/** * Loads the first password encoder that matches the specified class filter. * * <p>This method is shorthand for: * * <pre> * loadPasswordEncoder(filter, null, null); * </pre> */ public <T extends GeoServerPasswordEncoder> T loadPasswordEncoder(Class<T> filter) { return loadPasswordEncoder(filter, null, null); }
String computeAndSaveMasterPasswordDigest(char[] passwd) throws IOException { GeoServerDigestPasswordEncoder pwEncoder = loadPasswordEncoder(GeoServerDigestPasswordEncoder.class); String masterPasswdDigest = pwEncoder.encodePassword(passwd, null); saveMasterPasswordDigest(masterPasswdDigest); return masterPasswdDigest; }
/** Accessor for strong encryption pbe password encoder. */ protected GeoServerPBEPasswordEncoder getStrongPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, true); }
/** Accessor for regular (weak encryption) pbe password encoder. */ protected GeoServerPBEPasswordEncoder getPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, false); }
/** Accessor for digest password encoder. */ protected GeoServerDigestPasswordEncoder getDigestPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerDigestPasswordEncoder.class); }
/** Accessor for digest password encoder. */ protected GeoServerDigestPasswordEncoder getDigestPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerDigestPasswordEncoder.class); }
/** Accessor for regular (weak encryption) pbe password encoder. */ protected GeoServerPBEPasswordEncoder getPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, false); }
/** Accessor for regular (weak encryption) pbe password encoder. */ protected GeoServerPBEPasswordEncoder getPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, false); }
/** Accessor for strong encryption pbe password encoder. */ protected GeoServerPBEPasswordEncoder getStrongPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, true); }
/** Accessor for strong encryption pbe password encoder. */ protected GeoServerPBEPasswordEncoder getStrongPBEPasswordEncoder() { return getSecurityManager() .loadPasswordEncoder(GeoServerPBEPasswordEncoder.class, null, true); }
/** Accessor for plain text password encoder. */ protected GeoServerPlainTextPasswordEncoder getPlainTextPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerPlainTextPasswordEncoder.class); }
/** Accessor for plain text password encoder. */ protected GeoServerPlainTextPasswordEncoder getPlainTextPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerPlainTextPasswordEncoder.class); }
/** Accessor for digest password encoder. */ protected GeoServerDigestPasswordEncoder getDigestPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerDigestPasswordEncoder.class); }
/** Accessor for plain text password encoder. */ protected GeoServerPlainTextPasswordEncoder getPlainTextPasswordEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerPlainTextPasswordEncoder.class); }
/** Accessor for empty password encoder. */ protected GeoServerEmptyPasswordEncoder getEmptyEncoder() { return getSecurityManager().loadPasswordEncoder(GeoServerEmptyPasswordEncoder.class); }
/** * Encrypts a parameter value. * * <p>If no encoder is configured then the value is returned as is. */ public String encode(String value) { String encoderName = securityManager.getSecurityConfig().getConfigPasswordEncrypterName(); if (encoderName != null) { GeoServerPasswordEncoder pwEncoder = securityManager.loadPasswordEncoder(encoderName); if (pwEncoder != null) { String prefix = pwEncoder.getPrefix(); if (value.startsWith(prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER)) { throw new RuntimeException( "Cannot encode a password with prefix: " + prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER); } value = pwEncoder.encodePassword(value, null); } } else { LOGGER.warning("Encryption disabled, no password encoder set"); } return value; }
/** Checks the specified password against the master password. */ public boolean checkMasterPassword(char[] passwd, boolean forLogin) { try { if (forLogin && !this.masterPasswordProviderHelper .loadConfig(this.masterPasswordConfig.getProviderName()) .isLoginEnabled()) { return false; } } catch (IOException e) { throw new RuntimeException("Unable to load master password provider config", e); } GeoServerDigestPasswordEncoder pwEncoder = loadPasswordEncoder(GeoServerDigestPasswordEncoder.class); if (masterPasswdDigest == null) { synchronized (this) { if (masterPasswdDigest == null) { try { // look for file masterPasswdDigest = loadMasterPasswordDigest(); } catch (IOException e) { throw new RuntimeException("Unable to create master password digest", e); } } } } return pwEncoder.isPasswordValid(masterPasswdDigest, passwd, null); }
/** * validates and encodes the password. Do nothing for a not changed password of an existing user * * @param user * @throws IOException */ protected void preparePassword(GeoServerUser user) throws IOException, PasswordPolicyException { char[] passwordArray = user.getPassword() != null ? user.getPassword().toCharArray() : null; if (PasswordValidatorImpl.passwordStartsWithEncoderPrefix(passwordArray) != null) return; // do nothing, password already encoded // we have a plain text password // validate it getSecurityManager() .loadPasswordValidator(getPasswordValidatorName()) .validatePassword(passwordArray); // validation ok, initializer encoder and set encoded password GeoServerPasswordEncoder enc = getSecurityManager().loadPasswordEncoder(getPasswordEncoderName()); enc.initializeFor(this); user.setPassword(enc.encodePassword(user.getPassword(), null)); }
public void validate(SecurityUserGroupServiceConfig config) throws SecurityConfigException { String encoderName = config.getPasswordEncoderName(); GeoServerPasswordEncoder encoder = null; if (isNotEmpty(encoderName)) { try { encoder = manager.loadPasswordEncoder(encoderName); } catch (NoSuchBeanDefinitionException ex) { throw createSecurityException(INVALID_CONFIG_PASSWORD_ENCODER_$1, encoderName); } if (encoder == null) { throw createSecurityException(INVALID_CONFIG_PASSWORD_ENCODER_$1, encoderName); } } else { throw createSecurityException(PASSWD_ENCODER_REQUIRED_$1, config.getName()); } if (!manager.isStrongEncryptionAvailable()) { if (encoder != null && encoder.isAvailableWithoutStrongCryptogaphy() == false) { throw createSecurityException(INVALID_STRONG_PASSWORD_ENCODER); } } String policyName = config.getPasswordPolicyName(); if (isNotEmpty(policyName) == false) { throw createSecurityException(PASSWD_POLICY_REQUIRED_$1, config.getName()); } if (getNamesFor(PasswordValidator.class).contains(policyName) == false) { throw createSecurityException(PASSWD_POLICY_NOT_FOUND_$1, policyName); } }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { this.name = config.getName(); SecurityUserGroupServiceConfig ugConfig = (SecurityUserGroupServiceConfig) config; passwordEncoderName = ugConfig.getPasswordEncoderName(); GeoServerPasswordEncoder enc = getSecurityManager().loadPasswordEncoder(passwordEncoderName); if (enc.getEncodingType() == PasswordEncodingType.ENCRYPT) { KeyStoreProvider prov = getSecurityManager().getKeyStoreProvider(); String alias = prov.aliasForGroupService(name); if (prov.containsAlias(alias) == false) { prov.setUserGroupKey( name, getSecurityManager() .getRandomPassworddProvider() .getRandomPasswordWithDefaultLength()); prov.storeKeyStore(); } } enc.initializeFor(this); passwordValidatorName = ugConfig.getPasswordPolicyName(); toBeEncrypted = (((MemoryUserGroupServiceConfigImpl) config).getToBeEncrypted()); } }