/** * Encrypts a parameter value. * * <p>If no encoder is configured then the value is returned as is. */ public String encode(String value) { String encoderName = securityManager.getSecurityConfig().getConfigPasswordEncrypterName(); if (encoderName != null) { GeoServerPasswordEncoder pwEncoder = securityManager.loadPasswordEncoder(encoderName); if (pwEncoder != null) { String prefix = pwEncoder.getPrefix(); if (value.startsWith(prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER)) { throw new RuntimeException( "Cannot encode a password with prefix: " + prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER); } value = pwEncoder.encodePassword(value, null); } } else { LOGGER.warning("Encryption disabled, no password encoder set"); } return value; }
public synchronized void saveSecurityConfig(SecurityManagerConfig config) throws Exception { SecurityManagerConfig oldConfig = new SecurityManagerConfig(this.securityConfig); SecurityConfigValidator validator = new SecurityConfigValidator(this); validator.validateManagerConfig( (SecurityManagerConfig) config.clone(true), (SecurityManagerConfig) oldConfig.clone(true)); // save the current config to fall back to // The whole try block should run as a transaction, unfortunately // this is not possible with files. try { // set the new configuration init(config); if (config.getConfigPasswordEncrypterName() .equals(oldConfig.getConfigPasswordEncrypterName()) == false) { updateConfigurationFilesWithEncryptedFields(); } // save out new configuration xStreamPersist(security().get(CONFIG_FILENAME), config, globalPersister()); } catch (IOException e) { // exception, revert back to known working config LOGGER.log(Level.SEVERE, "Error saving security config, reverting back to previous", e); init(oldConfig); return; } fireChanged(); }
+ getSecurityConfig().getConfigPasswordEncrypterName());
public SecurityManagerConfig(SecurityManagerConfig config) { this.roleServiceName = config.getRoleServiceName(); this.authProviderNames = config.getAuthProviderNames() != null ? new ArrayList<String>(config.getAuthProviderNames()) : null; this.filterChain = config.getFilterChain() != null ? new GeoServerSecurityFilterChain(config.getFilterChain()) : null; this.rememberMeService = new RememberMeServicesConfig(config.getRememberMeService()); this.bruteForcePrevention = new BruteForcePreventionConfig(config.getBruteForcePrevention()); this.encryptingUrlParams = config.isEncryptingUrlParams(); this.configPasswordEncrypterName = config.getConfigPasswordEncrypterName(); // this.masterPasswordURL=config.getMasterPasswordURL(); // this.masterPasswordStrategy=config.getMasterPasswordStrategy(); }
throws SecurityConfigException { String encrypterName = config.getConfigPasswordEncrypterName(); if (isNotEmpty(encrypterName) == false) { throw createSecurityException(PASSWORD_ENCODER_REQUIRED); encoder = manager.loadPasswordEncoder(config.getConfigPasswordEncrypterName()); } catch (NoSuchBeanDefinitionException ex) { throw createSecurityException(INVALID_PASSWORD_ENCODER_$1, encrypterName);
getSecurityManager().getSecurityConfig().getConfigPasswordEncrypterName(); assertEquals("pbePasswordEncoder", configPasswordEncrypterName);