public void saveFilter(SecurityNamedServiceConfig config) throws IOException, SecurityConfigException { saveFilter(config, null); }
/** * Remove erroneous access denied page (HTTP) 403 (see GEOS-4943) The page /accessDeniedPage * does not exist and would not work if it exists. */ void removeErroneousAccessDeniedPage() throws Exception { ExceptionTranslationFilterConfig config = (ExceptionTranslationFilterConfig) loadFilterConfig( GeoServerSecurityFilterChain.DYNAMIC_EXCEPTION_TRANSLATION_FILTER); if (config != null && "/accessDenied.jsp".equals(config.getAccessDeniedErrorPage())) { config.setAccessDeniedErrorPage(null); saveFilter(config); } config = (ExceptionTranslationFilterConfig) loadFilterConfig( GeoServerSecurityFilterChain.GUI_EXCEPTION_TRANSLATION_FILTER); if (config != null && "/accessDenied.jsp".equals(config.getAccessDeniedErrorPage())) { config.setAccessDeniedErrorPage(null); saveFilter(config); } }
saveFilter(fConfig, mh);
GeoServerRoleFilter.DEFAULT_HEADER_ATTRIBUTE); rfConfig.setRoleConverterName(GeoServerRoleFilter.DEFAULT_ROLE_CONVERTER); saveFilter(rfConfig); sslConfig.setName(GeoServerSecurityFilterChain.SSL_FILTER); sslConfig.setSslPort(443); saveFilter(sslConfig); loadFilterConfig(GeoServerSecurityFilterChain.FORM_LOGOUT_FILTER); loConfig.setRedirectURL(GeoServerLogoutFilter.URL_AFTER_LOGOUT); saveFilter(loConfig); for (String fName : listFilters()) { SecurityFilterConfig fConfig = loadFilterConfig(fName); if (fConfig != null) saveFilter(fConfig);
bfConfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName()); bfConfig.setUseRememberMe(true); saveFilter(bfConfig); upConfig.setPasswordParameterName( UsernamePasswordAuthenticationFilterConfig.DEFAULT_PASSWORD_PARAM); saveFilter(upConfig); pConfig.setName(filterName); pConfig.setAllowSessionCreation(true); saveFilter(pConfig); pConfig.setName(filterName); pConfig.setAllowSessionCreation(false); saveFilter(pConfig); aConfig.setClassName(GeoServerAnonymousAuthenticationFilter.class.getName()); aConfig.setName(filterName); saveFilter(aConfig); rConfig.setClassName(GeoServerRememberMeAuthenticationFilter.class.getName()); rConfig.setName(filterName); saveFilter(rConfig); siConfig.setAllowIfAllAbstainDecisions(false); siConfig.setSecurityMetadataSource("geoserverMetadataSource"); saveFilter(siConfig); siConfig.setAllowIfAllAbstainDecisions(false);
@Override public void doSave(GeoServerKeycloakFilterConfig config) throws Exception { LOG.log(Level.FINER, "KeycloakAuthFilterPanel.doSave ENTRY"); getSecurityManager().saveFilter(config); } }
@Override public void doSave(T config) throws Exception { getSecurityManager().saveFilter(config); }
@Override public void doSave(T config) throws Exception { getSecurityManager().saveFilter(config); }
@Override public void doSave(T config) throws Exception { getSecurityManager().saveFilter(config); }
@Override public void onSubmit() { try { getSecurityManager() .saveSecurityConfig( (SecurityManagerConfig) getForm().getModelObject()); getSecurityManager().saveFilter(logoutFilterConfig); getSecurityManager().saveFilter(sslFilterConfig); doReturn(); } catch (Exception e) { LOGGER.log(Level.WARNING, "Error saving authentication config", e); error(e); } } });
@Override public void onSubmit() { try { getSecurityManager() .saveSecurityConfig((SecurityManagerConfig) getForm().getModelObject()); getSecurityManager().saveFilter(logoutFilterConfig); getSecurityManager().saveFilter(sslFilterConfig); doReturn(); } catch (Exception e) { LOGGER.log(Level.WARNING, "Error saving authentication config", e); error(e); } } });
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); LogoutFilterConfig loConfig = new LogoutFilterConfig(); loConfig.setClassName(GeoServerLogoutFilter.class.getName()); loConfig.setName(testFilterName9); loConfig.setRedirectURL(GeoServerLogoutFilter.URL_AFTER_LOGOUT); getSecurityManager().saveFilter(loConfig); BasicAuthenticationFilterConfig bconfig = new BasicAuthenticationFilterConfig(); bconfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName()); bconfig.setUseRememberMe(false); bconfig.setName(testFilterName); getSecurityManager().saveFilter(bconfig); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); BasicAuthenticationFilterConfig config = new BasicAuthenticationFilterConfig(); config.setClassName(GeoServerBasicAuthenticationFilter.class.getName()); config.setUseRememberMe(false); config.setName(testFilterName); getSecurityManager().saveFilter(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { SecurityNamedServiceConfig filterCfg = new BaseSecurityNamedServiceConfig(); filterCfg.setName("custom"); filterCfg.setClassName(AuthCapturingFilter.class.getName()); GeoServerSecurityManager secMgr = getSecurityManager(); secMgr.saveFilter(filterCfg); SecurityManagerConfig cfg = secMgr.getSecurityConfig(); cfg.getFilterChain() .insertAfter( "/web/**", filterCfg.getName(), GeoServerSecurityFilterChain.REMEMBER_ME_FILTER); // cfg.getFilterChain().put("/web/**", Arrays.asList( // new FilterChainEntry(filterCfg.getName(), Position.AFTER, // GeoServerSecurityFilterChain.REMEMBER_ME_FILTER))); secMgr.saveSecurityConfig(cfg); }
@Test public void testMapperParameters() throws Exception { String authKeyUrlParam = "myAuthKeyParams"; String filterName = "testAuthKeyParams1"; AuthenticationKeyFilterConfig config = new AuthenticationKeyFilterConfig(); config.setClassName(GeoServerAuthenticationKeyFilter.class.getName()); config.setName(filterName); config.setUserGroupServiceName("ug1"); config.setAuthKeyParamName(authKeyUrlParam); config.setAuthKeyMapperName("fakeMapper"); Map<String, String> mapperParams = new HashMap<String, String>(); mapperParams.put("param1", "value1"); mapperParams.put("param2", "value2"); config.setMapperParameters(mapperParams); getSecurityManager().saveFilter(config); GeoServerAuthenticationKeyFilter filter = (GeoServerAuthenticationKeyFilter) getSecurityManager().loadFilter(filterName); assertTrue(filter.getMapper() instanceof FakeMapper); FakeMapper fakeMapper = (FakeMapper) filter.getMapper(); assertEquals("value1", fakeMapper.getMapperParameter("param1")); assertEquals("value2", fakeMapper.getMapperParameter("param2")); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); GitHubOAuth2FilterConfig filterConfig = new GitHubOAuth2FilterConfig(); filterConfig.setName("github"); filterConfig.setClassName(GitHubOAuthAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("github", "anonymous"); manager.saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); GoogleOAuth2FilterConfig filterConfig = new GoogleOAuth2FilterConfig(); filterConfig.setName("google"); filterConfig.setClassName(GoogleOAuthAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("google", "anonymous"); manager.saveSecurityConfig(config); }
@Override protected void onSetUp(SystemTestData testData) throws Exception { super.onSetUp(testData); GeoServerSecurityManager manager = getSecurityManager(); OpenIdConnectFilterConfig filterConfig = new OpenIdConnectFilterConfig(); filterConfig.setName("openIdConnect"); filterConfig.setClassName(OpenIdConnectAuthenticationFilter.class.getName()); filterConfig.setCliendId("foo"); filterConfig.setClientSecret("bar"); filterConfig.setAccessTokenUri("https://www.connectid/fake/test"); filterConfig.setUserAuthorizationUri("https://www.connectid/fake/test"); filterConfig.setCheckTokenEndpointUrl("https://www.connectid/fake/test"); manager.saveFilter(filterConfig); SecurityManagerConfig config = manager.getSecurityConfig(); GeoServerSecurityFilterChain chain = config.getFilterChain(); RequestFilterChain www = chain.getRequestChainByName("web"); www.setFilterNames("openIdConnect", "anonymous"); manager.saveSecurityConfig(config); }
@Test public void testFilterChainWithEnabled() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); RoleFilterConfig config = new RoleFilterConfig(); config.setName("roleConverter"); config.setClassName(GeoServerRoleFilter.class.getName()); config.setRoleConverterName("roleConverter"); config.setHttpResponseHeaderAttrForIncludedRoles("ROLES"); secMgr.saveFilter(config); MockHttpServletRequest request = createRequest("/foo"); MockHttpServletResponse response = new MockHttpServletResponse(); Servlet servlet = EasyMock.createNiceMock(Servlet.class); MockFilterChain chain = new MockFilterChain(servlet, getSecurityManager().loadFilter("roleConverter")); GeoServerSecurityFilterChainProxy filterChainProxy = GeoServerExtensions.bean(GeoServerSecurityFilterChainProxy.class); filterChainProxy.doFilter(request, response, chain); assertEquals(GeoServerRole.ANONYMOUS_ROLE.getAuthority(), response.getHeader("ROLES")); }
void setupFilterEntry(Pos pos, String relativeTo, boolean assertSecurityContext) throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); FilterConfig config = new FilterConfig(); config.setName("custom"); config.setClassName(Filter.class.getName()); config.setAssertAuth(assertSecurityContext); secMgr.saveFilter(config); SecurityManagerConfig mgrConfig = secMgr.getSecurityConfig(); mgrConfig.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName()); mgrConfig.getFilterChain().remove("custom"); if (pos == Pos.FIRST) mgrConfig.getFilterChain().insertFirst("/**", "custom"); if (pos == Pos.LAST) mgrConfig.getFilterChain().insertLast("/**", "custom"); if (pos == Pos.BEFORE) mgrConfig.getFilterChain().insertBefore("/**", "custom", relativeTo); if (pos == Pos.AFTER) mgrConfig.getFilterChain().insertAfter("/**", "custom", relativeTo); secMgr.saveSecurityConfig(mgrConfig); }