public void validateFilterConfig(X509CertificateAuthenticationFilterConfig config) throws FilterConfigException { validateFilterConfig((J2eeAuthenticationBaseFilterConfig) config); }
public void validateFilterConfig(J2eeAuthenticationFilterConfig config) throws FilterConfigException { validateFilterConfig((J2eeAuthenticationBaseFilterConfig) config); }
public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof BasicAuthenticationFilterConfig) validateFilterConfig((BasicAuthenticationFilterConfig) config); if (config instanceof DigestAuthenticationFilterConfig) validateFilterConfig((DigestAuthenticationFilterConfig) config); if (config instanceof RoleFilterConfig) validateFilterConfig((RoleFilterConfig) config); if (config instanceof X509CertificateAuthenticationFilterConfig) validateFilterConfig((X509CertificateAuthenticationFilterConfig) config); if (config instanceof UsernamePasswordAuthenticationFilterConfig) validateFilterConfig((UsernamePasswordAuthenticationFilterConfig) config); if (config instanceof RequestHeaderAuthenticationFilterConfig) validateFilterConfig((RequestHeaderAuthenticationFilterConfig) config); if (config instanceof J2eeAuthenticationFilterConfig) validateFilterConfig((J2eeAuthenticationFilterConfig) config); if (config instanceof ExceptionTranslationFilterConfig) validateFilterConfig((ExceptionTranslationFilterConfig) config); if (config instanceof SecurityContextPersistenceFilterConfig) validateFilterConfig((SecurityContextPersistenceFilterConfig) config); if (config instanceof RememberMeAuthenticationFilterConfig) validateFilterConfig((RememberMeAuthenticationFilterConfig) config); if (config instanceof AnonymousAuthenticationFilterConfig) validateFilterConfig((AnonymousAuthenticationFilterConfig) config); if (config instanceof SecurityInterceptorFilterConfig) validateFilterConfig((SecurityInterceptorFilterConfig) config); if (config instanceof LogoutFilterConfig) validateFilterConfig((LogoutFilterConfig) config); // TODO, check rememberme }
@Override public void validateModifiedFilter( SecurityNamedServiceConfig config, SecurityNamedServiceConfig oldConfig) throws SecurityConfigException { super.validateModifiedFilter(config, oldConfig); validateFilterConfig(config); }
public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof CredentialsFromRequestHeaderFilterConfig) validateFilterConfig((CredentialsFromRequestHeaderFilterConfig) config); else super.validateFilterConfig(config); }
@Override public void validateAddFilter(SecurityNamedServiceConfig config) throws SecurityConfigException { super.validateAddFilter(config); validateFilterConfig(config); }
public void validateFilterConfig(RequestHeaderAuthenticationFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getPrincipalHeaderAttribute()) == false) throw createFilterException(FilterConfigException.PRINCIPAL_HEADER_ATTRIBUTE_NEEDED); validateFilterConfig((PreAuthenticatedUserNameFilterConfig) config); }
public void validateFilterConfig(J2eeAuthenticationBaseFilterConfig config) throws FilterConfigException { validateFilterConfig((PreAuthenticatedUserNameFilterConfig) config); if (config.getRoleSource().equals(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE)) { checkExistingRoleService(config.getRoleServiceName()); } }
@Override public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof OAuth2FilterConfig) { validateOAuth2FilterConfig((OAuth2FilterConfig) config); } else { super.validateFilterConfig(config); } }
@Override public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof CasAuthenticationFilterConfig) { validateCASFilterConfig((CasAuthenticationFilterConfig)config); } else { super.validateFilterConfig(config); } }
@Override public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { if (config instanceof CasAuthenticationFilterConfig) { validateCASFilterConfig((CasAuthenticationFilterConfig) config); } else { super.validateFilterConfig(config); } }
/** Validates the configuration type and content. */ @Override public void validateFilterConfig(SecurityNamedServiceConfig config) throws FilterConfigException { LOG.log(Level.FINER, "GeoServerKeycloakFilterConfigValidator.validateFilterConfig ENTRY"); if (config instanceof GeoServerKeycloakFilterConfig) { LOG.log(Level.FINE, "valid config type"); validateKeycloakConfig((GeoServerKeycloakFilterConfig) config); super.validateFilterConfig(config); } else { LOG.log(Level.FINE, "invalid config type"); throw new FilterConfigException( FilterConfigException.CLASS_WRONG_TYPE_$2, "configuration type is not appropriate for the requested filter type", config.getClass().getName(), GeoServerKeycloakFilterConfig.class.getName()); } }
super.validateFilterConfig( (PreAuthenticatedUserNameFilterConfig) casConfig);
public void validateCASFilterConfig(CasAuthenticationFilterConfig casConfig) throws FilterConfigException { if (StringUtils.hasLength(casConfig.getUrlInCasLogoutPage())) { try { new URL(casConfig.getUrlInCasLogoutPage()); } catch (MalformedURLException ex) { throw createFilterException( CasFilterConfigException.CAS_URL_IN_LOGOUT_PAGE_MALFORMED); } } super.validateFilterConfig((PreAuthenticatedUserNameFilterConfig) casConfig); if (StringUtils.hasLength(casConfig.getCasServerUrlPrefix()) == false) throw createFilterException(CasFilterConfigException.CAS_SERVER_URL_REQUIRED); try { new URL(casConfig.getCasServerUrlPrefix()); } catch (MalformedURLException ex) { throw createFilterException(CasFilterConfigException.CAS_SERVER_URL_MALFORMED); } if (StringUtils.hasLength(casConfig.getProxyCallbackUrlPrefix())) { URL callBackUrl = null; try { callBackUrl = new URL(casConfig.getProxyCallbackUrlPrefix()); } catch (MalformedURLException ex) { throw createFilterException(CasFilterConfigException.CAS_PROXYCALLBACK_MALFORMED); } if ("https".equalsIgnoreCase(callBackUrl.getProtocol()) == false) throw createFilterException(CasFilterConfigException.CAS_PROXYCALLBACK_NOT_HTTPS); } }
@Test public void testUsernamePasswordFilterConfigValidation() throws Exception { UsernamePasswordAuthenticationFilterConfig config = new UsernamePasswordAuthenticationFilterConfig(); config.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); config.setName("testUsernamePassword"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); try { validator.validateFilterConfig(config); fail("no user should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.USER_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setUsernameParameterName("user"); try { validator.validateFilterConfig(config); fail("no password should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setPasswordParameterName("password"); validator.validateFilterConfig(config); }
@Test public void testRoleFilterConfigValidation() throws Exception { RoleFilterConfig config = new RoleFilterConfig(); config.setClassName(GeoServerRoleFilter.class.getName()); config.setName("testRoleFilter"); GeoServerSecurityManager secMgr = getSecurityManager(); FilterConfigValidator validator = new FilterConfigValidator(secMgr); try { validator.validateFilterConfig(config); fail("no header attribute should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.HEADER_ATTRIBUTE_NAME_REQUIRED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setHttpResponseHeaderAttrForIncludedRoles("roles"); config.setRoleConverterName("unknown"); try { validator.validateFilterConfig(config); fail("unkonwn role converter should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.UNKNOWN_ROLE_CONVERTER, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("unknown", ex.getArgs()[0]); } config.setRoleConverterName(null); validator.validateFilterConfig(config); }
@Test public void testExceptionTranslationFilterConfigValidation() throws Exception { ExceptionTranslationFilterConfig config = new ExceptionTranslationFilterConfig(); config.setClassName(GeoServerExceptionTranslationFilter.class.getName()); config.setName("testEx"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); config.setAuthenticationFilterName("unknown"); try { validator.validateFilterConfig(config); fail("invalid entry point should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.INVALID_ENTRY_POINT, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("unknown", ex.getArgs()[0]); } config.setAuthenticationFilterName( GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR); try { validator.validateFilterConfig(config); fail("no auth entry point should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.NO_AUTH_ENTRY_POINT, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals(GeoServerSecurityFilterChain.FILTER_SECURITY_INTERCEPTOR, ex.getArgs()[0]); } config.setAuthenticationFilterName(null); validator.validateFilterConfig(config); }
@Test public void testRequestHeaderFilterConfigValidation() throws Exception { RequestHeaderAuthenticationFilterConfig config = new RequestHeaderAuthenticationFilterConfig(); config.setClassName(GeoServerRequestHeaderAuthenticationFilter.class.getName()); config.setName("testRequestHeader"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); try { validator.validateFilterConfig(config); fail("no principal header attribute should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.PRINCIPAL_HEADER_ATTRIBUTE_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setPrincipalHeaderAttribute("user"); check((PreAuthenticatedUserNameFilterConfig) config); } }
@Test public void testSecurityInterceptorFilterConfigValidation() throws Exception { SecurityInterceptorFilterConfig config = new SecurityInterceptorFilterConfig(); config.setClassName(GeoServerSecurityInterceptorFilter.class.getName()); config.setName("testInterceptFilter"); GeoServerSecurityManager secMgr = getSecurityManager(); FilterConfigValidator validator = new FilterConfigValidator(secMgr); try { validator.validateFilterConfig(config); fail("no metadata source should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.SECURITY_METADATA_SOURCE_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setSecurityMetadataSource("unknown"); try { validator.validateFilterConfig(config); fail("unknown metadata source should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.UNKNOWN_SECURITY_METADATA_SOURCE, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("unknown", ex.getArgs()[0]); } }
public void check(J2eeAuthenticationBaseFilterConfig config) throws Exception { check((PreAuthenticatedUserNameFilterConfig) config); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); config.setRoleSource(J2EERoleSource.J2EE); config.setRoleServiceName("blabla"); try { validator.validateFilterConfig(config); fail("unknown role service should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.UNKNOWN_ROLE_SERVICE, ex.getId()); assertEquals(1, ex.getArgs().length); assertEquals("blabla", ex.getArgs()[0]); } config.setRoleServiceName(XMLRoleService.DEFAULT_NAME); }