/** * Calculates the union of roles from all role services and adds {@link * GeoServerRole#ANONYMOUS_ROLE} and {@link GeoServerRole#AUTHENTICATED_ROLE} * * @throws IOException */ public SortedSet<GeoServerRole> getRolesForAccessControl() throws IOException { SortedSet<GeoServerRole> allRoles = new TreeSet<GeoServerRole>(); for (String serviceName : listRoleServices()) { // catch the IOException for each role service. // As an example, it does not make sense to throw an IOException if // a jdbc connection cannot be established. try { allRoles.addAll(loadRoleService(serviceName).getRoles()); } catch (IOException ex) { LOGGER.log(Level.WARNING, ex.getMessage(), ex); } } allRoles.add(GeoServerRole.AUTHENTICATED_ROLE); allRoles.add(GeoServerRole.ANONYMOUS_ROLE); return allRoles; } }
/** * Additional Validation. Removing this configuration may also remove the file where the roles * are contained. (the file may be stored within the configuration sub directory). The design * insists on an empty role file. */ @Override public void validateRemoveRoleService(SecurityRoleServiceConfig config) throws SecurityConfigException { super.validateRemoveRoleService(config); XMLRoleServiceConfig xmlConfig = (XMLRoleServiceConfig) config; File file = new File(xmlConfig.getFileName()); // check if if file name is absolute and not in standard role directory try { if (file.isAbsolute() && !file.getCanonicalPath() .startsWith( manager.role().get(config.getName()).dir().getCanonicalPath() + File.separator)) return; // file in security sub dir, check if roles exists if (manager.loadRoleService(config.getName()).getRoleCount() > 0) { throw createSecurityException(ROLE_SERVICE_NOT_EMPTY_$1, config.getName()); } } catch (IOException e) { throw new RuntimeException(); } }
protected void checkNotExistingInOtherServices(String roleName) throws IOException { checkRoleName(roleName); for (String serviceName : service.getSecurityManager().listRoleServices()) { // dont check myself if (service.getName().equals(serviceName)) continue; GeoServerRole role = null; try { role = service.getSecurityManager() .loadRoleService(serviceName) .getRoleByName(roleName); } catch (IOException ex) { LOGGER.log(Level.WARNING, ex.getMessage(), ex); throw createSecurityException(CANNOT_CHECK_ROLE_IN_SERVICE, roleName, serviceName); } if (role != null) { throw createSecurityException(ALREADY_EXISTS_IN, roleName, serviceName); } } }
/** * Implements roles retrieval from the J2EE container. * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromJ2EE( HttpServletRequest request, String principal) throws IOException { Collection<GeoServerRole> roles = new ArrayList<GeoServerRole>(); boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); for (GeoServerRole role : service.getRoles()) if (request.isUserInRole(role.getAuthority())) roles.add(role); RoleCalculator calc = new RoleCalculator(service); calc.addInheritedRoles(roles); calc.addMappedSystemRoles(roles); return roles; } }
/** * Calculates roles from a {@link GeoServerRoleService} The default service is {@link * GeoServerSecurityManager#getActiveRoleService()} * * <p>The result contains all inherited roles, but no personalized roles * * @param request * @param principal * @throws IOException */ protected Collection<GeoServerRole> getRolesFromRoleService( HttpServletRequest request, String principal) throws IOException { boolean useActiveService = getRoleServiceName() == null || getRoleServiceName().trim().length() == 0; GeoServerRoleService service = useActiveService ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName()); RoleCalculator calc = new RoleCalculator(service); return calc.calculateRoles(principal); }
GeoServerRoleService roleService = null; try { roleService = loadRoleService(roleServiceName); roleService = loadRoleService("default"); } catch (Exception e) { throw new RuntimeException("Fatal error occurred loading default role service", e);
@Before public void init() throws IOException { service = getSecurityManager().loadRoleService("test"); store = createStore(service); }
protected GeoServerRoleStore createRoleStore( String name, GeoServerSecurityManager secMgr, String... roleNames) throws IOException { GeoServerRoleStore roleStore = createNiceMock(GeoServerRoleStore.class); expect(roleStore.getSecurityManager()).andReturn(secMgr).anyTimes(); expect(roleStore.getName()).andReturn(name).anyTimes(); for (String roleName : roleNames) { expect(roleStore.getRoleByName(roleName)) .andReturn(new GeoServerRole(roleName)) .anyTimes(); } for (GeoServerRole role : GeoServerRole.SystemRoles) { String roleName = role.getAuthority(); expect(roleStore.createRoleObject(roleName)) .andReturn(new GeoServerRole(roleName)) .anyTimes(); } expect(secMgr.loadRoleService(name)).andReturn(roleStore).anyTimes(); return roleStore; }
@Override public GeoServerRoleService createRoleService(String name) throws Exception { SecurityRoleServiceConfig config = getRoleConfig(name); getSecurityManager().saveRoleService(config); return getSecurityManager().loadRoleService(name); }
GeoServerRoleService roleService = loadRoleService(XMLRoleService.DEFAULT_NAME); gaConfig.setGroupAdminRoleName(XMLRoleService.DEFAULT_LOCAL_GROUP_ADMIN_ROLE); saveRoleService(gaConfig); roleService = loadRoleService(XMLRoleService.DEFAULT_NAME);
protected GeoServerRoleService getService(String serviceName) throws IOException { GeoServerRoleService roleService = securityManager.loadRoleService(serviceName); if (roleService == null) { throw new IllegalArgumentException( "Provided roleservice does not exist: " + serviceName); } return roleService; }
public GeoServerRoleService getRoleService(String name) { try { return getSecurityManager().loadRoleService(name); } catch (IOException e) { throw new RuntimeException(e); } }
public GeoServerRoleService getRoleService(String name) { try { return getSecurityManager().loadRoleService(name); } catch (IOException e) { throw new RuntimeException(e); } }
protected GeoServerRoleService getService() { try { return GeoServerApplication.get().getSecurityManager().loadRoleService(roleServiceName); } catch (IOException e) { throw new RuntimeException(e); } }
@Override protected void onClick(AjaxRequestTarget target) { GeoServerRole role = (GeoServerRole) getDefaultModelObject(); GeoServerRole parentRole; try { parentRole = GeoServerApplication.get().getSecurityManager() .loadRoleService(roleServiceName).getParentRole(role); } catch (IOException e) { throw new RuntimeException(e); } setResponsePage(new EditRolePage(roleServiceName, parentRole).setReturnPage(getPage())); }
@Test public void testNoRoles() throws Exception { copyWebXML("web1.xml"); GeoServerRoleService service = getSecurityManager().loadRoleService("test1"); checkEmpty(service); }
@Test public void testRoles() throws Exception { copyWebXML("web2.xml"); GeoServerRoleService service = getSecurityManager().loadRoleService("test2"); assertEquals(4, service.getRoleCount()); assertTrue(service.getRoles().contains(new GeoServerRole("role1"))); assertTrue(service.getRoles().contains(new GeoServerRole("role2"))); assertTrue(service.getRoles().contains(new GeoServerRole("employee"))); assertTrue(service.getRoles().contains(new GeoServerRole("MGR"))); }
public GeoServerRoleService createRoleService(String serviceName) throws Exception { XMLRoleServiceConfig gaConfig = new XMLRoleServiceConfig(); gaConfig.setName(serviceName); gaConfig.setClassName(XMLRoleService.class.getName()); gaConfig.setCheckInterval(1000); gaConfig.setFileName(XMLConstants.FILE_RR); gaConfig.setValidating(true); getSecurityManager().saveRoleService(gaConfig /*,isNewRoleService(serviceName)*/); GeoServerRoleService service = getSecurityManager().loadRoleService(serviceName); service.initializeFromConfig(gaConfig); return service; }
@Before public void init() throws IOException { Assume.assumeTrue(getTestData().isTestDataAvailable()); service = getSecurityManager().loadRoleService(getFixtureId()); store = createStore(service); }
@Before public void init() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); ugStore = secMgr.loadUserGroupService("gaugs").createStore(); roleStore = secMgr.loadRoleService("gars").createStore(); bob = ugStore.getUserByUsername("bob"); alice = ugStore.getUserByUsername("alice"); users = ugStore.getGroupByGroupname("users"); admins = ugStore.getGroupByGroupname("admins"); }