String encode(String value) { String encoderName = securityManager.getSecurityConfig().getConfigPasswordEncrypterName(); if (encoderName != null) { GeoServerPasswordEncoder pwEncoder = securityManager.loadPasswordEncoder(encoderName); if (pwEncoder != null) { String prefix = pwEncoder.getPrefix(); if (value.startsWith(prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER)) { throw new RuntimeException( "Cannot encode a password with prefix: " + prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER); } value = pwEncoder.encodePassword(value, null); } } else { LOGGER.warning("Encryption disabled, no password encoder set"); } return value; }
RememberMeServices rms() { if (rms != null) { return rms; } RememberMeServicesConfig rmsConfig = securityManager.getSecurityConfig().getRememberMeService(); try { Class<RememberMeServices> rmsClass = (Class<RememberMeServices>) Class.forName(rmsConfig.getClassName()); rms = rmsClass.getConstructor(String.class, UserDetailsService.class) .newInstance( rmsConfig.getKey(), new RememberMeUserDetailsService(securityManager)); if (rms instanceof AbstractRememberMeServices) { ((AbstractRememberMeServices) rms).setParameter(PARAMETER_NAME); } } catch (Exception e) { throw new RuntimeException(e); } // if (rms instanceof GeoServerTokenBasedRememberMeServices) { // ((GeoServerTokenBasedRememberMeServices) // rms).setUserGroupServiceName(rmsConfig.getUserGroupService()); // } return rms; } }
public void validateRemoveFilter(SecurityNamedServiceConfig config) throws SecurityConfigException { validateRemoveNamedService(GeoServerSecurityFilter.class, config); List<String> patterns = manager.getSecurityConfig() .getFilterChain() .patternsForFilter(config.getClassName(), false); if (patterns.isEmpty() == false) { throw createSecurityException( SecurityConfigException.FILTER_STILL_USED, config.getName(), StringUtils.arrayToCommaDelimitedString(patterns.toArray())); } }
getSecurityManager().getSecurityConfig().getFilterChain(); for (RequestFilterChain requestChain : chain.getRequestChains()) { for (String filterName : requestChain.getFilterNames()) {
+ getSecurityConfig().getConfigPasswordEncrypterName());
protected void prepareAuthProviders(String... authProviderNames) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.getAuthProviderNames().clear(); for (String n : authProviderNames) config.getAuthProviderNames().add(n); getSecurityManager().saveSecurityConfig(config); }
SecurityManagerConfig config = securityManager.getSecurityConfig(); GeoServerSecurityFilterChain filterChain = new GeoServerSecurityFilterChain(config.getFilterChain());
protected void prepareFilterChain(Class filterChainClass, String pattern, String... filterNames) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); GeoServerSecurityFilterChain filterChain = config.getFilterChain(); filterChain.removeForPattern(pattern); Constructor<?> cons = filterChainClass.getConstructor(new Class[] {String[].class}); String[] args = new String[] {pattern}; RequestFilterChain requestChain = (RequestFilterChain) cons.newInstance(new Object[] {args}); requestChain = new HtmlLoginFilterChain(pattern); requestChain.setName("testChain"); requestChain.setFilterNames(filterNames); // insert before default filterChain.getRequestChains().add(filterChain.getRequestChains().size() - 2, requestChain); getSecurityManager().saveSecurityConfig(config); }
protected void modifyChain( String pattern, boolean disabled, boolean allowSessionCreation, String roleFilterName) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); RequestFilterChain chain = config.getFilterChain().find(pattern); chain.setDisabled(disabled); chain.setAllowSessionCreation(allowSessionCreation); chain.setRoleFilterName(roleFilterName); getSecurityManager().saveSecurityConfig(config); return; }
@Override protected SecurityManagerConfig load() { return GeoServerApplication.get().getSecurityManager().getSecurityConfig(); } }
@After public void removeCustomFilterConfig() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr.listFilters().contains("custom")) { secMgr.removeFilter(secMgr.loadFilterConfig("custom")); } secMgr.getSecurityConfig().getFilterChain().remove("custom"); SecurityManagerConfig mgrConfig = secMgr.getSecurityConfig(); secMgr.saveSecurityConfig(mgrConfig); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void setUpInternal() throws Exception { super.setUpInternal(); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void setUpInternal() throws Exception { super.setUpInternal(); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); // disable url parameter encoding for these tests SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setEncryptingUrlParams(false); getSecurityManager().saveSecurityConfig(config); }
@Test public void testTooManyBlockedThreads() throws Exception { // configure it to allow only one thread in the wait list GeoServerSecurityManager manager = applicationContext.getBean(GeoServerSecurityManager.class); final SecurityManagerConfig securityConfig = manager.getSecurityConfig(); BruteForcePreventionConfig bruteForceConfig = securityConfig.getBruteForcePrevention(); bruteForceConfig.setMaxBlockedThreads(1); manager.saveSecurityConfig(securityConfig); // hit with many different users testParallelLogin("Too many failed logins waiting on delay", i -> "foo" + i); }