/** * Calculates roles from a {@link GeoServerRoleService} The default service is {@link * GeoServerSecurityManager#getActiveRoleService()} * * <p>The result contains all inherited roles, but no personalized roles * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromRoleService( HttpServletRequest request, String principal) throws IOException { boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); RoleCalculator calc = new RoleCalculator(service); return calc.calculateRoles(principal); }
@Override protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { // avoid retrieving the user name more than once if (request.getAttribute(UserNameAlreadyRetrieved) != null) return (String) request.getAttribute(UserName); String principal = getPreAuthenticatedPrincipalName(request); if (principal != null && principal.trim().length() == 0) principal = null; try { if (principal != null && PreAuthenticatedUserNameRoleSource.UserGroupService.equals( getRoleSource())) { GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); GeoServerUser u = service.getUserByUsername(principal); if (u != null && u.isEnabled() == false) { principal = null; handleDisabledUser(u, request); } } } catch (IOException ex) { throw new RuntimeException(ex); } request.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE); if (principal != null) request.setAttribute(UserName, principal); return principal; }
/** * Calculates roles using a {@link GeoServerUserGroupService} if the principal is not found, an * empty collection is returned * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromUserGroupService( HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>(); GeoServerUserGroupService service = getSecurityManager().loadUserGroupService(getUserGroupServiceName()); UserDetails details = null; try { details = service.loadUserByUsername(principal); } catch (UsernameNotFoundException ex) { LOGGER.log( Level.WARNING, "User " + principal + " not found in " + getUserGroupServiceName()); } if (details != null) { for (GrantedAuthority auth : details.getAuthorities()) roles.add((GeoServerRole) auth); } return roles; }