/** * converts an 2.3.x security configuration to 2.4.x * * @return <code>true</code> if migration has taken place */ boolean migrateFrom23() throws Exception { SecurityManagerConfig config = loadSecurityConfig(); RequestFilterChain webChain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_CHAIN_NAME); boolean migrated = false; List<String> patterns = webChain.getPatterns(); if (patterns.contains("/") == false) { patterns.add("/"); saveSecurityConfig(config); migrated |= true; } return migrated; }
if (chain.getRequestChainByName(oldRequestChain.getName()) == null) { if (oldRequestChain.canBeRemoved() == false) { throw createSecurityException(
@Override public void configureFilterChain(GeoServerSecurityFilterChain filterChain) { if ( filterChain.getRequestChainByName(PROXYRECEPTORCHAIN) != null) return; RequestFilterChain casChain = new ConstantFilterChain(GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN, GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN+"/"); casChain.setFilterNames(pgtCallback.getName()); casChain.setName(PROXYRECEPTORCHAIN); filterChain.getRequestChains().add(0,casChain); }
@Override public void configureFilterChain(GeoServerSecurityFilterChain filterChain) { if (filterChain.getRequestChainByName(PROXYRECEPTORCHAIN) != null) return; RequestFilterChain casChain = new ConstantFilterChain( GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN, GeoServerCasConstants.CAS_PROXY_RECEPTOR_PATTERN + "/"); casChain.setFilterNames(pgtCallback.getName()); casChain.setName(PROXYRECEPTORCHAIN); filterChain.getRequestChains().add(0, casChain); } }
.getSecurityConfig() .getFilterChain() .getRequestChainByName("webLogout"); logOutChain.doLogout(getSecurityManager(), httpReq, httpRes, getName()); handler.process(httpReq, httpRes);
handler.destroySession(httpReq); LogoutFilterChain logOutChain = (LogoutFilterChain) getSecurityManager().getSecurityConfig().getFilterChain().getRequestChainByName("webLogout"); logOutChain.doLogout(getSecurityManager(), httpReq, httpRes,getName()); } else
public AuthFilterChainPanel(String id, IModel<GeoServerSecurityFilterChain> model) { super(id, new Model()); requestChain = model.getObject().getRequestChainByName("web"); add(new RequestChainDropDownChoice("requestChain", new PropertyModel(this, "requestChain"), new PropertyModel<List<RequestFilterChain>>(model, "requestChains")).add(new OnChangeAjaxBehavior() { @Override protected void onUpdate(AjaxRequestTarget target) { target.addComponent(AuthFilterChainPanel.this.get("authFilterChain")); } })); add(new AuthFilterChainPalette("authFilterChain", new AuthFilterNamesModel(model)) .setOutputMarkupId(true)); }
@Override protected void onClick(AjaxRequestTarget target) { RequestFilterChain chain = SecurityFilterChainsPanel.this.secMgrConfig.getFilterChain().getRequestChainByName(chainName); SecurityFilterChainPage editPage=null; if (chain instanceof VariableFilterChain) editPage = new SecurityVariableFilterChainPage( ((VariableFilterChain)chain), SecurityFilterChainsPanel.this.secMgrConfig, false); else editPage = new SecurityFilterChainPage(chain, SecurityFilterChainsPanel.this.secMgrConfig, false); editPage.setReturnPage(getPage()); setResponsePage(editPage); } };
@Override protected void onClick(AjaxRequestTarget target) { RequestFilterChain chain = SecurityFilterChainsPanel.this .secMgrConfig .getFilterChain() .getRequestChainByName(chainName); SecurityFilterChainPage editPage = null; if (chain instanceof VariableFilterChain) editPage = new SecurityVariableFilterChainPage( ((VariableFilterChain) chain), SecurityFilterChainsPanel.this.secMgrConfig, false); else editPage = new SecurityFilterChainPage( chain, SecurityFilterChainsPanel.this.secMgrConfig, false); editPage.setReturnPage(getPage()); setResponsePage(editPage); } };
/** * Enable the Spring Security authentication filters, we want the test to be complete and * realistic */ @Override protected List<javax.servlet.Filter> getFilters() { SecurityManagerConfig mconfig = getSecurityManager().getSecurityConfig(); GeoServerSecurityFilterChain filterChain = mconfig.getFilterChain(); VariableFilterChain chain = (VariableFilterChain) filterChain.getRequestChainByName("default"); List<Filter> result = new ArrayList<Filter>(); for (String filterName : chain.getCompiledFilterNames()) { try { result.add(getSecurityManager().loadFilter(filterName)); } catch (IOException e) { throw new RuntimeException(e); } } return result; }
@Test public void testWebLoginChainSessionCreation() throws Exception { // GEOS-6077 GeoServerSecurityManager secMgr = getSecurityManager(); SecurityManagerConfig config = secMgr.loadSecurityConfig(); RequestFilterChain chain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_LOGIN_CHAIN_NAME); assertTrue(chain.isAllowSessionCreation()); } }
@Test public void testWebLoginChainSessionCreation() throws Exception { // GEOS-6077 GeoServerSecurityManager secMgr = getSecurityManager(); SecurityManagerConfig config = secMgr.loadSecurityConfig(); RequestFilterChain chain = config.getFilterChain() .getRequestChainByName(GeoServerSecurityFilterChain.WEB_LOGIN_CHAIN_NAME); assertTrue(chain.isAllowSessionCreation()); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); GitHubOAuth2FilterConfig filterConfig = new GitHubOAuth2FilterConfig(); filterConfig.setName("github"); filterConfig.setClassName(GitHubOAuthAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("github", "anonymous"); manager.saveSecurityConfig(config); }
GeoServerSecurityFilterChain filterChain = mconfig.getFilterChain(); VariableFilterChain chain = (VariableFilterChain) filterChain.getRequestChainByName("default"); chain.getFilterNames().add(0, filterName); getSecurityManager().saveSecurityConfig(mconfig);
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); GoogleOAuth2FilterConfig filterConfig = new GoogleOAuth2FilterConfig(); filterConfig.setName("google"); filterConfig.setClassName(GoogleOAuthAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("google", "anonymous"); manager.saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); OpenIdConnectFilterConfig filterConfig = new OpenIdConnectFilterConfig(); filterConfig.setName("openIdConnect"); filterConfig.setClassName(OpenIdConnectAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); filterConfig.setAccessTokenUri("https://www.connectid/fake/test"); filterConfig.setUserAuthorizationUri("https://www.connectid/fake/test"); filterConfig.setCheckTokenEndpointUrl("https://www.connectid/fake/test"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("openIdConnect", "anonymous"); manager.saveSecurityConfig(config); }
RequestFilterChain chain = secConfig.getFilterChain().getRequestChainByName("testChain"); chain.setRequireSSL(true); getSecurityManager().saveSecurityConfig(secConfig);
(LogoutFilterChain) getSecurityManager().getSecurityConfig().getFilterChain().getRequestChainByName("webLogout");