@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { Matcher m = TOKEN_PATTERN.matcher(username); if (!m.matches()) { throw new UsernameNotFoundException("No delimiter '@' found in username: " + username); } String user = m.group(1).replace("\\@", "@"); String service = m.group(2); try { GeoServerUserGroupService ugService = securityManager.loadUserGroupService(service); return new RememberMeUserDetails(ugService.loadUserByUsername(user), service); } catch (IOException e) { throw new DataAccessException("Error loading user group service " + service, e) {}; } } }
@Override protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { // avoid retrieving the user name more than once if (request.getAttribute(UserNameAlreadyRetrieved) != null) return (String) request.getAttribute(UserName); String principal = getPreAuthenticatedPrincipalName(request); if (principal != null && principal.trim().length() == 0) principal = null; try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); GeoServerUser u = service.getUserByUsername(principal); if (u != null && u.isEnabled() == false) { principal = null; handleDisabledUser(u, request); } } } catch (IOException ex) { throw new RuntimeException(ex); } request.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE); if (principal != null) request.setAttribute(UserName, principal); return principal; }
/** * Calculates roles using a {@link GeoServerUserGroupService} if the principal is not found, an * empty collection is returned * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromUserGroupService( HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>(); GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); UserDetails details = null; try { details = service.loadUserByUsername(principal); } catch (UsernameNotFoundException ex) { LOGGER.log( Level.WARNING, "User " + principal + " not found in " + getUserGroupServiceName()); } if (details != null) { for (GrantedAuthority auth : details.getAuthorities()) roles.add((GeoServerRole) auth); } return roles; }
protected GeoServerUserGroupStore createUserGroupStore( String name, GeoServerSecurityManager secMgr) throws IOException { GeoServerUserGroupStore ugStore = createNiceMock(GeoServerUserGroupStore.class); expect(ugStore.getName()).andReturn(name).anyTimes(); expect(secMgr.loadUserGroupService(name)).andReturn(ugStore).anyTimes(); return ugStore; }
/** * Additional Validation. Removing this configuration may also remove the file where the users * and groups are contained. (the file may be stored within the configuration sub directory). * The design insists on an empty user/group file. */ @Override public void validateRemoveUserGroupService(SecurityUserGroupServiceConfig config) throws SecurityConfigException { XMLUserGroupServiceConfig xmlConfig = (XMLUserGroupServiceConfig) config; File file = new File(xmlConfig.getFileName()); // check if if file name is absolute and not in standard role directory try { if (file.isAbsolute() && !file.getCanonicalPath() .startsWith( manager.userGroup() .get(config.getName()) .file() .getCanonicalPath() + File.separator)) return; // file in security sub dir, check if roles exists GeoServerUserGroupService service = manager.loadUserGroupService(config.getName()); if (service.getGroupCount() > 0 || service.getUserCount() > 0) { throw createSecurityException(USERGROUP_SERVICE_NOT_EMPTY_$1, config.getName()); } } catch (IOException e) { throw new RuntimeException(); } super.validateRemoveUserGroupService(config); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { UsernamePasswordAuthenticationProviderConfig upAuthConfig = (UsernamePasswordAuthenticationProviderConfig) config; GeoServerUserGroupService ugService = getSecurityManager().loadUserGroupService(upAuthConfig.getUserGroupServiceName()); if (ugService == null) { throw new IllegalArgumentException( "Unable to load user group service " + upAuthConfig.getUserGroupServiceName()); } userGroupServiceName = upAuthConfig.getUserGroupServiceName(); // create delegate auth provider authProvider = new DaoAuthenticationProvider(); authProvider.setUserDetailsService(ugService); // set up the password encoder // multiplex password encoder actually allows us to handle all types of passwords for // decoding purposes, regardless of whatever the current one used by the user group service // is authProvider.setPasswordEncoder( new GeoServerMultiplexingPasswordEncoder(getSecurityManager(), ugService)); try { authProvider.afterPropertiesSet(); } catch (Exception e) { throw new IOException(e); } }
public GeoServerUserGroupService createUserGroupService(String name, String passwordEncoderName) throws Exception { SecurityUserGroupServiceConfig config = getUserGroupConfg(name, passwordEncoderName); getSecurityManager().saveUserGroupService(config /*,isNewUGService(name)*/); return getSecurityManager().loadUserGroupService(name); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); DigestAuthenticationFilterConfig authConfig = (DigestAuthenticationFilterConfig) config; aep = new DigestAuthenticationEntryPoint(); aep.setKey(config.getName()); aep.setNonceValiditySeconds( authConfig.getNonceValiditySeconds() <= 0 ? 300 : authConfig.getNonceValiditySeconds()); aep.setRealmName(GeoServerSecurityManager.REALM); try { aep.afterPropertiesSet(); } catch (Exception e) { throw new IOException(e); } DigestAuthenticationFilter filter = new DigestAuthenticationFilter(); filter.setCreateAuthenticatedToken(true); filter.setPasswordAlreadyEncoded(true); filter.setAuthenticationEntryPoint(aep); HttpDigestUserDetailsServiceWrapper wrapper = new HttpDigestUserDetailsServiceWrapper( getSecurityManager() .loadUserGroupService(authConfig.getUserGroupServiceName()), Charset.defaultCharset()); filter.setUserDetailsService(wrapper); filter.afterPropertiesSet(); getNestedFilters().add(filter); }
protected void updateUser(String ugService, String userName, boolean enabled) throws Exception { GeoServerUserGroupService ugservice = getSecurityManager().loadUserGroupService(ugService); GeoServerUserGroupStore ugstore = ugservice.createStore(); GeoServerUser u1 = ugstore.getUserByUsername(userName); u1.setEnabled(enabled); ugstore.updateUser(u1); ugstore.store(); }
loadUserGroupService(XMLUserGroupService.DEFAULT_NAME); ugConfig.setPasswordPolicyName(PasswordValidator.DEFAULT_NAME); saveUserGroupService(ugConfig); userGroupService = loadUserGroupService(XMLUserGroupService.DEFAULT_NAME);
throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); GeoServerUserGroupService ugService = secMgr.loadUserGroupService("default");
protected GeoServerUserGroupService getService(String serviceName) throws IOException { GeoServerUserGroupService service = securityManager.loadUserGroupService(serviceName); if (service == null) { throw new IllegalArgumentException( "Provided user/group service does not exist: " + serviceName); } else { return securityManager.loadUserGroupService(serviceName); } }
protected GeoServerUserGroupService getService() { try { return GeoServerApplication.get() .getSecurityManager() .loadUserGroupService(serviceName); } catch (IOException e) { throw new RuntimeException(e); } }
protected GeoServerUserGroupService getService() { try { return GeoServerApplication.get().getSecurityManager(). loadUserGroupService(serviceName); } catch (IOException e) { throw new RuntimeException(e); } } public GroupPanel(String id, String serviceName) {
public SelectedGroupsModel(String ugServiceName, GeoServerUser user) { try { GeoServerSecurityManager secMgr = GeoServerApplication.get().getSecurityManager(); setObject( new ArrayList( secMgr.loadUserGroupService(ugServiceName).getGroupsForUser(user))); } catch (IOException e) { throw new RuntimeException(e); } }
@Override public void doSave(T config) throws Exception { getSecurityManager().saveUserGroupService(config); if (recodeCheckBox.getModelObject()) { GeoServerUserGroupService s = getSecurityManager().loadUserGroupService(config.getName()); if (s.canCreateStore()) { Util.recodePasswords(s.createStore()); } } }
@Test public void testWrapUserGroupService() throws Exception { GeoServerUserGroupService ugService = getSecurityManager().loadUserGroupService(ugStore.getName()); assertFalse(ugService instanceof GroupAdminUserGroupService); setAuth(); ugService = getSecurityManager().loadUserGroupService(ugStore.getName()); assertTrue(ugService instanceof GroupAdminUserGroupService); }
@Override public GeoServerUserGroupService createUserGroupService(String name) throws Exception { MemoryUserGroupServiceConfigImpl config = (MemoryUserGroupServiceConfigImpl) createConfigObject(name); getSecurityManager().saveUserGroupService(config); return getSecurityManager().loadUserGroupService(name); }
public void resetUserPassword() throws IOException, PasswordPolicyException { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(XMLUserGroupService.DEFAULT_NAME); GeoServerUser user = service.getUserByUsername(USERNAME); user.setPassword(USERPW); GeoServerUserGroupStore store = service.createStore(); store.updateUser(user); store.store(); service.load(); }
@Test public void testConfiguration() throws Exception { setServices("config"); assertEquals(roleService, getSecurityManager().getActiveRoleService()); // assertEquals(usergroupService,getSecurityManager().getActiveUserGroupService()); assertEquals( usergroupService.getName(), getSecurityManager().loadUserGroupService(getFixtureId()).getName()); assertTrue(roleService.canCreateStore()); assertTrue(usergroupService.canCreateStore()); } }