/** * converts an 2.3.x security configuration to 2.4.x * * @return <code>true</code> if migration has taken place */ boolean migrateFrom23() throws Exception { SecurityManagerConfig config = loadSecurityConfig(); RequestFilterChain webChain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_CHAIN_NAME); boolean migrated = false; List<String> patterns = webChain.getPatterns(); if (patterns.contains("/") == false) { patterns.add("/"); saveSecurityConfig(config); migrated |= true; } return migrated; }
public void validateRemoveFilter(SecurityNamedServiceConfig config) throws SecurityConfigException { validateRemoveNamedService(GeoServerSecurityFilter.class, config); List<String> patterns = manager.getSecurityConfig() .getFilterChain() .patternsForFilter(config.getClassName(), false); if (patterns.isEmpty() == false) { throw createSecurityException( SecurityConfigException.FILTER_STILL_USED, config.getName(), StringUtils.arrayToCommaDelimitedString(patterns.toArray())); } }
getSecurityManager().getSecurityConfig().getFilterChain(); for (RequestFilterChain requestChain : chain.getRequestChains()) { for (String filterName : requestChain.getFilterNames()) {
public SecurityManagerConfig(SecurityManagerConfig config) { this.roleServiceName = config.getRoleServiceName(); this.authProviderNames = config.getAuthProviderNames() != null ? new ArrayList<String>(config.getAuthProviderNames()) : null; this.filterChain = config.getFilterChain() != null ? new GeoServerSecurityFilterChain(config.getFilterChain()) : null; this.rememberMeService = new RememberMeServicesConfig(config.getRememberMeService()); this.bruteForcePrevention = new BruteForcePreventionConfig(config.getBruteForcePrevention()); this.encryptingUrlParams = config.isEncryptingUrlParams(); this.configPasswordEncrypterName = config.getConfigPasswordEncrypterName(); // this.masterPasswordURL=config.getMasterPasswordURL(); // this.masterPasswordStrategy=config.getMasterPasswordStrategy(); }
new GeoServerSecurityFilterChain(config.getFilterChain());
protected void insertAnonymousFilter() throws Exception { SecurityManagerConfig mconfig = getSecurityManager().loadSecurityConfig(); mconfig.getFilterChain() .find(pattern) .getFilterNames() .add(GeoServerSecurityFilterChain.ANONYMOUS_FILTER); getSecurityManager().saveSecurityConfig(mconfig); }
protected void removeAnonymousFilter() throws Exception { SecurityManagerConfig mconfig = getSecurityManager().loadSecurityConfig(); mconfig.getFilterChain() .find(pattern) .getFilterNames() .remove(GeoServerSecurityFilterChain.ANONYMOUS_FILTER); getSecurityManager().saveSecurityConfig(mconfig); }
protected void prepareFilterChain(Class filterChainClass, String pattern, String... filterNames) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); GeoServerSecurityFilterChain filterChain = config.getFilterChain(); filterChain.removeForPattern(pattern); Constructor<?> cons = filterChainClass.getConstructor(new Class[] {String[].class}); String[] args = new String[] {pattern}; RequestFilterChain requestChain = (RequestFilterChain) cons.newInstance(new Object[] {args}); requestChain = new HtmlLoginFilterChain(pattern); requestChain.setName("testChain"); requestChain.setFilterNames(filterNames); // insert before default filterChain.getRequestChains().add(filterChain.getRequestChains().size() - 2, requestChain); getSecurityManager().saveSecurityConfig(config); }
GeoServerSecurityFilterChain chain = config.getFilterChain(); GeoServerSecurityFilterChain oldChain = oldConfig.getFilterChain(); if (chain == null) { throw createSecurityException(SecurityConfigException.FILTER_CHAIN_NULL_ERROR);
public void saveFilter(SecurityNamedServiceConfig config, MigrationHelper migrationHelper) throws IOException, SecurityConfigException { SecurityConfigValidator validator = SecurityConfigValidator.getConfigurationValiator( GeoServerSecurityFilter.class, config.getClassName()); boolean fireChanged = false; if (config.getId() == null) { config.initBeforeSave(); validator.validateAddFilter(config); } else { validator.validateModifiedFilter( config, filterHelper.loadConfig(config.getName(), migrationHelper)); // remove all cached authentications for this filter getAuthenticationCache().removeAll(config.getName()); if (!securityConfig .getFilterChain() .patternsForFilter(config.getName(), true) .isEmpty()) { fireChanged = true; } } filterHelper.saveConfig(config); if (fireChanged) { fireChanged(); } }
security().get("config.xml").in(), oldSecManagerConfig.out()); SecurityManagerConfig config = loadSecurityConfig(); for (RequestFilterChain chain : config.getFilterChain().getRequestChains()) { if (chain.getFilterNames() .contains(GeoServerSecurityFilterChain.SECURITY_CONTEXT_ASC_FILTER)) {
protected void modifyChain( String pattern, boolean disabled, boolean allowSessionCreation, String roleFilterName) throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); RequestFilterChain chain = config.getFilterChain().find(pattern); chain.setDisabled(disabled); chain.setAllowSessionCreation(allowSessionCreation); chain.setRoleFilterName(roleFilterName); getSecurityManager().saveSecurityConfig(config); return; }
@Override protected List<RequestFilterChain> getItems() { return config.getFilterChain().getRequestChains(); } }
@Override protected List<RequestFilterChain> getItems() { return config.getFilterChain().getRequestChains(); }
@Override protected void onClick(AjaxRequestTarget target) { secMgrConfig.getFilterChain().getRequestChains().remove(chain); target.add(tablePanel); } };
@Override protected void onClick(AjaxRequestTarget target) { secMgrConfig.getFilterChain().getRequestChains().remove( chain ); target.addComponent( tablePanel ); } };
protected void handleSubmit(Form<?> form) { RequestFilterChain chain =chainWrapper.getChain(); try { new SecurityConfigValidator(getSecurityManager()). validateRequestFilterChain(chainWrapper.getChain()); if (isNew) secMgrConfig.getFilterChain().getRequestChains().add(chain); //getSecurityManager().saveSecurityConfig(secMgrConfig); doReturn(); } catch (Exception e) { LOGGER.log(Level.WARNING, "Error saving config", e); feedbackPanel.error(e); } }
@Test public void testWebLoginChainSessionCreation() throws Exception { // GEOS-6077 GeoServerSecurityManager secMgr = getSecurityManager(); SecurityManagerConfig config = secMgr.loadSecurityConfig(); RequestFilterChain chain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_LOGIN_CHAIN_NAME); assertTrue(chain.isAllowSessionCreation()); } }
@Test public void testWebLoginChainSessionCreation() throws Exception { // GEOS-6077 GeoServerSecurityManager secMgr = getSecurityManager(); SecurityManagerConfig config = secMgr.loadSecurityConfig(); RequestFilterChain chain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_LOGIN_CHAIN_NAME); assertTrue(chain.isAllowSessionCreation()); }
@After public void removeCustomFilterConfig() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr.listFilters().contains("custom")) { secMgr.removeFilter(secMgr.loadFilterConfig("custom")); } secMgr.getSecurityConfig().getFilterChain().remove("custom"); SecurityManagerConfig mgrConfig = secMgr.getSecurityConfig(); secMgr.saveSecurityConfig(mgrConfig); }