@Override protected Collection<GeoServerRole> getRoles(HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles; if (PreAuthenticatedUserNameRoleSource.RoleService.equals(getRoleSource())) { roles = getRolesFromRoleService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) { roles = getRolesFromUserGroupService(request, principal); } else if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { roles = getRolesFromHttpAttribute(request, principal); } else { throw new RuntimeException("Never should reach this point"); } LOGGER.log( Level.FINE, "Got roles {0} from {1} for principal {2}", new Object[] {roles, getRoleSource(), principal}); return roles; }
@Override public String getCacheKey(HttpServletRequest request) { // caching does not make sense if everything is in the header if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) return null; return super.getCacheKey(request); }
@Override protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { // avoid retrieving the user name more than once if (request.getAttribute(UserNameAlreadyRetrieved) != null) return (String) request.getAttribute(UserName); String principal = getPreAuthenticatedPrincipalName(request); if (principal != null && principal.trim().length() == 0) principal = null; try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); GeoServerUser u = service.getUserByUsername(principal); if (u != null && u.isEnabled() == false) { principal = null; handleDisabledUser(u, request); } } } catch (IOException ex) { throw new RuntimeException(ex); } request.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE); if (principal != null) request.setAttribute(UserName, principal); return principal; }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); PreAuthenticatedUserNameFilterConfig authConfig = (PreAuthenticatedUserNameFilterConfig) config; roleSource = authConfig.getRoleSource(); rolesHeaderAttribute = authConfig.getRolesHeaderAttribute(); userGroupServiceName = authConfig.getUserGroupServiceName(); roleConverterName = authConfig.getRoleConverterName(); roleServiceName = authConfig.getRoleServiceName(); // TODO, Justin, is this ok ? if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { String converterName = authConfig.getRoleConverterName(); if (converterName == null || converterName.length() == 0) setConverter(GeoServerExtensions.bean(GeoServerRoleConverter.class)); else setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(converterName)); } }