/** * Get master password for REST configuraton * * <p>The method inspects the stack trace to check for an authorized calling method. The * authenticated principal has to be an administrator * * <p>If authorization fails, an IOException is thrown * * @throws IOException */ public char[] getMasterPasswordForREST() throws IOException { if (checkAuthenticationForAdminRole() == false) { throw new IOException("Unauthorized user tries to read master password"); } String[][] allowedMethods = new String[][] { {"org.geoserver.rest.security.MasterPasswordController", "masterPasswordGet"} }; String result = checkStackTrace(10, allowedMethods); if (result != null) { throw new IOException("Unauthorized method wants to read master password\n" + result); } return getMasterPassword(); }
String result = checkStackTrace(10, allowedMethods);