public void validateFilterConfig(UsernamePasswordAuthenticationFilterConfig config) throws FilterConfigException { if (isNotEmpty(config.getUsernameParameterName()) == false) { throw createFilterException(FilterConfigException.USER_PARAMETER_NAME_NEEDED); } if (isNotEmpty(config.getPasswordParameterName()) == false) { throw createFilterException(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED); } }
new UsernamePasswordAuthenticationFilterConfig(); config.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); config.setUsernameParameterName("username"); config.setPasswordParameterName("password"); config.setName(testFilterName6); getSecurityManager().saveFilter(config); chain = new MockFilterChain(); request.setMethod("POST"); request.addParameter(config.getUsernameParameterName(), testUserName); request.addParameter(config.getPasswordParameterName(), testPassword); getProxy().doFilter(request, response, chain); assertTrue(response.getStatus() == MockHttpServletResponse.SC_MOVED_TEMPORARILY); chain = new MockFilterChain(); request.setMethod("POST"); request.addParameter(config.getUsernameParameterName(), testUserName); request.addParameter(config.getPasswordParameterName(), "wrongpass"); getProxy().doFilter(request, response, chain); assertTrue(response.getStatus() == MockHttpServletResponse.SC_MOVED_TEMPORARILY); chain = new MockFilterChain(); request.setMethod("POST"); request.addParameter(config.getUsernameParameterName(), "unknwon"); request.addParameter(config.getPasswordParameterName(), testPassword); getProxy().doFilter(request, response, chain); assertTrue(response.getStatus() == MockHttpServletResponse.SC_MOVED_TEMPORARILY); chain = new MockFilterChain();
if (filter == null) { UsernamePasswordAuthenticationFilterConfig upConfig = new UsernamePasswordAuthenticationFilterConfig(); upConfig.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); upConfig.setName(filterName); upConfig.setUsernameParameterName( UsernamePasswordAuthenticationFilterConfig.DEFAULT_USERNAME_PARAM); upConfig.setPasswordParameterName( UsernamePasswordAuthenticationFilterConfig.DEFAULT_PASSWORD_PARAM); saveFilter(upConfig);
new UsernamePasswordAuthenticationFilterConfig(); config.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); config.setUsernameParameterName("username"); config.setPasswordParameterName("password"); config.setName(testFilterName7); getSecurityManager().saveFilter(config); chain = new MockFilterChain(); request.setMethod("POST"); request.addParameter(config.getUsernameParameterName(), testUserName); request.addParameter(config.getPasswordParameterName(), testPassword); getProxy().doFilter(request, response, chain); assertTrue(response.getStatus() == MockHttpServletResponse.SC_MOVED_TEMPORARILY); request.addParameter(config.getUsernameParameterName(), GeoServerUser.ROOT_USERNAME); request.addParameter(config.getPasswordParameterName(), getMasterPassword()); getProxy().doFilter(request, response, chain); assertTrue(response.getStatus() == MockHttpServletResponse.SC_MOVED_TEMPORARILY);
@Test public void testUsernamePasswordFilterConfigValidation() throws Exception { UsernamePasswordAuthenticationFilterConfig config = new UsernamePasswordAuthenticationFilterConfig(); config.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName()); config.setName("testUsernamePassword"); FilterConfigValidator validator = new FilterConfigValidator(getSecurityManager()); try { validator.validateFilterConfig(config); fail("no user should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.USER_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setUsernameParameterName("user"); try { validator.validateFilterConfig(config); fail("no password should fail"); } catch (FilterConfigException ex) { assertEquals(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED, ex.getId()); assertEquals(0, ex.getArgs().length); } config.setPasswordParameterName("password"); validator.validateFilterConfig(config); }
filter.setPasswordParameter(upConfig.getPasswordParameterName()); filter.setUsernameParameter(upConfig.getUsernameParameterName()); filter.setAuthenticationManager(getSecurityManager().authenticationManager());