public void validate(SecurityUserGroupServiceConfig config) throws SecurityConfigException { String encoderName = config.getPasswordEncoderName(); GeoServerPasswordEncoder encoder = null; if (isNotEmpty(encoderName)) { try { encoder = manager.loadPasswordEncoder(encoderName); } catch (NoSuchBeanDefinitionException ex) { throw createSecurityException(INVALID_CONFIG_PASSWORD_ENCODER_$1, encoderName); } if (encoder == null) { throw createSecurityException(INVALID_CONFIG_PASSWORD_ENCODER_$1, encoderName); } } else { throw createSecurityException(PASSWD_ENCODER_REQUIRED_$1, config.getName()); } if (!manager.isStrongEncryptionAvailable()) { if (encoder != null && encoder.isAvailableWithoutStrongCryptogaphy() == false) { throw createSecurityException(INVALID_STRONG_PASSWORD_ENCODER); } } String policyName = config.getPasswordPolicyName(); if (isNotEmpty(policyName) == false) { throw createSecurityException(PASSWD_POLICY_REQUIRED_$1, config.getName()); } if (getNamesFor(PasswordValidator.class).contains(policyName) == false) { throw createSecurityException(PASSWD_POLICY_NOT_FOUND_$1, policyName); } }
if (!manager.isStrongEncryptionAvailable()) { if (encoder != null && encoder.isAvailableWithoutStrongCryptogaphy() == false) { throw createSecurityException(INVALID_STRONG_CONFIG_PASSWORD_ENCODER);
protected List<GeoServerPBEPasswordEncoder> getPBEEncoders() { List<GeoServerPBEPasswordEncoder> result = new ArrayList<GeoServerPBEPasswordEncoder>(); result.add(getPBEPasswordEncoder()); if (getSecurityManager().isStrongEncryptionAvailable()) { result.add(getStrongPBEPasswordEncoder()); } else { LOGGER.warning("Skipping strong encryption tests for user passwords"); } return result; }
protected List<GeoServerPasswordEncoder> getConfigPBEEncoders() { List<GeoServerPasswordEncoder> result = new ArrayList<GeoServerPasswordEncoder>(); result.add(getPBEPasswordEncoder()); if (getSecurityManager().isStrongEncryptionAvailable()) { result.add(getStrongPBEPasswordEncoder()); } else { LOGGER.warning("Skipping strong encryption tests for configuration passwords"); } return result; }
public EncryptionPanel(String id) { super(id, new Model()); GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr.isStrongEncryptionAvailable()) { add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", this, null)) .add(new AttributeAppender("class", new Model("info-link"), " "))); } else { add(new Label("strongEncryptionMsg", new StringResourceModel("noStrongEncryption", this, null)) .add(new AttributeAppender("class", new Model("warning-link"), " "))); } add(new CheckBox("encryptingUrlParams")); //load only reversible encoders add(new PasswordEncoderChoice("configPasswordEncrypterName", getSecurityManager().loadPasswordEncoders(null, true, null))); } }
public EncryptionPanel(String id) { super(id, new Model()); GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr.isStrongEncryptionAvailable()) { add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", this, null)) .add(new AttributeAppender("class", new Model("info-link"), " "))); } else { add(new Label("strongEncryptionMsg", new StringResourceModel("noStrongEncryption", this, null)) .add(new AttributeAppender("class", new Model("warning-link"), " "))); } add(new CheckBox("encryptingUrlParams")); //load only reversible encoders add(new PasswordEncoderChoice("configPasswordEncrypterName", getSecurityManager().loadPasswordEncoders(null, true, null))); } }
protected ICrypt getEncrypterFromSession(HttpSession s) { ICrypt result = (ICrypt) s.getAttribute(ICRYPT_ATTR_NAME); if (result != null) return result; GeoServerSecurityManager manager = GeoServerApplication.get().getSecurityManager(); char[] key = manager.getRandomPassworddProvider().getRandomPasswordWithDefaultLength(); StandardPBEByteEncryptor enc = new StandardPBEByteEncryptor(); enc.setPasswordCharArray(key); // since the password is copied, we can scramble it manager.disposePassword(key); if (manager.isStrongEncryptionAvailable()) { enc.setProvider(new BouncyCastleProvider()); enc.setAlgorithm("PBEWITHSHA256AND128BITAES-CBC-BC"); } else // US export restrictions enc.setAlgorithm("PBEWITHMD5ANDDES"); result = new CryptImpl(enc); s.setAttribute(ICRYPT_ATTR_NAME, result); return result; } }
public EncryptionPanel(String id) { super(id, new Model()); GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr.isStrongEncryptionAvailable()) { add( new Label( "strongEncryptionMsg", new StringResourceModel("strongEncryption", this, null)) .add(new AttributeAppender("class", new Model("info-link"), " "))); } else { add( new Label( "strongEncryptionMsg", new StringResourceModel("noStrongEncryption", this, null)) .add( new AttributeAppender( "class", new Model("warning-link"), " "))); } add(new CheckBox("encryptingUrlParams")); // load only reversible encoders add( new PasswordEncoderChoice( "configPasswordEncrypterName", getSecurityManager().loadPasswordEncoders(null, true, null))); } }
protected ICrypt getEncrypterFromSession(HttpSession s) { ICrypt result = (ICrypt) s.getAttribute(ICRYPT_ATTR_NAME); if (result !=null) return result; GeoServerSecurityManager manager = GeoServerApplication.get().getSecurityManager(); char[] key = manager.getRandomPassworddProvider().getRandomPasswordWithDefaultLength(); StandardPBEByteEncryptor enc = new StandardPBEByteEncryptor(); enc.setPasswordCharArray(key); // since the password is copied, we can scramble it manager.disposePassword(key); if (manager.isStrongEncryptionAvailable()) { enc.setProvider(new BouncyCastleProvider()); enc.setAlgorithm("PBEWITHSHA256AND128BITAES-CBC-BC"); } else // US export restrictions enc.setAlgorithm("PBEWITHMD5ANDDES"); result= new CryptImpl(enc); s.setAttribute(ICRYPT_ATTR_NAME, result); return result; } }
if (manager.isStrongEncryptionAvailable()) { add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", new SecuritySettingsPage(), null)) .add(new AttributeAppender("class", new Model("info-link"), " ")));
if (manager.isStrongEncryptionAvailable()) { add(new Label("strongEncryptionMsg", new StringResourceModel("strongEncryption", new SecuritySettingsPage(), null)) .add(new AttributeAppender("class", new Model("info-link"), " ")));
if (manager.isStrongEncryptionAvailable()) { add( new Label(
if (getSecurityManager().isStrongEncryptionAvailable() == false) { config.setConfigPasswordEncrypterName(getStrongPBEPasswordEncoder().getName()); try {
if (!getSecurityManager().isStrongEncryptionAvailable()) { config.setPasswordEncoderName(getStrongPBEPasswordEncoder().getName());