/** Try to authenticate if there is no authenticated principal */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String cacheKey = authenticateFromCache(this, (HttpServletRequest) request); if (SecurityContextHolder.getContext().getAuthentication() == null) { doAuthenticate((HttpServletRequest) request, (HttpServletResponse) response); Authentication postAuthentication = SecurityContextHolder.getContext().getAuthentication(); if (postAuthentication != null && cacheKey != null) { if (cacheAuthentication(postAuthentication, (HttpServletRequest) request)) { getSecurityManager() .getAuthenticationCache() .put(getName(), cacheKey, postAuthentication); } } } request.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, aep); chain.doFilter(request, response); }
@Override public String getCacheKey(HttpServletRequest request) { if (request.getSession(false) != null) // no caching if there is an HTTP session return null; String retval = getPreAuthenticatedPrincipal(request); if (GeoServerUser.ROOT_USERNAME.equals(retval)) return null; return retval; }
String principal = getPreAuthenticatedPrincipal(request); if (principal == null || principal.trim().length() == 0) { return; Collection<GeoServerRole> roles = null; try { roles = getRoles(request, principal); } catch (IOException e) { throw new RuntimeException(e);
@Override public String getCacheKey(HttpServletRequest request) { // caching does not make sense if everything is in the header if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) return null; return super.getCacheKey(request); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); PreAuthenticatedUserNameFilterConfig authConfig = (PreAuthenticatedUserNameFilterConfig) config; roleSource = authConfig.getRoleSource(); rolesHeaderAttribute = authConfig.getRolesHeaderAttribute(); userGroupServiceName = authConfig.getUserGroupServiceName(); roleConverterName = authConfig.getRoleConverterName(); roleServiceName = authConfig.getRoleServiceName(); // TODO, Justin, is this ok ? if (PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) { String converterName = authConfig.getRoleConverterName(); if (converterName == null || converterName.length() == 0) setConverter(GeoServerExtensions.bean(GeoServerRoleConverter.class)); else setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(converterName)); } }