@Override public SecurityConfig clone(boolean allowEnvParametrization) { final GeoServerEnvironment gsEnvironment = GeoServerExtensions.bean(GeoServerEnvironment.class); SecurityManagerConfig target = (SecurityManagerConfig) SerializationUtils.clone(this); if (target != null) { if (allowEnvParametrization && gsEnvironment != null && GeoServerEnvironment.ALLOW_ENV_PARAMETRIZATION) { target.setConfigPasswordEncrypterName( (String) gsEnvironment.resolveValue(configPasswordEncrypterName)); target.setRoleServiceName((String) gsEnvironment.resolveValue(roleServiceName)); } } return target; } }
config.setConfigPasswordEncrypterName( loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, true, false).getName());
@Test public void testActive() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); UsernamePasswordAuthenticationProviderConfig config = new UsernamePasswordAuthenticationProviderConfig(); config.setName("custom"); config.setClassName(AuthProvider.class.getName()); secMgr.saveAuthenticationProvider(config); SecurityManagerConfig mgrConfig = secMgr.getSecurityConfig(); mgrConfig.getAuthProviderNames().add("custom"); mgrConfig.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName()); secMgr.saveSecurityConfig(mgrConfig); Authentication auth = new UsernamePasswordAuthenticationToken("foo", "bar"); auth = getSecurityManager().authenticationManager().authenticate(auth); assertTrue(auth.isAuthenticated()); }
@Test public void testEncryption2() throws Exception { SecurityManagerConfig config = getSecurityManager().getSecurityConfig(); config.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName()); getSecurityManager().saveSecurityConfig(config); String serviceName = "testEncrypt2"; config.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName()); String plainprefix = getPlainTextPasswordEncoder().getPrefix()
GeoServerPasswordEncoder encoder = getPlainTextPasswordEncoder(); String plainprefix = encoder.getPrefix() + GeoServerPasswordEncoder.PREFIX_DELIMTER; config.setConfigPasswordEncrypterName(encoder.getName()); config.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName()); getSecurityManager().saveSecurityConfig(config); getSecurityManager().updateConfigurationFilesWithEncryptedFields();
GeoServerPasswordEncoder encoder = getPlainTextPasswordEncoder(); String prefix = encoder.getPrefix() + GeoServerPasswordEncoder.PREFIX_DELIMTER; config.setConfigPasswordEncrypterName(encoder.getName()); getSecurityManager().saveSecurityConfig(config); config.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName()); getSecurityManager().saveSecurityConfig(config); getSecurityManager().updateConfigurationFilesWithEncryptedFields();
void setupFilterEntry(Pos pos, String relativeTo, boolean assertSecurityContext) throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); FilterConfig config = new FilterConfig(); config.setName("custom"); config.setClassName(Filter.class.getName()); config.setAssertAuth(assertSecurityContext); secMgr.saveFilter(config); SecurityManagerConfig mgrConfig = secMgr.getSecurityConfig(); mgrConfig.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName()); mgrConfig.getFilterChain().remove("custom"); if (pos == Pos.FIRST) mgrConfig.getFilterChain().insertFirst("/**", "custom"); if (pos == Pos.LAST) mgrConfig.getFilterChain().insertLast("/**", "custom"); if (pos == Pos.BEFORE) mgrConfig.getFilterChain().insertBefore("/**", "custom", relativeTo); if (pos == Pos.AFTER) mgrConfig.getFilterChain().insertAfter("/**", "custom", relativeTo); secMgr.saveSecurityConfig(mgrConfig); }
SecurityManagerConfig config = new SecurityManagerConfig(); config.setRoleServiceName(XMLRoleService.DEFAULT_NAME); config.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName()); config.getAuthProviderNames().add(GeoServerAuthenticationProvider.DEFAULT_NAME); config.setConfigPasswordEncrypterName("abc"); validator.validateManagerConfig(config, new SecurityManagerConfig()); fail("invalid password encoder should fail"); config.setConfigPasswordEncrypterName(null); validator.validateManagerConfig(config, new SecurityManagerConfig()); fail("no password encoder should fail"); config.setConfigPasswordEncrypterName(getStrongPBEPasswordEncoder().getName()); try { validator.validateManagerConfig(config, new SecurityManagerConfig()); config.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName()); config.setRoleServiceName("XX");