/** * sets the wrapped {@link GeoServerUserGroupService} objects and prepares the {@link * GeoServerUserPasswordEncoder} * * @param service * @throws IOException */ public void setGeoserverUserGroupService(GeoServerUserGroupService service) throws IOException { this.service = service; encoder = new GeoServerMultiplexingPasswordEncoder(service.getSecurityManager(), service); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return this.isPasswordValid(encodedPassword, rawPassword.toString(), null); } }
UserDetails prepareForUser(GeoServerUser user) { char[] pw = null; try { pw = enc.decodeToCharArray(user.getPassword()); } catch (UnsupportedOperationException ex) { pw = user.getPassword().toCharArray(); } String a1 = encodePasswordInA1Format(user.getUsername(), GeoServerSecurityManager.REALM, pw); manager.disposePassword(pw); List<GrantedAuthority> roles = new ArrayList<GrantedAuthority>(); roles.addAll(user.getAuthorities()); roles.add(GeoServerRole.AUTHENTICATED_ROLE); return new DigestUserDetails(user, a1, roles); }
GeoServerPasswordEncoder encoder = getPlainTextPasswordEncoder(); GeoServerMultiplexingPasswordEncoder encoder2 = new GeoServerMultiplexingPasswordEncoder(getSecurityManager()); assertTrue(encoder.isPasswordValid(enc2, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc2, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc2, testPasswordArray, null)); assertFalse(encoder.isPasswordValid(enc2, "plain:blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(enc, "plain:blabla", null)); assertFalse(encoder2.isPasswordValid(enc, "plain:blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(enc2, "plain:blabla", null)); assertFalse(encoder2.isPasswordValid(enc2, "plain:blabla".toCharArray(), null)); assertEquals(testPassword, encoder2.decode(enc)); assertTrue(Arrays.equals(testPasswordArray, encoder2.decodeToCharArray(enc))); assertEquals(testPassword, encoder2.decode(enc2)); assertTrue(Arrays.equals(testPasswordArray, encoder2.decodeToCharArray(enc2))); assertTrue(encoder2.isPasswordValid(enc, "", null)); enc2 = encoder.encodePassword(emptyArray, null); assertTrue(encoder.isPasswordValid(enc, emptyArray, null)); assertTrue(encoder2.isPasswordValid(enc, emptyArray, null));
GeoServerPasswordEncoder encoder = getDigestPasswordEncoder(); GeoServerMultiplexingPasswordEncoder encoder2 = new GeoServerMultiplexingPasswordEncoder(getSecurityManager()); assertTrue(encoder.isPasswordValid(enc2, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc2, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc2, testPasswordArray, null)); assertFalse(encoder2.isPasswordValid(enc, "plain:blabla", null)); assertFalse(encoder2.isPasswordValid(enc, "plain:blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(enc2, "plain:blabla", null)); assertFalse(encoder2.isPasswordValid(enc2, "plain:blabla".toCharArray(), null)); assertTrue(encoder2.isPasswordValid(enc, "", null)); enc2 = encoder.encodePassword(emptyArray, null); assertTrue(encoder.isPasswordValid(enc, emptyArray, null)); assertTrue(encoder2.isPasswordValid(enc, emptyArray, null)); encoder2.decode(enc); fail("Must fail, digested passwords cannot be decoded"); } catch (UnsupportedOperationException ex) { encoder2.isPasswordValid( "digest1:CTBPxdfHvqy0K0M6uoYlb3+fPFrfMhpTm7+ey5rL/1xGI4s6g8n/OrkXdcyqzJ3D", testPassword,
new GeoServerMultiplexingPasswordEncoder(store.getSecurityManager(), service); String encPassword = null; try { rawPassword = mEncoder.decode(user.getPassword()); encPassword = encoder.encodePassword(rawPassword, null); } catch (UnsupportedOperationException ex) {
@Test public void testEncode() { GeoServerMultiplexingPasswordEncoder pwe = new GeoServerMultiplexingPasswordEncoder(getSecurityManager()); try { pwe.encodePassword("foo", null); } catch (Exception e) { fail("Multiplexing encoder should be capabile of encoding"); } } }
@Override public String encode(CharSequence rawPassword) { return encodePassword(rawPassword.toString(), null); }
/** loads the user and decodes the password to plain text (if possible). */ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { GeoServerUser user = (GeoServerUser) service.loadUserByUsername(username); if (user == null) return null; try { String decoded = encoder.decode(user.getPassword()); return new UserDetailsPasswordWrapper(user, decoded); } catch (UnsupportedOperationException ex) { return new UserDetailsPasswordWrapper(user, user.getPassword()); } } }
public boolean isPasswordValid(String encPass, String rawPass, Object salt) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.isPasswordValid(encPass, rawPass, salt); }
new GeoServerMultiplexingPasswordEncoder(getSecurityManager()); assertTrue(encoder.isPasswordValid(enc2, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc, testPasswordArray, null)); assertTrue(encoder2.isPasswordValid(enc2, testPassword, null)); assertTrue(encoder2.isPasswordValid(enc2, testPasswordArray, null)); assertFalse(encoder.isPasswordValid(enc2, "crypt1:blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(enc, "crypt1:blabla", null)); assertFalse(encoder2.isPasswordValid(enc, "crypt1:blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(enc2, "crypt1:blabla", null)); assertFalse(encoder2.isPasswordValid(enc2, "crypt1:blabla".toCharArray(), null)); assertTrue(Arrays.equals(testPasswordArray, encoder.decodeToCharArray(enc2))); assertEquals(testPassword, encoder2.decode(enc)); assertTrue(Arrays.equals(testPasswordArray, encoder2.decodeToCharArray(enc))); assertEquals(testPassword, encoder2.decode(enc2)); assertTrue(Arrays.equals(testPasswordArray, encoder2.decodeToCharArray(enc2))); assertTrue(encoder2.isPasswordValid(enc, "", null)); enc2 = encoder.encodePassword(emptyArray, null); assertTrue(encoder.isPasswordValid(enc, emptyArray, null)); assertTrue(encoder2.isPasswordValid(enc, emptyArray, null));
new GeoServerMultiplexingPasswordEncoder(getSecurityManager()); assertFalse(encoder2.isPasswordValid(encodedPassword, "blabla", null)); assertFalse(encoder2.isPasswordValid(encodedPassword, "blabla".toCharArray(), null)); assertFalse(encoder2.isPasswordValid(encodedPassword, "", null)); assertFalse(encoder2.isPasswordValid(encodedPassword, "".toCharArray(), null)); encoder2.decode(""); fail("Must fail, empty passwords cannot be decoded"); } catch (UnsupportedOperationException ex) {
new GeoServerMultiplexingPasswordEncoder(store.getSecurityManager(), store); for (GeoServerUser user : store.getUsers()) { if (encoder.isResponsibleForEncoding(user.getPassword())) continue; // nothing to do try { String rawpass = mEncoder.decode(user.getPassword());
public boolean isPasswordValid(String encPass, char[] rawPass, Object salt) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.isPasswordValid(encPass, rawPass, salt); }
new GeoServerMultiplexingPasswordEncoder(getSecurityManager(), service); assertTrue(encoder2.isPasswordValid(encFromArray, passwordArray, null)); assertTrue(encoder3.isPasswordValid(enc, password, null)); assertTrue(encoder3.isPasswordValid(encFromArray, password, null)); assertTrue(encoder3.isPasswordValid(enc, passwordArray, null)); assertTrue(encoder3.isPasswordValid(encFromArray, passwordArray, null)); assertEquals(password, encoder3.decode(enc)); assertEquals(password, encoder.decode(enc)); assertEquals(password, encoder.decode(encFromArray));
protected void checkValuesModified(GeoServerUserGroupService userGroupService) throws IOException { GeoServerUser disableduser = userGroupService.getUserByUsername("disableduser"); assertTrue(disableduser.isEnabled()); GeoServerMultiplexingPasswordEncoder encoder = getEncoder(userGroupService); assertTrue(encoder.isPasswordValid(disableduser.getPassword(), "hallo", null)); assertEquals(1, disableduser.getProperties().size()); assertEquals("miller", disableduser.getProperties().getProperty("lastname")); GeoServerUser user2 = userGroupService.getUserByUsername("user2"); assertEquals(1, user2.getProperties().size()); assertEquals("11-22-33", user2.getProperties().getProperty("tel")); GeoServerUserGroup disabledgroup = userGroupService.getGroupByGroupname("disabledgroup"); assertTrue(disabledgroup.isEnabled()); GeoServerUserGroup group1 = userGroupService.getGroupByGroupname("group1"); GeoServerUser user1 = userGroupService.getUserByUsername("user1"); assertEquals(1, userGroupService.getUsersForGroup(group1).size()); assertTrue(userGroupService.getUsersForGroup(group1).contains(user1)); assertEquals(0, userGroupService.getGroupsForUser(user2).size()); assertEquals(0, userGroupService.getUsersHavingProperty("mail").size()); assertEquals(0, userGroupService.getUsersHavingPropertyValue("tel", "12-34-38").size()); assertEquals(1, userGroupService.getUsersHavingPropertyValue("tel", "11-22-33").size()); user2 = userGroupService.getUsersHavingPropertyValue("tel", "11-22-33").first(); assertEquals("11-22-33", user2.getProperties().getProperty("tel")); }
public HttpDigestUserDetailsServiceWrapper(GeoServerUserGroupService service, Charset charSet) { this.service = service; this.charSet = charSet; manager = service.getSecurityManager(); enc = new GeoServerMultiplexingPasswordEncoder(service.getSecurityManager(), service); try { digest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("No MD5 algorithm available!"); } }
public String decode(String encPass) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.decode(encPass); }
assertTrue(encoder.isPasswordValid(admin.getPassword(), "geoserver", null)); assertTrue(encoder.isPasswordValid(user1.getPassword(), "11111", null)); assertTrue(encoder.isPasswordValid(user2.getPassword(), "22222", null)); assertTrue(encoder.isPasswordValid(disableduser.getPassword(), "", null));
protected GeoServerMultiplexingPasswordEncoder getEncoder(GeoServerUserGroupService ugService) throws IOException { return new GeoServerMultiplexingPasswordEncoder(getSecurityManager(), ugService); }